Hi there! I'm trying to self-host a photo sharing service for my friends and I want to do it securely without exposing my home network.
Context:
I have a little Intel NUC to host a website for my friends and family. NuC's going to be running some VMs. I've wanted to self host because some members of my family have their own concerns about data, privacy, and other things. So I'm trying to make a small solution that's not based on the cloud. Overall there'll be some Cloudflare zero-trust access stuff and some tunnels into the NUC, but after a few security issues about tunnels and with Docker getting all happy to ignore UFW rules, I want to get some more segregation.
So I assume I would want to segregate out the Intel NUC onto its own VLAN. I eventually want to do this with the IoT (solar panels, smart blinds, cameras) stuff and maybe a guest network. I also want it to be pretty fast, so I've got a 2.5 Gig Fiber connection coming to the house. I have a GT AXE 160000, and looking at picking up a Managed switch with with 5 2.5 GHZ ports, and 2 10 Ghz SPF+ ports. So I assume that I need to set up the VLANs on both the managed switch and the router.
Question:
My question is
Anyways, would love some helpful feedback or deliberate "do not do this" commands. Otherwise it's me just goolging and asking Chat GPT and hoping that it's right.
Context:
I have a little Intel NUC to host a website for my friends and family. NuC's going to be running some VMs. I've wanted to self host because some members of my family have their own concerns about data, privacy, and other things. So I'm trying to make a small solution that's not based on the cloud. Overall there'll be some Cloudflare zero-trust access stuff and some tunnels into the NUC, but after a few security issues about tunnels and with Docker getting all happy to ignore UFW rules, I want to get some more segregation.
So I assume I would want to segregate out the Intel NUC onto its own VLAN. I eventually want to do this with the IoT (solar panels, smart blinds, cameras) stuff and maybe a guest network. I also want it to be pretty fast, so I've got a 2.5 Gig Fiber connection coming to the house. I have a GT AXE 160000, and looking at picking up a Managed switch with with 5 2.5 GHZ ports, and 2 10 Ghz SPF+ ports. So I assume that I need to set up the VLANs on both the managed switch and the router.
Question:
My question is
- Does the beta firmware support assigning a DHCP server per VLAN?
- Goal here is serving different subnets to different vlans
- Is there anything in these settings that will let IoT devices use mDNS so we can stream across VLANs?
- Do the settings allow me to keep the Intel NUC in it's own like, DMV VLAN but still let me remote into it via my home PC? Or something on a Trusted VLAN?
Anyways, would love some helpful feedback or deliberate "do not do this" commands. Otherwise it's me just goolging and asking Chat GPT and hoping that it's right.