Last edited:
Been wanting to post this for nearly a year, but got delayed by impending VLAN capabilities of my router RT2600ac, and issues when ISP problems came up.
I’m self taught, and I’m warning all of that.
Here is what I’ve implemented here. I post the settings because I’d like to see what others think about it.
When it becomes available, I’m thinking I will not use VLAN.
Most everything here is static ip. This allows me to determine by IP, what capabilities any new device would have, as you shall see.
DHCP here is IP .40–.54
IP Cameras are .163–.176
Firewalls: Router: (just IP specific ones)
Allow IP .1–.162 to internet
Deny all as last entry. No ports forwarded.
Firewalls: NAS1: (just IP specific ones)
Allow IP .2–.24 input to this NAS
Allow ftp from IP .163 — .176 input to this NAS
Deny all as last entry
Firewalls: NAS2&3 (just Ip specific ones)
Allow IP .2–.24 input to these NAS’s
Deny all as last entry
Due to the firewalls I have the following IP Groups:
Allow internet & NAS access
Allow internet —NO NAS access
NO INTERNET—NO NAS access
And ftp access from cameras to only 1 of 3 NAS’s.
The groups are not filled, so as new devices are acquired, I can pre determine what they will or will not be able to do based on the IP I assign to them.
Seems to work. I post this for discussion and improvement.
Open for comments, Please!
Thank You!
I’m self taught, and I’m warning all of that.
Here is what I’ve implemented here. I post the settings because I’d like to see what others think about it.
When it becomes available, I’m thinking I will not use VLAN.
Most everything here is static ip. This allows me to determine by IP, what capabilities any new device would have, as you shall see.
DHCP here is IP .40–.54
IP Cameras are .163–.176
Firewalls: Router: (just IP specific ones)
Allow IP .1–.162 to internet
Deny all as last entry. No ports forwarded.
Firewalls: NAS1: (just IP specific ones)
Allow IP .2–.24 input to this NAS
Allow ftp from IP .163 — .176 input to this NAS
Deny all as last entry
Firewalls: NAS2&3 (just Ip specific ones)
Allow IP .2–.24 input to these NAS’s
Deny all as last entry
Due to the firewalls I have the following IP Groups:
Allow internet & NAS access
Allow internet —NO NAS access
NO INTERNET—NO NAS access
And ftp access from cameras to only 1 of 3 NAS’s.
The groups are not filled, so as new devices are acquired, I can pre determine what they will or will not be able to do based on the IP I assign to them.
Seems to work. I post this for discussion and improvement.
Open for comments, Please!
Thank You!