[CentOS] Networking Question

Thu Nov 26 15:53:01 UTC 2015
John R Pierce <pierce at hogranch.com>

On 11/26/2015 7:43 AM, Alice Wonder wrote:
> Private Network A:
> Private Network B:
> Private Network C:
> Private Network D:
> A will have a NAS. I can reach it from Internet (via port forwarding) 
> and B and C (routing table) but from it, I can not connect to Internet 
> or B, C, D. That network which likely will only have a few devices can 
> not initiate connection to Internet or the other networks.
> B is my trusted home network. It can connect to Internet (NAT) and to 
> A (port forwarding) but can not reach C or D

B->A should use routing, with whatever port restrictions/packet filters 
you feel are appropriate.   NAS file sharing protocols don't much like 
NAT/port forwarding.

> C is untrusted home network. Things like my TV and Bluray player that 
> need Internet access but that I don't want to have the ability to 
> reach anything on B, but I do want them to be able to talk to NAS on A 
> via port forwarding. I'm always paranoid about those devices on my 
> network, I don't trust what they are doing. Call it tin foil but I 
> don't trust them. Yet they don't work right without access to Internet 
> (updates / netflix)

again, routing + packet filters for C->NAS.
> D when used is network for guests (will have cheap wifi attached), it 
> only talks to Internet via straight NAT and can not talk to private 
> networks A, B, C 

not sure why D needs to be seperate from C, I'd probably treat the TV 
stuff as Guest too, and have them on the same subnet.

you don't use any wifi devices yourself, laptops or tablets or phones or 
whatever?    A potentially better solution would be wifi with a 'nocat 
splash' portal page that you need to log into for unrestricted network 
access, otherwise you're on the guest network.   this can be done 
various ways.

john r pierce, recycling bits in santa cruz