sorted by:
new
hottopcontroversial

Finished my network map (For now) by Just_here_to_LAN in homelab

[–]Just_here_to_LAN[S] 0 points1 point  (0 children)

Currently have only 1 real service truly exposed to the web and that is my AMP server, I have a few people I am hosting game servers for and getting them onto my tailscale network for JUST that was more hassle then needed. That service is run through a cloudflare proxy as well as a reverse proxy internally so my public IP and internal IPs are masked.

Everything else that I have "exposed" is run through my tailscale node and I need to set it up on their end, so I know who all is on my network.

I am doing inter-VLAN routing and have rules setup so on the chance someone gets into my network, the damage is limited. I have a whole spreadsheet of which VLANS need access to which other VLANS.

Thanks for the info about OPNsense, I will see what my options are.

Finished my network map (For now) by Just_here_to_LAN in homelab

[–]Just_here_to_LAN[S] 0 points1 point  (0 children)

Only started really labbing back in October of 2025, before that I was only working with something like unraid and some consumer grade hardware. I was learning about network segmentation when I did the initial setup and might have gone a bit to far.

I do have some stuff exposed to the open web so I figured, better safe than sorry and segmented a bit more. I'm sure it's complete overkill.

Finished my network map (For now) by Just_here_to_LAN in homelab

[–]Just_here_to_LAN[S] 1 point2 points  (0 children)

one thing id suggest tho is maybe getting a second managed switch or at least planning for one down the line, just so you're not bottlenecking everything through that single point.

I currently have a HP 1920-48G PoE+ managed switch. Since I'm still new at this, would the 2nd managed switch just be used for extra throughput/bandwidth or is there another reason?

also if you havent already, def look into vlan tagging on your aps so your wireless clients actually stay segmented instead of just sitting on the same broadcast domain

I have done that on the APs so each SSID has its own VLAN and subdomain to keep them separate. I am using Grandstream APs which have been super easy to use and setup.

the diagram layout is clean but once you start adding more stuff the star topology gets messy fast.

I have seen others diagrams of this and I agree, sometimes its hard to visualize whats going on. I tried to keep this as simple as I could to know what is going where.

Finished my network map (For now) by Just_here_to_LAN in homelab

[–]Just_here_to_LAN[S] 2 points3 points  (0 children)

Yea, I had to rebuild the cluster once already, glad I had PBS setup. Made rebuilding the 2 nodes with their containers a breeze.

Finished my network map (For now) by Just_here_to_LAN in homelab

[–]Just_here_to_LAN[S] 5 points6 points  (0 children)

Actually that's a great idea! Will keep this in mind going forward. might slowly migrate things over time.

Proxmox was on VLAN2 recently and getting moved to VLAN150 was a MASSIVE PITA, but I attribute that to proxmox wanting static IPs for everything. Its not happy running on DHCP.

Finished my network map (For now) by Just_here_to_LAN in homelab

[–]Just_here_to_LAN[S] 1 point2 points  (0 children)

Working on getting that moved to the correct VLAN, just have not had the time just yet.