[tclug-list] networking question

Fri Aug 31 16:49:29 CDT 2018

On Thu, 2018-08-30 at 21:17 -0500, o1bigtenor wrote:
> On Thu, Aug 30, 2018 at 5:16 PM, r hayman <rhayman at pureice.com>
> wrote:
> > 
> > Like Ioannis, I control my own LAN and isolate it from the "LAN" of
> > the
> > ISP-provided device.
> > 
> > I currently have an Ubiquity EdgeRouter and its WAN port is the
> > only thing
> > connected to the ISP-provided device.
> > I set the ISP-provided device into bridge mode (if I can't I have
> > my ISP do
> > it).
> > 
> > When this is complete, my EdgeRouter WAN directly faces the
> > Internet (gets
> > an Internet routable address).
> > I have the EdgeRouter set up as a DHCP server on the LAN side and
> > have all
> > incoming and outgoing routes denied by default.
> > I add rules to allow only what I want in and out of my network.
> > 
> > I also have the ability to support VLANs for IoT devices that I
> > don't want
> > on my LAN - they get a separate VLAN
> > 
> > Set up like this, my entire LAN operates within the LAN even when
> > the ISP or
> > the WAN goes dark.
> This sounds like what I'm looking for.
> So - - - am I understanding correctly?
> You have 2 routers with one serving as a connection to the WAN and
> the second
> is the one that connects from the WAN to itself and #2 runs the LAN.
> 
> Any ideas on documentation to 'make' this happen?
> I'm new to any sys admin/computer under the hood stuff so its useful
> for me to
> find a crib sheet where things are laid out.
> 
> Thanking you for your idea/s !!!
> 
> Regards
> 
> Dee
> _______________________________________________
> TCLUG Mailing List - Minneapolis/St. Paul, Minnesota
> tclug-list at mn-linux.org
> http://mailman.mn-linux.org/mailman/listinfo/tclug-list
> 
Internet --- Comcast Modem (bridge mode) --- My EdgeRouter --- My LAN
Read this wonderful guide for how to do this with an Ubiquity
EdgeRouter https://www.grc.com/sn/files/ubiquiti_home_network.pdf
Obviously this may be more complex of a network than you need, but you
can eliminate the VLANs you don't need.
My setup is a subset of what the diagram on page 3 shows. The primary
reason I have the cable modem in bridge mode is so that I can VPN into
my EdgeRouter if I need to. If you set up your cable modem up in bridge
mode then whatever is next in-line is a device on the Internet, so make
sure it is secure before opening up the cable modem in bridge modem -
i.e. my EdgeRouter sits directly on the Internet because of setting the
cable modem up in bridge mode.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.mn-linux.org/pipermail/tclug-list/attachments/20180831/8436e731/attachment.html>