[CentOS] Networking Question

Thu Nov 26 15:57:35 UTC 2015
Alice Wonder <alice at domblogger.net>


On 11/26/2015 07:53 AM, John R Pierce wrote:
> On 11/26/2015 7:43 AM, Alice Wonder wrote:
>>
>> Private Network A: 192.168.10.0/24
>> Private Network B: 192.168.20.0/24
>> Private Network C: 192.168.30.0/24
>> Private Network D: 192.168.40.0/24
>>
>> A will have a NAS. I can reach it from Internet (via port forwarding)
>> and B and C (routing table) but from it, I can not connect to Internet
>> or B, C, D. That network which likely will only have a few devices can
>> not initiate connection to Internet or the other networks.
>>
>> B is my trusted home network. It can connect to Internet (NAT) and to
>> A (port forwarding) but can not reach C or D
>
> B->A should use routing, with whatever port restrictions/packet filters
> you feel are appropriate.   NAS file sharing protocols don't much like
> NAT/port forwarding.
>
>> C is untrusted home network. Things like my TV and Bluray player that
>> need Internet access but that I don't want to have the ability to
>> reach anything on B, but I do want them to be able to talk to NAS on A
>> via port forwarding. I'm always paranoid about those devices on my
>> network, I don't trust what they are doing. Call it tin foil but I
>> don't trust them. Yet they don't work right without access to Internet
>> (updates / netflix)
>
> again, routing + packet filters for C->NAS.
>>
>> D when used is network for guests (will have cheap wifi attached), it
>> only talks to Internet via straight NAT and can not talk to private
>> networks A, B, C
>
>
> not sure why D needs to be seperate from C, I'd probably treat the TV
> stuff as Guest too, and have them on the same subnet.
>
> you don't use any wifi devices yourself, laptops or tablets or phones or
> whatever?    A potentially better solution would be wifi with a 'nocat
> splash' portal page that you need to log into for unrestricted network
> access, otherwise you're on the guest network.   this can be done
> various ways.

I do use wifi myself but I was going to attach a WAP to B as well my 
home wired network.

I could combine D and C but the idea was to not have an open wifi router 
that can be used to access A

>
>