Serve Shares by Network


danioj

2 posts in this topic Last Reply

Recommended Posts

Hello All,

 

I am optimising with my network design to ensure that potentially threatening (IOT, Cameras, Guests etc) are segregated from my main internal network.  I will utilise VLANS for this.

 

I intend on utilising a second NIC to give my unRAID Server access to my main LAN and my Camera VLAN. Easier this way as I don’t have to setup inter VLAN routing. 
 

Pfsense makes it easy for me to restrict all but SMB traffic between Cameras and unRAID (thus protecting unRAID). 
 

The only thing I can not figure out is how to restrict access to shares by Network. What id like to do is only allow my camera “user” to logon while on my Camera VLAN and once it does so ONLY be able to access 1 share. This would mean no other user would be able to login to the server on the Camera VLAN. 
 

The threat I am trying to defend against is a device on the VLAN becoming compromised, opening access to the server and through luck and or other means getting access to my other shares.

 

Is there a way to restrict share access based on network In the OS that anyone knows of?

 

Thanks

 

Daniel

Edited by danioj
Link to post

You'll probably have to lock every share down by user and ensure "camera" does not have access to any other shares. That means nothing setup as public.

 

I don't know of Samba being Network/VLAN aware.

Edited by BRiT
Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.