46
20.1 Legacy Series / Re: DMZ considerations for home lan
« on: May 26, 2020, 04:39:25 pm »
Nevertheless my problems with VLAN/Switch, what shall be the nominal ruless?
E.g. Mgmt LAN, obviously? only SSH into DMZ, no WAN? In DMZ I've running docker with Unifi Controller, portainer, Sys-Logging (ElasticSearch once a day maybe). Also SSH(HTTP of opnsense should be into Mgmt LAN - isn't it? How to handle this cases? SSH into LAN client only, not reverse? How to, since I have here only one NIC with VLAN interface attached.
Further:
- DMZ no local/private Nets.
- Guest Wifi ~
- Wifi Family with DMZ
- WAN nothing yet Later (probably only nextcloud)
- IoT only WAN
BTW, what about asymmetric routing at my box with actually LAN1 and Mgmt IP (later LAN and Mgmt)? Webpage loading takes more time on APU4 than on my old Alix board! DNS resolution is fast as before.
*Edit*, are this confirmed values by other APU4Cx users on Gigabit Ethernet? I'm testing the default LAN (aka LAN1 here) agains opnsense (using os-iperf plugin):
E.g. Mgmt LAN, obviously? only SSH into DMZ, no WAN? In DMZ I've running docker with Unifi Controller, portainer, Sys-Logging (ElasticSearch once a day maybe). Also SSH(HTTP of opnsense should be into Mgmt LAN - isn't it? How to handle this cases? SSH into LAN client only, not reverse? How to, since I have here only one NIC with VLAN interface attached.
Further:
- DMZ no local/private Nets.
- Guest Wifi ~
- Wifi Family with DMZ
- WAN nothing yet Later (probably only nextcloud)
- IoT only WAN
BTW, what about asymmetric routing at my box with actually LAN1 and Mgmt IP (later LAN and Mgmt)? Webpage loading takes more time on APU4 than on my old Alix board! DNS resolution is fast as before.
*Edit*, are this confirmed values by other APU4Cx users on Gigabit Ethernet? I'm testing the default LAN (aka LAN1 here) agains opnsense (using os-iperf plugin):
Code: [Select]
iperf3 -c 192.168.1.1 -p 44002
Connecting to host 192.168.1.1, port 44002
[ 5] local 192.168.1.102 port 41168 connected to 192.168.1.1 port 44002
[ ID] Interval Transfer Bitrate Retr Cwnd
[ 5] 0.00-1.00 sec 25.4 MBytes 213 Mbits/sec 42 69.3 KBytes
[ 5] 1.00-2.00 sec 25.6 MBytes 215 Mbits/sec 36 65.0 KBytes
[ 5] 2.00-3.00 sec 24.9 MBytes 209 Mbits/sec 16 69.3 KBytes
[ 5] 3.00-4.00 sec 25.4 MBytes 213 Mbits/sec 13 67.9 KBytes
[ 5] 4.00-5.00 sec 25.8 MBytes 217 Mbits/sec 2 67.9 KBytes
[ 5] 5.00-6.00 sec 23.3 MBytes 196 Mbits/sec 72 65.0 KBytes
[ 5] 6.00-7.00 sec 25.4 MBytes 213 Mbits/sec 31 48.1 KBytes
[ 5] 7.00-8.00 sec 24.8 MBytes 208 Mbits/sec 41 65.0 KBytes
[ 5] 8.00-9.00 sec 25.8 MBytes 216 Mbits/sec 25 65.0 KBytes
[ 5] 9.00-10.00 sec 25.0 MBytes 209 Mbits/sec 18 65.0 KBytes
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval Transfer Bitrate Retr
[ 5] 0.00-10.00 sec 251 MBytes 211 Mbits/sec 296 sender
[ 5] 0.00-10.00 sec 251 MBytes 211 Mbits/sec receiver