On 11/26/2015 7:43 AM, Alice Wonder wrote:
Private Network A: 192.168.10.0/24
Private Network B: 192.168.20.0/24
Private Network C: 192.168.30.0/24
Private Network D: 192.168.40.0/24
A will have a NAS. I can reach it from Internet (via port forwarding)
and B and C (routing table) but from it, I can not connect to Internet
or B, C, D. That network which likely will only have a few devices can
not initiate connection to Internet or the other networks.
B is my trusted home network. It can connect to Internet (NAT) and to
A (port forwarding) but can not reach C or D
B->A should use routing, with whatever port restrictions/packet filters
you feel are appropriate. NAS file sharing protocols don't much like
NAT/port forwarding.
C is untrusted home network. Things like my TV and Bluray player that
need Internet access but that I don't want to have the ability to
reach anything on B, but I do want them to be able to talk to NAS on A
via port forwarding. I'm always paranoid about those devices on my
network, I don't trust what they are doing. Call it tin foil but I
don't trust them. Yet they don't work right without access to Internet
(updates / netflix)
again, routing + packet filters for C->NAS.
D when used is network for guests (will have cheap wifi attached), it
only talks to Internet via straight NAT and can not talk to private
networks A, B, C
not sure why D needs to be seperate from C, I'd probably treat the TV
stuff as Guest too, and have them on the same subnet.
you don't use any wifi devices yourself, laptops or tablets or phones or
whatever? A potentially better solution would be wifi with a 'nocat
splash' portal page that you need to log into for unrestricted network
access, otherwise you're on the guest network. this can be done
various ways.
--
john r pierce, recycling bits in santa cruz
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
