Hello,
I am trying to introduce some more network segregation in my network, primarily around IOT devices, such as internet-connected IP cameras. Right now I have a proxmox server which I use to self-host some apps, run Truenas, and some docker and Kubernetes experimentation etc.
One of my VMs runs some NVR software for IP Camera recording, so I'd like for my VM to talk to my IP cam, however, I don't want my IP cams to see the rest of my network, but still have internet access for Mobile App access, ie 1 way communication.
I am at an impass here, my Asus Merlin Firmware doesnt support vlans, so thats out of the picture for VLAN + Firewall rules.
I have a spare access point/router with Asus Merlin also that I could potentially use for a IOT wifi ssid, im Ok with that but im not sure how todo the one way network with the VM and the IP cameras.
I am open to the idea of getting something dedicated for Firewall/Routers 2.5gb like so https://www.amazon.com/Firewall-Hardware-Security-Appliance-Barebone/dp/B09PHHMJJB/?th=1
However before doing that I wanted to see if there were any other options.
I have attached a diagram of my current setup. I technically have 4 2.5gb NIC ports on proxmox. I dont like the idea of proxmox being the sole router/firewall and nas and my home lab server, seems like too much risk if the server powers off, I have no internet at home. However, for a second AP I dont care if only the IOT network dies if the server dies, I can live with that.
I am trying to introduce some more network segregation in my network, primarily around IOT devices, such as internet-connected IP cameras. Right now I have a proxmox server which I use to self-host some apps, run Truenas, and some docker and Kubernetes experimentation etc.
One of my VMs runs some NVR software for IP Camera recording, so I'd like for my VM to talk to my IP cam, however, I don't want my IP cams to see the rest of my network, but still have internet access for Mobile App access, ie 1 way communication.
I am at an impass here, my Asus Merlin Firmware doesnt support vlans, so thats out of the picture for VLAN + Firewall rules.
I have a spare access point/router with Asus Merlin also that I could potentially use for a IOT wifi ssid, im Ok with that but im not sure how todo the one way network with the VM and the IP cameras.
I am open to the idea of getting something dedicated for Firewall/Routers 2.5gb like so https://www.amazon.com/Firewall-Hardware-Security-Appliance-Barebone/dp/B09PHHMJJB/?th=1
However before doing that I wanted to see if there were any other options.
I have attached a diagram of my current setup. I technically have 4 2.5gb NIC ports on proxmox. I dont like the idea of proxmox being the sole router/firewall and nas and my home lab server, seems like too much risk if the server powers off, I have no internet at home. However, for a second AP I dont care if only the IOT network dies if the server dies, I can live with that.
Attachments
-
80.2 KB Views: 25