Trash Panda Guides

User Tools

Site Tools

Trace:
foundation:networking

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
foundation:networking [2025/12/19 22:47] privacyl0stfoundation:networking [2025/12/19 23:05] (current) privacyl0st
Line 17: Line 17:
 When it comes time to put all the pieces together for our ecosystem we'll be accessing our content library via an NFS link between our Plex Media Server and our NAS device.\\  When it comes time to put all the pieces together for our ecosystem we'll be accessing our content library via an NFS link between our Plex Media Server and our NAS device.\\ 
  
-In the remainder of this page we will discuss //**what**// is needed, and //**why**//, but we //**will not**// go into specifics on how to configure //**your**// network equipment since the //**how**// will vary depending on what network equipment you have and the configuration tools available to configure it. +In the remainder of this page we will discuss //**what**// is needed, and //**why**//, but we //**will not**// go into specifics on how to configure //**your**// network equipment since the //**how**// will vary depending on what network equipment you have and the configuration tools available to configure it.\\  
 + 
 +==== NFS VLAN ==== 
 +Switch ports tagged for NFS VLAN traffic should not be configured as trunk or span ports and should only be connected to endpoint NICs that are dedicated to NFS communication. These ports and the NICs connected to them should be configured for Jumbo Frames (9000 mtu), be statically assigned IP addresses, and not have a gateway configured. No switches or gateways on the network should have virtual interfaces configured on this network segment.\\  
 + 
 +==== DMZ VLAN ==== 
 +Switch ports tagged for the DMZ VLAN should not be configured as trunk or span ports and should only be connected to endpoints that will host internet facing services. Endpoints such as your reverse proxy, Plex Media Server, and/or your content request server. Switches and gateways can be configured with virtual interfaces for this VLAN and access control lists should be configured on both the gateway and switches to permit any internal routing necessary for connectivity to local devices and automation services that may be running in a different VLAN.  It is important to note though that ACLs should be configured to allow internal services to initiate communication with devices in the DMZ VLAN, but devices deployed in the DMZ VLAN should not be able to initiate traffic into the LAN VLAN. This VLAN should not have the ability to communicate with anything in the NFS VLAN and there should be no configured routes to allow this type of traffic.\\  
 + 
 +==== LAN VLAN ==== 
 +The LAN VLAN, or sometimes configured as the default VLAN, will be where all your general-purpose devices are deployed.  Switches and gateways will have virtual interfaces configured for this VLAN and devices within this VLAN should be able to freely access both the internet and the DMZ VLAN. Like the DMZ VLAN this VLAN should not be able to communicate with anything in the NFS VLAN.\\ 
 + 
foundation/networking.txt · Last modified: by privacyl0st