31
General Discussion / Re: Help with networking basics : Subnets and gateways
« on: March 02, 2021, 11:06:29 pm »
Thanks for your answers !
I'm kinda out of my depths with the Virtual IP thing as I don't get why there's a password in there for example... I guess I just have to try it out and see how it looks in the GUI one I added a virtual IP.
But as it seems you can't easily understand what I'm trying to do I realize that maybe I myself am not clear what I want and I'm trying to use features for things they are not designed for...
I'll have to take a step back and think again.
Seems VLAn is the way to go but with most devices not supporting it natively I need to have the switch do these things, plus separate wireless SSIDs, and very fast the number of networks grow and the maintenance work grows with it...
In short, it all centers in applying different fw policies by "class" of devices, for me they are my networking stuff, servers, PCs, media/gaming, smart home devices and finally CCTV. That's already 6 VLANs and at least 3 of them have devices both wired and others wireless, so 3 SSIDs... That's getting quite complex for me, especially since I don't mind them contacting each other most of the time...
That's why I was thinking of only one network, all configuration being common, and only a few rules that would apply to a big address range for wich my DHCP would assign devices a static lease in the proper range based on their MAC. So wide open network but devices get an IP in a specific range/subnet by their class...
But maybe that's not the solution... And maybe I need to use VLAN and floating rules for the rules in common, NAT rules can I think also apply to several interfaces... Will still have to find a way in openWRT to assign a VLAN number for each SSID...
That still looks like a lot of work and something when I feel lazy I tend to want to revert to everything directly off of my ISP router and throw my FW away... After all it's just home networking. And the next day when I'm less lazy I think about keeping these unsafe smart home things protected... I think you've given me what I need to know, now I need to find what I want to do and am willing to maintain over time
I'm kinda out of my depths with the Virtual IP thing as I don't get why there's a password in there for example... I guess I just have to try it out and see how it looks in the GUI one I added a virtual IP.
But as it seems you can't easily understand what I'm trying to do I realize that maybe I myself am not clear what I want and I'm trying to use features for things they are not designed for...
I'll have to take a step back and think again.
Seems VLAn is the way to go but with most devices not supporting it natively I need to have the switch do these things, plus separate wireless SSIDs, and very fast the number of networks grow and the maintenance work grows with it...
In short, it all centers in applying different fw policies by "class" of devices, for me they are my networking stuff, servers, PCs, media/gaming, smart home devices and finally CCTV. That's already 6 VLANs and at least 3 of them have devices both wired and others wireless, so 3 SSIDs... That's getting quite complex for me, especially since I don't mind them contacting each other most of the time...
That's why I was thinking of only one network, all configuration being common, and only a few rules that would apply to a big address range for wich my DHCP would assign devices a static lease in the proper range based on their MAC. So wide open network but devices get an IP in a specific range/subnet by their class...
But maybe that's not the solution... And maybe I need to use VLAN and floating rules for the rules in common, NAT rules can I think also apply to several interfaces... Will still have to find a way in openWRT to assign a VLAN number for each SSID...
That still looks like a lot of work and something when I feel lazy I tend to want to revert to everything directly off of my ISP router and throw my FW away... After all it's just home networking. And the next day when I'm less lazy I think about keeping these unsafe smart home things protected... I think you've given me what I need to know, now I need to find what I want to do and am willing to maintain over time