Can I do this??? (How do I - - - network setup question)

Started by ajoeiam, July 27, 2023, 04:33:43 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
July 27, 2023, 04:33:43 AM
Greetings

Haven't gotten to the new isp yet so still fine tuning ideas.

Have been thinking of using something like 172.16.0.0 for my network address (this is so that I can easily get to using say a couple thousand sensors and network them easily).

Wondering - - - if I have one network where there are there are some 15 to 20 addresses and then a sub-net (1 main computer with all the processes and their monitoring going to that system) .

Have attached a very crude drawing to give some idea of what I'm thinking.

-    Would like to be able to access 'computer' and all of the sub-net under it from say 172.16.0.3.
-    Wanting to severely limit the ability for outside on WAN to be able to access any of the hardware and operations ('computer' and sub-net).
-    Will I help myself if I put a second router into the system?
-    If so - - where do I put it - - - before 'computer' or where??? (Still want access to all of 'computer' and all of the sub-net)
July 27, 2023, 07:57:13 AM #1
You want 'computer' to be on the 172.16.0.0/16 subnet and the SoC's to be isolated from the rest of the network?

That's easy - add a second NIC for the SoC network to 'computer' and do not enable its routing (for most OS, that means do nothing)

For remote access to 'computer', use its native protocol - RDP for Windows and SSH for everything else. VNC if you need GUI apps that can't tunnel over SSH. Make sure you use a VPN or overlay network for secure remote access.

Bart...
July 27, 2023, 02:48:55 PM #2 Last Edit: July 27, 2023, 03:17:09 PM by ajoeiam
Hmmmmmmm - - - - I think that will do what I want.

Is there any way of seeing what's happening say on ucontroller2 from 172.16.0.1?

(For my purposes this is the important capability.)

TIA
(Editing to add second question)

How would I label the ip address for the SoCs and u controllers in the sub-net?

TIA
July 28, 2023, 08:24:44 AM #3
If they're isolated, you can't see them  ;)

You could run a monitoring service on your computer with a web interface on 172.16.0.0/16 to get filtered information without a direct connection. Any software on the computer would have unrestricted access.

Pick any subnet you want for the controllers, as long as it is in RFC 1918 and doesn't overlap with 172.16.0.0/16. E.g. 10.101.0.0/16

Bart...
July 28, 2023, 12:26:12 PM #4
Thanks
Print
Go Up Pages1
User actions