Help with Device Isolation and Firewall Rules for Exceptions

Everything Else
, ,
1

I’m working on setting up a home server, and I would like to configure my Balance 20X so that the server is isolated from the rest of the network except for limited prescribed access from certain devices.

That is, I don’t want to allow the server to see/connect to any other LAN devices EXCEPT as specifically allowed by firewall rules.

For example:

  • Allow devices A and B (identified by MAC address) to connect to the server on port 80 but I don’t want the server to be able to initiate connections to those devices.
  • Allow devices A and C (identified by MAC address) to connect to the server on port 22000 and allow the server to initiate connections to those devices on the same port.

The server will be connected to a switch (along with my AP and other devices). My current dumb switch does not allow me to configure VLANs.

Is there a way to do the above without requiring the server to be in a separate VLAN? If so, how would I do that?

Alternatively, if I buy a new (hopefully cheap) switch that supports VLANs, is there a way to do the above by putting the server in its own separate VLAN? If so, how would I do that?

Thanks for any guidance!

2

vlans with local firewall rules are the answer to that. if your switch is not vlan aware, you could get around that in potentially two ways:

  • plug the server directly into the peplink, and configure the port on the peplink to be in that vlan.
  • configure the nic on the server to tag/untag its traffic with the vlan tag. this usually works because a non-vlan aware switch will generally still switch the packets that contain a vlan tag without being able to read it, as long as it can handle the larger frame size. So if it can handle jumbo frames, it will probably work in this way.