create a new firewall rules

naveen7355

can you help me to create a rules in below diagrams

stephenw10

It would be much easier and more secure to do this by putting those devices on separate subnets. Can you do that?

Steve

naveen7355

@stephenw10 its not possible in firewall only one LAn port

johnpoz

@naveen7355 said in create a new firewall rules:

not possible in firewall only one LAn port

Use vlans then. What switch do you have, if it understand vlans than your machines can be broken out into different networks and isolated from each other.

A 8 port gig switch that can do vlans can be gotten for as little as $40..

stephenw10

Yes, I agree. If the only reason you don't have those on separate subnets is a lack of ports on the firewall use VLANs.

The result will be so much easier to manage and more secure it's not worth trying to do anything else.

Leaving it all in one subnet will cause you problems at some point.

Gil

@johnpoz That quite an inexpensive VLAN switch.
Can I ask for that model please.

johnpoz

There are multiple options..

here a couple
https://www.amazon.com/D-Link-Ethernet-Managed-Internet-DGS-1100-05V2/dp/B08P2C2GXF/ref=dp_fod_1?pd_rd_i=B08MV9315K&th=1
$37.99

https://www.amazon.com/NETGEAR-8-Port-Gigabit-Ethernet-Managed/dp/B07PLFCQVK/ref=psdc_281414_t3_B08P2C2GXF
$27.99

https://www.amazon.com/Gigabit-Managed-Snooping-Aggregation-GS1200-8/dp/B07BNVV2ZT/ref=pd_bxgy_1/144-4228857-2947600?pd_rd_w=iShPU&pf_rd_p=c64372fa-c41c-422e-990d-9e034f73989b&pf_rd_r=JMN2DDN7Y35W5Q6S5MCK&pd_rd_r=3151014b-9f77-400b-8d6f-fc378c16ea0f&pd_rd_wg=1nGEr&pd_rd_i=B07BNVV2ZT&psc=1
$34.99

Not even counting the tplink ones - because well, they have a bad track record of not understanding vlans.. But current model would prob work as well.

here is another one
https://www.amazon.com/TRENDnet-EdgeSmart-mountable-Protection-TEG-S80ES/dp/B07FYXRXB3/ref=sr_1_18?dchild=1&keywords=Managed+Switch&qid=1629414610&sr=8-18
$39.99

None of these are full enterprise full managed, every feature under the sun sort of switches.. But they can do vlan ;) So don't expect features like multicast filtering via ACLs or L3 routing, etc. etc. But they can get the job done of running vlans on your network and isolating your network segments.. And do simple stuff like rate limiting, some prob do lacp and basic stp and stuff like span ports..

You prob not have console or ssh access, maybe no snmp details.. If you want a really good more fully managed switch those can be had for like $200.. I got my current cisco sg300 28 port small business that really can do pretty much anything you could think of or want to do on a switch for under $200..

You really can setup a fully segmented network both wired and wireless for very reasonable home budget.. Way less than some of these newer soho wifi routers that can run 300+ and not really do shit.. Other than put up nonsense numbers for their wifi like 3200 and look like spiders with 8 different antennas ;) hehehe

If really looking to do vlans on a tight budget - take some old wifi router that runs 3rd party firmware and there you go vlans both wired and wireless.

Gil

@johnpoz Great info, thanks
I have a D-Link DGS-1100; but clearly the retailers in Oz enjoy a fabulous markup. It was twice the Amazon price.

johnpoz

@gil Prices in other countries for electronics always confuse me to be honest... If something cost say $100 USD here in the US, you would think that would match up with whatever the exchange rate it..

So $40 here in the US, in OZ it should be like 56 AUD should it not.. I show AUD = about 1.4 USD..

Just looked up the netgear gs308e on amazon au, and 59 AUD.. that for sure doesn't match up.. Should only be like 39 per the exchange rate.

Now the big question - how much does a beer cost ;) My everyday beer that I drink around the house, have for lunch etc is amstel light. At the local store I can pick up a 12 pack bottles of that for like $15.. A ok craft type beer out on the town can range from anywhere from like $3-5 for a pint during happy hour and specials.. To like $12 depending on where your at in the city in Chicago ;)

A local craft beer at the store, a 4 pack of pint cans ranges from like $10 to $15.. Here one of my favs

They normally go up from there - 20, 25, 40 even for some..

And there is tax on that for sure.. 10% sales tax, and then liquor/beer has excise tax as well.. Bastards!!

