Advice on locking down access between two VLANs

AgsAreUsB to

Home Networking@selfhosted.forumEnglish · 10 months ago

My home network consists of an OpenWRT router with two VLANs:

VLAN 01 (192.168.1.1/24): Desktops, unRaid NAS, Radarr, Sonarr, Tautulli, etc
VLAN 02 (192.168.2.1/24): Plex and Overseerr

My use case is Plex/Overseer are exposed to the Internet so I want to isolate them as much as possible from VLAN 01.

Overseerr needs to talk to Radarr/Sonarr and Tautulli needs to talk to Plex. On the OpenWRT firewall rules I have only allowed access from the Overseerr IP to the Radarr/Sonarr IP over the Radarr and Sonarr ports. All other traffic from VLAN 02 to VLAN 01 is set to “drop”.

Anything sensitive is on VLAN 01, so I am allowing all traffic from VLAN 01 to VLAN 02. Is this generally considered “OK” or should I lock down traffic from VLAN 01 to VLAN 02 to just the IPs and ports needed for Tautulli communication to Plex?

Thanks

You must log in or register to comment.

Chat

Home Networking@selfhosted.forum

homenetworking@selfhosted.forum

Create a post

You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !homenetworking@selfhosted.forum

A community to help people learn, install, set up or troubleshoot their home network equipment and solutions.

Rules

Please stay on topic.
Please use the search function to look for keywords related to what you want to ask before posting since most common issues have been answered.
No Ads. This community is for support and discussion. Ads and self promotion are not welcome here.
No product reviews or announcements. If you have a question about a product, be specific about what you want to know.
Be civil. Don’t be a jerk. Not being a jerk is surprisingly easy.
No URL shorteners. URL shorteners tend to hide the real use of a link. For this reason, please use normal links, even if they’re long.
No affiliate links.
No gatekeeping. With profession shall come professionalism. Extend help without judging others for their ignorance. The same goes for downvoting of comments or posts for “stupid questions” or not being as knowledgeable as others.

Visibility: Public

This community can be federated to other instances and be posted/commented in by their users.

2 users / day
1 user / week
27 users / month
40 users / 6 months
5 local subscribers
189 subscribers
2.31K Posts
6.42K Comments
Modlog