danioj Posted July 20, 2020 Share Posted July 20, 2020 (edited) Hello All, I am optimising with my network design to ensure that potentially threatening (IOT, Cameras, Guests etc) are segregated from my main internal network. I will utilise VLANS for this. I intend on utilising a second NIC to give my unRAID Server access to my main LAN and my Camera VLAN. Easier this way as I don’t have to setup inter VLAN routing. Pfsense makes it easy for me to restrict all but SMB traffic between Cameras and unRAID (thus protecting unRAID). The only thing I can not figure out is how to restrict access to shares by Network. What id like to do is only allow my camera “user” to logon while on my Camera VLAN and once it does so ONLY be able to access 1 share. This would mean no other user would be able to login to the server on the Camera VLAN. The threat I am trying to defend against is a device on the VLAN becoming compromised, opening access to the server and through luck and or other means getting access to my other shares. Is there a way to restrict share access based on network In the OS that anyone knows of? Thanks Daniel Edited July 20, 2020 by danioj Quote Link to comment
BRiT Posted July 20, 2020 Share Posted July 20, 2020 (edited) You'll probably have to lock every share down by user and ensure "camera" does not have access to any other shares. That means nothing setup as public. I don't know of Samba being Network/VLAN aware. Edited July 20, 2020 by BRiT Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.