July 20, 20205 yr Hello All, I am optimising with my network design to ensure that potentially threatening (IOT, Cameras, Guests etc) are segregated from my main internal network. I will utilise VLANS for this. I intend on utilising a second NIC to give my unRAID Server access to my main LAN and my Camera VLAN. Easier this way as I don’t have to setup inter VLAN routing. Pfsense makes it easy for me to restrict all but SMB traffic between Cameras and unRAID (thus protecting unRAID). The only thing I can not figure out is how to restrict access to shares by Network. What id like to do is only allow my camera “user” to logon while on my Camera VLAN and once it does so ONLY be able to access 1 share. This would mean no other user would be able to login to the server on the Camera VLAN. The threat I am trying to defend against is a device on the VLAN becoming compromised, opening access to the server and through luck and or other means getting access to my other shares. Is there a way to restrict share access based on network In the OS that anyone knows of? Thanks Daniel Edited July 20, 20205 yr by danioj
July 20, 20205 yr You'll probably have to lock every share down by user and ensure "camera" does not have access to any other shares. That means nothing setup as public. I don't know of Samba being Network/VLAN aware. Edited July 20, 20205 yr by BRiT
Archived
This topic is now archived and is closed to further replies.