- The RPi will be connected to a managed switch with a single ethernet connection. The ethernet connection will be limited to tagged packets on several vlans only. The vlans that will be considered involve a vlan for Media, for Experimentation, for Personal services, and for Extra-network connection (i.e., to the ActionTec router). Non-tagged traffic on the switch port will not be allowed.
- The RPi will provide dhcp services to the Media vlan.
- The Tor Proxy will provide a firewall to the Extra-network connection; all Tor related traffic will be on this vlan. Access to the Tor Proxy lan will be via a WPA2 wireless (per the Onion Pi setup).
- The Tor Proxy lan should be isolated from the RPi itself.
- The Personal services vlan will be allowed to connect to the Tor Proxy and then to the Extra-network vlan. The general Tor Proxy lan will not be allowed to access the Personal services vlan.
- After analysis of the connection to the managed switch, I have come to the conclusion that the only possible problem with the hardware setup is that the wireless connection (for the Tor Proxy) might be able to be compromised. Perhaps I should think of implementing a RADIUS server of some sort. I could host it on the RPi but that might be a security issue.
- I would also like to add a separate wireless access port setup with a separate wireless dongle and ethernet-usb connector. I would make that one subscribe to one specific vlan.
- Implement an LCD panel control for all of this?
This is a blog mostly about techie things, what I am doing to my apartment network on the cheap, IOT, 3D Printing, Raspberry Pis, Arduinos, ESP32, ESP8266, Home Automation, Personal Weather Stations, Things That Go Bump in the Night, and some side issues that need discussing. Remember, sometimes the journey to an end is as much fun as the goal achieved!
Monday, July 15, 2013
Implementing a 1-Port Router
Now that I have a somewhat better handle on the Tor Proxy, I am back to thinking about a 1-Port Router. One of my next experiments will be to plug the RPi Tor Proxy into a tagged vlan port. I am hoping that I can use Shorewall and some vlan libraries to make a one port router. It would appear that this will be safe since there is no physical access to the cable that goes from the managed switch to the RPi ethernet port. My idea is to use Shorewall as the main routing mechanism to isolate separate vlans from each other (except in certain cases), but still provide dhcp services to a couple of the vlans. So now I am thinking the following:
