I have a cable modem going into a router with Tomato. The router network is my home LAN. From the router, I have an Ethernet cable to a gigabit switch. From that switch, I have a single Ethernet Gigabit cable going down into the basement to my rack.
It goes into a Netgear 24 port Gigabit switch, which connects my (3) physical ProLiant servers, each having 2 NIC's.
One NIC on the one server, goes to vSphere which has my Active Directory and DHCP installed. It is the main center for my home network. It hosts anti-virus virtual machines (something like VirusTotal with 35+ scanning engines), automation systems, and FreePBX.
The other NIC goes to nothing, and is unused.
I want to create a virtual machine, using the second NIC (unused) as the network interface. Keep in mind, that NIC goes to a switch that goes to a single wire leading to the middle floor switch into the router.
I do not want this virtual machine to have access to my LAN. My friend needs access to a server, so I thought I'd allow him to do our project with my server. He is not tech-savy, but I am curious on his intentions if he finds access to my computer, shared drives, etc.
I can enable VLAN for the vSphere network (second NIC) and then enable it on Tomato.
However, the Tomato router has only ONE Ethernet wire connecting everything. I cannot get it to do VLAN tagging, which I suspect would allow me to use one LAN port (on the router) to separate VLAN 0 ( my home LAN) and VLAN 12 (vSphere VLAN to isolated VM). But it is disabled, and I cannot get the VLAN tagging enabled.
So -- how do I approach this?
Would it be simple enough to change the IP scheme? I know basic network - IP addressing - subnetting - but am not entirely sure if changing the subnet will restrict access to my home LAN. If so, then he won't be able to get to the router (connected to modem).
Is a VLAN the correct way? Can I run my home LAN and a VLAN on the same wire to the Tomato router?
Another way, can't I just install pfSense with a WAN port coming from the NIC#2 and the LAN would be virtual network with vSphere. The VM will connect to pfSense box. Then, can I set firewall rules to ONLY accept communication to and from my router-to-modem? Then he won't be able to ping or contact my local machines due to firewall rules. Correct?
It goes into a Netgear 24 port Gigabit switch, which connects my (3) physical ProLiant servers, each having 2 NIC's.
One NIC on the one server, goes to vSphere which has my Active Directory and DHCP installed. It is the main center for my home network. It hosts anti-virus virtual machines (something like VirusTotal with 35+ scanning engines), automation systems, and FreePBX.
The other NIC goes to nothing, and is unused.
I want to create a virtual machine, using the second NIC (unused) as the network interface. Keep in mind, that NIC goes to a switch that goes to a single wire leading to the middle floor switch into the router.
I do not want this virtual machine to have access to my LAN. My friend needs access to a server, so I thought I'd allow him to do our project with my server. He is not tech-savy, but I am curious on his intentions if he finds access to my computer, shared drives, etc.
I can enable VLAN for the vSphere network (second NIC) and then enable it on Tomato.
However, the Tomato router has only ONE Ethernet wire connecting everything. I cannot get it to do VLAN tagging, which I suspect would allow me to use one LAN port (on the router) to separate VLAN 0 ( my home LAN) and VLAN 12 (vSphere VLAN to isolated VM). But it is disabled, and I cannot get the VLAN tagging enabled.
So -- how do I approach this?
Would it be simple enough to change the IP scheme? I know basic network - IP addressing - subnetting - but am not entirely sure if changing the subnet will restrict access to my home LAN. If so, then he won't be able to get to the router (connected to modem).
Is a VLAN the correct way? Can I run my home LAN and a VLAN on the same wire to the Tomato router?
Another way, can't I just install pfSense with a WAN port coming from the NIC#2 and the LAN would be virtual network with vSphere. The VM will connect to pfSense box. Then, can I set firewall rules to ONLY accept communication to and from my router-to-modem? Then he won't be able to ping or contact my local machines due to firewall rules. Correct?