Search the Community
Showing results for tags 'pinhole'.
Found 1 result
I have been wanting to separate out my FPGA's from my network into VLAN's for a while and decided today was the day. And before I forget how to do this, maybe this setup helps someone else as I found this confusing AF. My network is piecemeal over the years, if something broke, get a new one. If I needed more ports, get another switch. So nothing matches up to the current Ubiquiti unifi lineup. Good or bad, I didn't come across a guide to throw it all together for a newb like myself. If anyone has better setup please tell me what can be done better. Does any of the listed gear matter? Not really except the controller for the USG and would suggest any recent Ubiquiti AP's as they are flawless. Pro, Lite, and LR are amazing. My FPGA's are wired so they will get a miner VLAN and we will setup an IoT Wifi VLAN so we can test from a phone back to the main network and the miner VLAN. With this setup I would break up each group of miners. Like hashaltcoin FPGA gets their own VLAN, brand1 of ASIC gets its own VLAN, brand2 of ASIC gets it own VLAN, AMD GPU's get their own VLAN, NVidia GPU's get their own VLAN, shady wallet you downloaded from a bot on Discord on its own malware PC, its own VLAN. Let all that garbage talk to each other in their own zone of spam,Â but not me. I am getting too old for the shady shenanigans. Blockstream, Asicboost bois and all you spammers hearing me? Maybe a your favorite crypto laptop gets its own VLAN that nothing can talk to? Gear Ubiquiti USG Router Ubiquiti 8-Port Toughswitch POE Ubiquiti EdgeSwitch 24 Lite Ubiquiti Cloudkey Gen 1 Ubiquiti AC-Lite Ubiquiti AC-Pro Diagram of what I am setting up. Using draw.io and Vizio stencils from the UBNT community mega linkÂ https://mega.nz/folder/ctdX2IiY#y3vZx3xp5KUevei3vDpquQ First we assume you already have the USG, a managed switche(s), and Access Point(s) setup and know how to login to everything. Since my switches aren't the unifi line you can figure out your random brand of switch VLAN config, and its basically the same idea. Lets get an IoT wireless network setup as a test network and see how this works for wifi. Bottom Left Gear Icon -> Networks -> + Create New Network When you type in the IP address I am matching the VLAN to the IP number. After that click Update DHCP Range to automatically fill in the rest. Click Save. Now create a Wifi network to test our new VLAN on. Wireless Networks -> + Create New Wireless Network Settings below are basically the same as a typical Wifi SSID setup, except we clicked the Advanced Options and selected VLAN with our new VLAN number. My toughswitch port 8 is connected to my EdgeSwitch LiteÂ port 24 and then EdgeSwitch Lite port 23 is connected to my USG router. Now because I have a Mickey Mouse setup. I need to tag all of this back to where the Access Points are. So first I went into my ToughSwitch. Under VLANS tab I added a VLAN ID 30 with comment IoT put port 8 as T and checkmarked enable. Save this and wait for the switch to interface to pop up again. Now to the EdgeSwitch which gave me pure misery since I wasn't sure how to tag untag and exclude, turns out its very simple. #REKT Basically I tagged [T] the ports connecting the devices together. Port 23 and 24 like mentioned above how the ToughSwitch and USG router connect to the EdgeSwitch. Now you should be able to connect a phone to the IoT wifi and get internet. If not either you did something wrong or I missed something, and most likely I missed something since that was very easy so far, a bit too easy. Next what I wanted was to put the FPGA miners on their own hard wired VLAN which are on my EdgeSwitch port 14 and 16. Lets do another VLAN Corporate Network but this time use VLAN 40 and 192.168.40.1. Because we aren't using wifi this time, no need to bother with another SSID. Now we have our shiny new VLAN 40, but we still need to change the EdgeSwitch to Exclude and Untag. This would be whichever switch your Miner spam thing is connected to. Notice we Exclude port 14 and 16 in the default VLAN 1. And then untag port 14 and 16 in VLAN 40. I am keeping the Tags [T] all the way through, but I don't think this has to really travel to the ToughSwitch, only from the EdgesSwitch to the USG router. But I am tired and would rather write this guide. Now reboot or disconnect your miner so it grabs the new dhcp addresses. In the left Icon of a laptop in the USG [Clients], click that and see if you thing is showing up after maybe 5-10 minutes of waiting. When it does show up try going to the IP address from the main PC/Laptop you are setting this up from, to make sure you can logon. Also double check from your phone on the IoT Wifi if you can login. Right now everything can still talk to each other. Let's stop that. Go to the Gear -> Routing & Firewall -> Firewall -> Groups ->Â + Create New Group And lets create some useful stuff. The main thing we want is a private network full address group to block. Below to easy copy and paste them in if you type too slow. RFC1918 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 Then we want to create the Firewall rules to allow things to happen and then block the rest. Your final order should look something like this once you finish the next steps. Routing & Firewall -> Firewall -> LAN IN -> + Create New Rule Just copy the settings, this blocks IoT VLAN from talking to anything else. Now we block the miner VLAN to everything else. Now try from the IoT Wifi on your phone to connect to anything. If it doesn't connect to a PC or your miners, this is a good sign that the setup is starting to come together. Now lets create one more rule so you can login to your stuff from the PC you are setting this up from. Now your junk will stay spamming itself but you can still login to them. You can then start messing around with that allow rule. Such as source -> Only from a specific IP address and Destination -> Only specific set of ports. Play around in the Groups tab to add more groups like a Group called 80, 443 since those are probably the only ports you need for most everything. make a group called Master and input a couple IP's to be your only controlling devices. Hopefully this helps someoneÂ trying to connect a spaghetti of switches, access points, and random devices together and block the stuff inside the VLAN's from talking too much BS. If you like the guide, consider donating to Carsen's patreon in my signature.