this post was submitted on 17 Nov 2023
1 points (100.0% liked)
Homelab
380 readers
9 users here now
Rules
- Be Civil.
- Post about your homelab, discussion of your homelab, questions you may have, or general discussion about transition your skill from the homelab to the workplace.
- No memes or potato images.
- We love detailed homelab builds, especially network diagrams!
- Report any posts that you feel should be brought to our attention.
- Please no shitposting or blogspam.
- No Referral Linking.
- Keep piracy discussion off of this community
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
I'm an old datacentre guy, so please take note.
You should aim for zero public IP exposure to services. It is not good what you've got there.
If all those hosts are on public IPs and your'e not really in control of any upstream device to manage network traffic to them if you do this - you are at the whim of your provider.
How are you going to centrally authenticate and manage/monitor all this? You're missing some sort of gateway that YOU control. You've actually drawn up a honeypot for hackers.
Please run your own virutal firewall at least, and cofigure the vswitches accordingly in layers and microsegment separate each service so one compromised system does not give over the whole network. Setup VLANs to allow for this sort of flexibility (and future flexibilty).
Depending on how may public IPS you have, consider putting everthing behind NAT or PAT. Make a separate netowork just to access the VMware kit and secure this, (no web mgmt consoled on public ips!)
What you've got here is asking for trouble and will be a management mess.
Create somthing like 4 tiers of network and seprate these with your firewall, or two firewalls.