Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
Can I do this??? (How do I - - - network setup question)
« previous
next »
Print
Pages: [
1
]
Author
Topic: Can I do this??? (How do I - - - network setup question) (Read 1100 times)
ajoeiam
Full Member
Posts: 101
Karma: 2
Can I do this??? (How do I - - - network setup question)
«
on:
July 27, 2023, 04:33:43 am »
Greetings
Haven't gotten to the new isp yet so still fine tuning ideas.
Have been thinking of using something like 172.16.0.0 for my network address (this is so that I can easily get to using say a couple thousand sensors and network them easily).
Wondering - - - if I have one network where there are there are some 15 to 20 addresses and then a sub-net (1 main computer with all the processes and their monitoring going to that system) .
Have attached a very crude drawing to give some idea of what I'm thinking.
- Would like to be able to access 'computer' and all of the sub-net under it from say 172.16.0.3.
- Wanting to severely limit the ability for outside on WAN to be able to access any of the hardware and operations ('computer' and sub-net).
- Will I help myself if I put a second router into the system?
- If so - - where do I put it - - - before 'computer' or where??? (Still want access to all of 'computer' and all of the sub-net)
Logged
bartjsmit
Hero Member
Posts: 2016
Karma: 194
Re: Can I do this??? (How do I - - - network setup question)
«
Reply #1 on:
July 27, 2023, 07:57:13 am »
You want 'computer' to be on the 172.16.0.0/16 subnet and the SoC's to be isolated from the rest of the network?
That's easy - add a second NIC for the SoC network to 'computer' and do not enable its routing (for most OS, that means do nothing)
For remote access to 'computer', use its native protocol - RDP for Windows and SSH for everything else. VNC if you need GUI apps that can't tunnel over SSH. Make sure you use a VPN or overlay network for secure remote access.
Bart...
Logged
ajoeiam
Full Member
Posts: 101
Karma: 2
Re: Can I do this??? (How do I - - - network setup question)
«
Reply #2 on:
July 27, 2023, 02:48:55 pm »
Hmmmmmmm - - - - I think that will do what I want.
Is there any way of seeing what's happening say on ucontroller2 from 172.16.0.1?
(For my purposes this is the important capability.)
TIA
(Editing to add second question)
How would I label the ip address for the SoCs and u controllers in the sub-net?
TIA
«
Last Edit: July 27, 2023, 03:17:09 pm by ajoeiam
»
Logged
bartjsmit
Hero Member
Posts: 2016
Karma: 194
Re: Can I do this??? (How do I - - - network setup question)
«
Reply #3 on:
July 28, 2023, 08:24:44 am »
If they're isolated, you can't see them
You could run a monitoring service on your computer with a web interface on 172.16.0.0/16 to get filtered information without a direct connection. Any software on the computer would have unrestricted access.
Pick any subnet you want for the controllers, as long as it is in RFC 1918 and doesn't overlap with 172.16.0.0/16. E.g. 10.101.0.0/16
Bart...
Logged
ajoeiam
Full Member
Posts: 101
Karma: 2
Re: Can I do this??? (How do I - - - network setup question)
«
Reply #4 on:
July 28, 2023, 12:26:12 pm »
Thanks
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
Can I do this??? (How do I - - - network setup question)