Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
VLAN for central network services
« previous
next »
Print
Pages: [
1
]
Author
Topic: VLAN for central network services (Read 1213 times)
opojomo
Newbie
Posts: 10
Karma: 0
VLAN for central network services
«
on:
May 12, 2021, 12:22:54 pm »
Hello all,
i have had the following idea and would love to hear from you experts what you think of it.
I have an OPNsense and nine VLANs configured. I want all clients in each VLAN to use Unbound DNS configured in OPNsense and also the NTP service provided by OPNsense.
I created a VLAN [2] called NetServices without DHCP. I created a floating rule including every vlan interface allowing access to VLAN [2]. In every VLAN DHCP configuration i entered the NetServices address to be used as DNS and NTP.
With this set up, Unbound DNS now only listens on NetServices address and nslookup of the opnsense hostname will only return this address. I did not like it, when every client on every subnet could see which subnets are configured inside OPNsense (which happens, when Unbound DNS listens on every net).
What do you think? What are your practices?
Best regards
Logged
bartjsmit
Hero Member
Posts: 2018
Karma: 194
Re: VLAN for central network services
«
Reply #1 on:
May 12, 2021, 12:59:04 pm »
I start from a security policy that divides my network into classes of users and servers. I then decide which of those can be together and which need to be separate. This is a compromise between ease of use, work required for implementation/maintenance and the ability to respond to threats.
The number of tiers in the network determines the number of IP subnets and the required firewall rules between them. Where these subnets need to share physical network infrastructure, they are assigned VLAN's. I then create a sensible numbering scheme and start testing.
It's tempting to start with creating VLAN's but it's worth starting from the general and working down to the specific.
Bart...
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
VLAN for central network services