[gangstead]

He mentioned having a private, firewalled VLAN. Is there anywhere to get more info or example setups for the beginner homelabber? I've got Unifi gear, I poke around the interface. I realize I can make new VLANs, but what makes them isolated/private?

Also I see his complaints about half assed security but I actually am kind of relieved. If the security was implemented well we wouldn't be able to make our own man-in-the-middle prometheus exporters!

[thfuran]

A VLAN is private/isolated to the extent that you don't route it to other networks. You could just block traffic between that vlan and the wan, or even potentially between it and any other vlans on your lan.

[m463]

I use openwrt

I will say learning how to do it is a pain, but once I got an internal vlan in place, my life got significantly better.

You just want a small internal network that can't get out, or can get out through a proxy.

I set up:

- ipv4 only - cut my configuration in half

- private dns server for the vlan - only resolve internal addresses

- dhcp

- private time server

- privoxy proxy for controlled access to a whitelist of outside