Finally got around to diagramming my network out. Used the online draw.io site to mock it up quickly. It’s a start.
VLAN Details:
- VLAN 100 – WAN
- VLAN 1 – LAN / Management
- VLAN10 – Users / Limited LAN access
- VLAN11 – Guests / Internet only
The Dell Poweredge R710 runs Xenserver 7.0 hosting my firewall, fileserver, and webapps. The two app vms are running CoreOS with Docker containers for things like nginx reverse-proxy, Logitech Media Server for my Squeezeboxes, etc.
I have wired clients on two networks; depending on the level of trust I have in the device. VLAN10 has limited access back to VLAN1 to access fileshares mostly.
The growing wireless clients are also on three networks for the same reason. The guest wifi is currently un-encrypted HTTP/HTTPS only access to the internet.
The firewall is also an OpenVPN server. If you are wondering what the FIOS router is doing there, it is indeed Double-NATing my network but I have my pfSense firewall in the DMZ and that allows all traffic to hit my WAN interface. One day I’ll drag a network cable out to the ONT and switch over from coax.
Leave a Reply