I am attempting to use an Edgerouter-X (ERX1 for short) to provide specific, controlled access between vlans and certain equipment. The first use case will be entirely composed of port forwarding, but between multiple vlans. First case is to define what I mean by setup:
The New Setup for vlans on ERX1
- ERX1-1 will be connected to Media Router for access to the Media vlan
- ERX1-2 will be connected to Main Switch for access to the Admin vlan for configuration
- ERX1-5 will be connected to Main Switch for access to other vlans as a trunk line
- ERX1 vlans will be setup as normal, always getting IP from DHCP and doing DHCP Remote to keep the gateways pure
The following Zones will be defined:
- Local (ERX1 itself)
- Admin
- Media
- Personal
- IOT
- LAN3
- DMZ
The following special defined accesses are:
- Port 8123 of the HA-IOT server on IOT vlan <-> every IP on LAN3 vlan
- HA-IOT server on IOT vlan <-> data server ports on Personal vlan
- ports for Plex server on Personal vlan <-> every IP on the Media vlan
- ports for Plex server on Personal vlan <-> every IP on the LAN3 vlan
- every IP on the Media vlan <-> data server ports on Personal vlan
- Docker container ports in the Development vlan <-> the MQTT server on the HA-IOT server in the LAN3 vlan
- every IP on the LAN3 vlan <-> Media equipment ports on the Media vlan
- specific IPs on the DMZ <-> data server ports on Personal vlan
- Some of these alternate connections are going to require the device to be on the same subnet
Group Definitions needed:
- port 8123 on HA-IOT Server on IOT vlan
- data server ports on Personal vlan
- Plex server ports on Personal vlan
- MQTT server port on IOT vlan
- Media equipment ports on Media vlan
- Specific IPs on the DMZ vlan
The first items on the ERX1 that need to be completed for setup include resetting the ERX1 to default, setting up an initial default router setup with two subnets, defining the Admin vlan, setting up the main switch to accommodate connection to the Admin vlan and to the Media vlan (with the WAN port). From there I should be able to update the ERX1 as I go.
