Hello, I’ve been learning and making products to sell online, I’ve recently started to make a simple website using angular to host docs and usage guides for my products, I believe its almost ready to publish and I’m thinking of hosting it in a VM on my personal server in my local network

I’ve read little about cloudflare tunnel but I’m wondering if my setup is enough

I’ve been using pfsense and vlans for sometime, Plus I’ve been sharing my internet with 5 neighbours and a small cyber cafe for about 3 years and had no issues that I’m aware of, But I’ve heared about VLAN hopping which made me afraid to proceed

All vlans are only allowed to access the net, no rules to allow to talk to other vlans, Except for VLAN 0 which can talk to the rest of the vlans

I’m also using Nod32 antivirus firewall on my VM with filtering mode set to “Policy-based” which I believe blocks/drops all traffic except what I allow

But I’m not sure if these steps are enough to avoid vlan hopping, For now its not a big deal if my VM gets hacked, I’m mainly worried about the rest of the network, Will they be safe if I expose my Public IP? Is Pfsense enough to protect them? Is my vlan setup enough to protect against vlan hopping?

Thanks!

  • fediverser@alien.top
    link
    fedilink
    English
    arrow-up
    1
    ·
    11 months ago

    This post is an automated archive from a submission made on /r/selfhosted, powered by Fediverser software running on alien.top. Responses to this submission will not be seen by the original author until they claim ownership of their alien.top account. Please consider reaching out to them let them know about this post and help them migrate to Lemmy.

    Lemmy users: you are still very much encouraged to participate in the discussion. There are still many other subscribers on !main@selfhosted.forum that can benefit from your contribution and join in the conversation.

    Reddit users: you can also join the fediverse right away by getting by visiting https://portal.alien.top. If you are looking for a Reddit alternative made for and by an independent community, check out Fediverser.

  • mosaati@alien.topB
    link
    fedilink
    English
    arrow-up
    1
    ·
    11 months ago

    Since pfsense is block first, nothing can communicate unless you have a rule that allow it to communicate. VLAN hopping is a valid problem, it can be mitigated with locked down ports with white-listed MAC addresses and vlan tags.

    I highly recommend that nothing is served on vlan0. It should be only for an admin station and network devices, you should not use the admin station unless you are performing admin activities, for every day activities you should be on another locked vlan as anyone else.

    I also highly recommend to enable IPS.