Hi,
I would host some of the services that I use on my home network.
I have already hosted stuff for years, but always temporary.
I don't know it this will be temporary or not. But I want to do it properly, handle my corrent setup is too difficult.
My network is dual stack, internet is V6 only. (yep! I use those fancy translation stuff)
I used to have a dedicated VLAN to host public stuff. And some rules in my firewall/router. (I used to have a pfSense installation)
Now I have to use Openwrt but it should not be that different.
I used to have lot of different physycal machines to handle the different tasks, but as time comes I've started to use lxc containers, VMs and now I've also moved to docker.
I don't wanna make super complicated network. I've attached my current setup... which is a mess since I moved all the services on the same machine...
Sicne I like the idea of my docker containers having a dedicated IP, (I come from LXC) I'm using macvlan network, but for example Proxmox and Portainer are on the same IP (docker0) due to the fact tha both are panel to handle my services and are in the same machine.
Lets ignore v6 for now.
My LAN subnet is 192.168.1.0/24.
My SRV (the one that is exposed on internet) subnet is 192.168.100.0/24
I don't have a MGMT vlan or a Voice one. (For now, handle this is a mess)
V6 uses the same idea, subnet id 1 for LAN and 100 for the SRV.
I have a /48 prefix assigned to me. I use the mac address to build the IPv6.
The only non standard choice is the gateway that is a PD:ID::1
The Openwrt have a the 4 nic intel card passed via VFIO. So it is completly invisible to the host. (eth4 is a virtual nic)
the enp7s and enp8s interfaces are the uplink for the containers and the other VMs.
Any suggestion to clean this mess?
Regards,
Nicolò
I would host some of the services that I use on my home network.
I have already hosted stuff for years, but always temporary.
I don't know it this will be temporary or not. But I want to do it properly, handle my corrent setup is too difficult.
My network is dual stack, internet is V6 only. (yep! I use those fancy translation stuff)
I used to have a dedicated VLAN to host public stuff. And some rules in my firewall/router. (I used to have a pfSense installation)
Now I have to use Openwrt but it should not be that different.
I used to have lot of different physycal machines to handle the different tasks, but as time comes I've started to use lxc containers, VMs and now I've also moved to docker.
I don't wanna make super complicated network. I've attached my current setup... which is a mess since I moved all the services on the same machine...
Sicne I like the idea of my docker containers having a dedicated IP, (I come from LXC) I'm using macvlan network, but for example Proxmox and Portainer are on the same IP (docker0) due to the fact tha both are panel to handle my services and are in the same machine.
Lets ignore v6 for now.
My LAN subnet is 192.168.1.0/24.
My SRV (the one that is exposed on internet) subnet is 192.168.100.0/24
I don't have a MGMT vlan or a Voice one. (For now, handle this is a mess)
V6 uses the same idea, subnet id 1 for LAN and 100 for the SRV.
I have a /48 prefix assigned to me. I use the mac address to build the IPv6.
The only non standard choice is the gateway that is a PD:ID::1
The Openwrt have a the 4 nic intel card passed via VFIO. So it is completly invisible to the host. (eth4 is a virtual nic)
the enp7s and enp8s interfaces are the uplink for the containers and the other VMs.
Any suggestion to clean this mess?
Regards,
Nicolò