Hello, I’ve been learning and making products to sell online, I’ve recently started to make a simple website using angular to host docs and usage guides for my products, I believe its almost ready to publish and I’m thinking of hosting it in a VM on my personal server in my local network

I’ve read little about cloudflare tunnel but I’m wondering if my setup is enough

I’ve been using pfsense and vlans for sometime, Plus I’ve been sharing my internet with 5 neighbours and a small cyber cafe for about 3 years and had no issues that I’m aware of, But I’ve heared about VLAN hopping which made me afraid to proceed

All vlans are only allowed to access the net, no rules to allow to talk to other vlans, Except for VLAN 0 which can talk to the rest of the vlans

I’m also using Nod32 antivirus firewall on my VM with filtering mode set to “Policy-based” which I believe blocks/drops all traffic except what I allow

But I’m not sure if these steps are enough to avoid vlan hopping, For now its not a big deal if my VM gets hacked, I’m mainly worried about the rest of the network, Will they be safe if I expose my Public IP? Is Pfsense enough to protect them? Is my vlan setup enough to protect against vlan hopping?

Thanks!

  • mosaati@alien.topB
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    Since pfsense is block first, nothing can communicate unless you have a rule that allow it to communicate. VLAN hopping is a valid problem, it can be mitigated with locked down ports with white-listed MAC addresses and vlan tags.

    I highly recommend that nothing is served on vlan0. It should be only for an admin station and network devices, you should not use the admin station unless you are performing admin activities, for every day activities you should be on another locked vlan as anyone else.

    I also highly recommend to enable IPS.