Messages

1

General Discussion / Re: Single Network Interface Card (NIC) Correct VLAN Setup

« on: February 14, 2024, 02:15:22 am »

Is there a reason that you're doing a router on a stick?  While it can be made to work, I prefer to avoid the complexity and like to know for sure that my WAN is physically separated from everything else.

I am repurposing a mini PC for the task which has just one NIC. I did purchase a USB 3.0 NIC ( UGREEN model ‎FBA_20256)  but it was totally unreliable and caused everything to hang.

This single NIC solution is working with test speeds comparable with what I had with my ISP's router so it seems viable provided it is secure.  Do you feel that my setup is not secure?

2

General Discussion / Single Network Interface Card (NIC) Correct VLAN Setup

« on: February 12, 2024, 09:18:28 am »

Hi I'm new to OPNSenese and after a lot of reading I have a single NIC setup that allows a pc to connect to the net. However I am not confident that I have done this correctly / securely and I'd love to confirm my understanding with those more knowledgeable than me.

I have attached an SVG to illustrate the setup I have. 

I've created a new VLAN (VLAN100) in my switch. The only members of VLAN 100 are the Untagged WAN port (port 5) and the Tagged OPNSense Firewall port (port 4). In this way I believe LAN devices connected through ports 1 - 3 can only talk to the WAN through the firewall because it's on the only port which is both a member of VLAN100 and the default VLAN1

I'm fuzzy on why the Firewall port within VLAN 100 is Tagged but I believe it means it can distribute traffic on both the VLANS?

I have assigned PVID=100 to port 5 and PVID=1 to ports 1-4. I believe this stipulates which VLAN should be used for packets received on a given port.

• Have I understood correctly?
• Are there any pitfalls in the way I have done this?
• With a default firewall config. Will devices on the Lan ports 1-3 be 'protected' by the firewall.

I'm new to this and keen to learn so any feedback is welcome. Thank you.