My point is - if the switch only cost what you would spend on a few beers after work with the guys on a tuesday, its cheap ;) heheh

Gil

@johnpoz Interesting though regarding beer.
Sydney is back in lockdown and I must be saving on beer, which should be converted to some essential hardware.
There must be a Netgate lockdown / Black Friday / Silly Monday / thirsty Tuesday Sale coming soon?

awebster

@johnpoz I'd also suggest looking at HP/Procurve 2910al switches on ebay (here's an example: HP 2910AL-48G 48-Port Gigabit Ethernet Switch J9147A. They are discontinued now, but were great enterprise switches at the time, and can typically be had for under $100. They are layer 2/3 switches, svi, vlan, lacp, stp, and all the goodies, with a real console CLI, none of this web only monkey business. Also available in PoE+ versions.

johnpoz

Problem with old enterprise gear - sure you can get it for great prices.. But look at the sound that thing makes.. Noisy!! And it uses 64W just idle..

While those might be for a lab that you turn on to play/test with something a few hours here or there.. Not something I would want running 24/7 because of the power and noise.

Yeah from a feature perspective they are fantastic.. But just really to noisy and power hungry for a home network.

Acoustic    Power: 53.5 dB, Pressure: 39.4 dB
Idle power     64 W
Power consumption     105 W

My sg300-28 uses.. 20w, and is fanless so silent.. The extra cost of buying a new smaller business switch vs used enterprise gear of something like ebay prob pay for itself in a few years.. Even less depending on cost of electric in your area.

awebster

@johnpoz said in create a new firewall rules:

My sg300-28 uses.. 20w, and is fanless so silent

Luckily electricity is very inexpensive here, cheapest in Canada, at about 7.3¢/kWh, so I'm not too concerned with the cost of running the gear, but I totally agree with you about the fan noise. I keep my home office space free of noisy devices and put all the loud stuff in another room.

johnpoz

Well @Gil being from OZ is a bit different.. Prob about 25 cents per kWh I would guess. Even if with exchange rate that still way more than what I pay..

Your paying with exchange rate like less than half what it costs by me..

Lets not forget delivery changes - those add up.. I have become quite aware of electric costs as of late, going solar has shined a new light on how those costs can add up.. Anything that can keep me under what I can produce is also a plus..

Gil

@johnpoz Not a bad guess there, we're around 30 cents per kWh.
Not great when you think we produce more gas and coal than almost anywhere in the world. Solar is certainly the better solution and that is in abundance in such a hot country, and really coming on .
Love the little Marvell appliances when it comes to power drain.

johnpoz

@gil Is that counting delivery charges and such - then yeah 30 cents kwh would be in line with my guess ;)

Like all marketing nonsense - they always tell you what they charge for the electric, leaving out the cost of delivery.. and taxes, etc.. which when you just take what you pay, and how much you actually used works out to more than what they say electric costs ;)

Example of BS costs... Even when I produce more electric in the month than I use... I still have to pay the electric company almost $15, just to be connected.. So even if I never pulled a kwh from the grid.. Say was on battery... Still cost me $175 year just to be connected to the grid..

And you can't pay that with your net metering credits..

biggsy

@gil

I'm also in Sydney. Here's a snap from an email I got from AGL (retailer) in July:

Yep, the "average" will be ~30c/kWh but peak (2-8 pm) is where they get you.

johnpoz

@biggsy Supply charge like a buck a day.. Not based on what you use, but just a buck.. So even if you used 2 kwh, it would be a buck.. F!! me!! You guys getting screwed..

So yeah for sure which switch better the 64w idle 100w in use, or the 20w full use switch ;) And pretty much you wouldn't want to run anything during peak..

Can see why so many go solar in OZ.. They clearly top of the pile here

https://pvoutput.org/country.jsp

biggsy

@johnpoz said:

Can see why so many go solar in OZ..

Yeah, but be prepared to store what you generate. In this state, the feed-in tariff is a "guideline" of between 4.5 and 5.5c/kWh - < 10% of peak charges - but it's completely up to the retailer to decide whether they pay you anything at all.

johnpoz

Yeah I don't get it to be honest.. I get it, your connected to them and hey I can pull power from you - ok there is overhead charge me for being connected.

But the real thing that pisses me off for my connection is they zero out your carry over for your net metering.. It should just carry over.. But on april 1, if I have say 200 kwh saved up -- they just zero them out.. They don't even give my 1cent for them.. They are just gone..

The whole thing with climate change and emissions, and etc. etc.. But hey fuck the guy that is trying to help the planet and hopefully doing the responsible thing...

Some places for sure have it worse then me.. But shouldn't we being in this together - and if someone putting panels on their roof can help with how much coal is burned, etc.. Shouldn't we be helping the guy make it more viable for more people to do it - and give them incentives to do it.. Vs making it harder.. You zeroing out my net positive input to the grid is you just grabbing profit.. and its utter BS plain and simple.. I could see that they could loose value but just zero them out is nonsense..

edit: wow this has gone really off topic ;)