Hwo to Change from all in one to a zone specific Network?

I try to redo my Home network. And try to work more with the zones. Currently everytthing is in “lan”.

Is there a howto or tutorial, may some examples some on could propose for that?

My network:

  • Router (wireguard server)
    • NAS (no internet access)
      • macvlan docker image (with internet access)
    • NAS (connected over wireguard, no internet access)
    • Smart-home (smarthome, no internet access)
    • Smart-Home (with internet acccess)
    • wireguard client
    • W-Lan client
    • Lan client

currently my NAS are blocked in the firewall and every time I wish to update I have to deactivate and activate this rule.

I really feel like this is a very wide topic and there will be no single tutorial or howto that will cover this completely.

I think your best bet is to start exploring how to create VLANs and experiment from there. Probably the best start is to take a look at the articles about creating VLANs for IOT and Guest, of which there are many.

2 Likes

Yes VLANs are one way to do it. But …

If you have switches in between your router and the devices from, those switches must be able to handle VLANs.
Most people call them “dumb switches”, “smart switches” or “managed switches”. For VLAN you either need “smart” or “managed”. But you need to check the switch specs anyway.

If everything is connected directly to your router, you don’t need to setup VLANs, since you can directly assign network interfaces to firewall zones. TOS in its default configuration combines them all to a single brigde br-lan but it doesn’t have to be that way.

Or a mixture of both is also possible. Depends on your topology.

2 Likes

Should not be a problem. All my devices are connected to the same router. Even Wireguard is handled by the router.