Sorry for being such a noob. My networking is not very strong, thought I’d ask the fine folks here.
Let’s say I have a Linux box working as a router and a dumb switch (I.e. L2 only). I have 2 PCs that I would like to keep separated and not let them talk to each other.
Can I plug these two PCs into the switch, configure their interfaces with IPs from different subnets, and configure the relevant sub-interfaces and ACLs (to prevent inter-subnet communication through the router) on the Linux router?
What I’m asking is; do I really need VLANs? I do need to segregate networks but I do not trust the operating systems running on these switches which can do L3 routing.
If you have a better solution than what I described which can scale with the number of computers, please let me know. Unfortunately, networking below L3 is still fuzzy in my head.
Thanks!
Ok, so you are trusting the PCs which you need to keep separate.
There’s no way to know if one of them is hoovering all the traffic from the other, if they are both connected to the same unmanaged switch.
https://youtube.com/playlist?list=PLjVwd8FlHBASO5vLBtMYNOzm8Q9DegSjO
The computers will be running OpenBSD. I am researching hardening methods for them and also seeing if it is feasible for me to get Corebooted hardware. I didn’t mention it because I didn’t think it was important.
I feel like my post is being taken very negatively with people finding faults in my words rather than in the networking concept. Would you happen to know why?
You are basically asking for people to solve a solved problem, there’s no actual need for keeping the PCs separate since you control them both, and oh and you want it done cheap. A bespoke custom solution will not scale regardless if you need it to or not, you should know that.
https://hometechhacker.com/great-choices-for-opnsense-hardware/
A firewall device with as many ports as you need is your best bet.
Solved using devices that run proprietary software (which is, I imagine, frowned upon in such communities) which we don’t control at all. Heck, even Mikrotik who has a good rapport with this community uses a proprietary Linux distro with a severely outdated kernel for their devices. For something as critical as internal networking, I’m surprised I do not see more dialogue on improving the situation.
Let me try and explain the problem. I want to build a setup where I have multiple clustered routers (I’m sure you’ve heard of the clustering features in PFSENSE/OPNSENSE/DIY approach using Keepalived). But if I want to use VLANs without using a switch running god-knows-what under the hood, I’m going to need a LOT OF ports. Unfortunately, 6+ port PCIe cards are quite expensive and sometimes have many other problems.
This is why I’m trying to find simpler solution. The solution that you mention doesn’t seem to be a solution at all, but just the community giving up on trying to find one and accepting what is given. I was hoping for a better outcome.
Not liking the solution you have doesn’t mean you don’t have a solution.
Anyway, watch the playlist I sent, it’s a great overview of the OSI model with some other stuff. You mentioned not understanding some layers, once you do you will understand the limitations of the hardware you have.
Thanks