[otabdeveloper4]

> I want to have multiple publicly addressable subnets in my home LAN

...is something nobody in the history of home LANs has ever said.

[Dagger2]

Because they don't know the words. It's not uncommon for people to want to do things that would be best done with a separate subnet though.

For example, VPNing in from your phone or making a separate isolated network for untrusted IoT devices.

[unethical_ban]

being publicly addressable != being publicly accessible

I work in network security. I know what words I'm using.

[otabdeveloper4]

You want your network of untrusted IoT devices to be publicly accessible??

(Probably not.)

[Dagger2]

Indeed not. That's not what I said.

I don't even want them talking out to the internet by default, which is why I have a separate subnet with a different set of firewall rules that only allows whitelisted outbound connections.

[unethical_ban]

NAT is a "constrained resource" solution that cosplays as a security solution. Firewalls and ACLs are meant for governing traffic, not NAT.

[lokedhs]

My home LAN setup has exactly that, and I even switched ISPs to get it.

My old ISP only have me a /64 which is completely useless if you want to create subnets. The new one gave me a static /48.