I’ve an ideal alternative with my ISP, providing a subnet of 8 static public IPs (5 usable) for about $50. I wish to use it for studying and sensible on-line companies. The supplier provides a Hitron Chita modem, which has 4 Ethernet ports and no VLAN help, leading to a single broadcast area.
My deliberate setup consists of:
- An Asus AC1900 router related to the Hitron modem. This router will use one public IP for NAT, creating a house community I wish to defend from broadcast area assaults.
- A Proxmox server related to the Hitron modem utilizing the remaining 4 IPs, the place I will host public companies like an electronic mail server, sport servers, and a publicly accessible RADOS gateway S3 for my cell app. The Proxmox server will solely hook up with a laptop computer for administration.
I perceive that if Proxmox or any VMs are hacked, the attacker may entry the modem’s broadcast area. Any safety measures inside Proxmox will solely be efficient if it might probably defend itself. I assume Proxmox is a everlasting risk to my residence community. The AC1900 helps VLANs, which I have never used earlier than, and I’m conscious of the related safety dangers.
Would a setup like MODEM -> AC1900 ROUTER -> A number of VLANs be a greater answer? The router doesn’t provide NAT for one VLAN and direct connection for an additional, however I may set up different firmware. I want to not use VLANs until vital, as I wish to hold my setup easy and keep away from including units, given my rising electrical energy prices.
Are my issues about router assaults from the published area justified? Is that this risk vital in comparison with direct web threats?
I imagine that separating {hardware} for public companies and the personal community feels safer. If an extra firewall between the modem, Proxmox server, and residential router is critical, I’ll implement it, however is it important?
Please share your recommendation; thanks!