Configure VLAN for 2 PCs to share Internet and NAS while keeping NAS inaccessible to Internet
Totally new to VLAN and trying to set up shared Internet access.
x) my xDSL router/gateway has a fixed IPv4 address x.y.z.1/255.255.255.248; addresses x.y.z.2 thru x.y.z.5 are available to me
x) PC1 is configured to x.y.z.2, so that it can see traffic from the router/gateway
x) PC2 is configured to x.y.z.3, so that it can see traffic from the router/gateway
Since I use the PCs alternatively, I used to just unplug cables; which is tedious, so i bought a GS308E switch. With PC1 on port 1, PC2 on port 2 and router on port 3, using native VLAN 1, both PCs should be able to see the router and each other, correct?
Now I want to add a NAS to share data between the PCs but keep it invisible to the rest of the world. I need to assign it an x.y.z addresse, eg. x.y.z.5 to make it visible to the PCs, correct?
In 802.1Q configuration, would the following be viable:
assign membership and PVID 10 to port 3 (router)
assign membership and PVID 20 to port 4 (NAS)
make ports 1 and 2 untagged members of VLAN 10 and 20
If I understand corectly, this should assign frames entering from the router to VLAN 10, and frames entering from the NAS to VLAN 20, with both PCs seeing them; but router and NAS cannot communicate.
Model: GS308E|8 Port Gigabit Ethernet Smart Managed Plus Switch
Totally new to VLAN and trying to set up shared Internet access.
x) my xDSL router/gateway has a fixed IPv4 address x.y.z.1/255.255.255.248; addresses x.y.z.2 thru x.y.z.5 are available to me
x) PC1 is configured to x.y.z.2, so that it can see traffic from the router/gateway
x) PC2 is configured to x.y.z.3, so that it can see traffic from the router/gateway
This reads like your xDSL gateway does just offer a small subnet, typically with public IPv4 addresses. Typical usage is to expose services or hosts requiring a broad rang of Internet access ports and protocols.
Since I use the PCs alternatively, I used to just unplug cables; which is tedious, so i bought a GS308E switch. With PC1 on port 1, PC2 on port 2 and router on port 3, using native VLAN 1, both PCs should be able to see the router and each other, correct?
The much more common approach is using a NAT router which allows to serve the internal LAN on a RFC1918 private subnet. What can be reached/accessed from outside is done by NAT port forwarding from the public IP address(es) to the relevant fixed LAN IP.
Now I want to add a NAS to share data between the PCs but keep it invisible to the rest of the world. I need to assign it an x.y.z addresse, eg. x.y.z.5 to make it visible to the PCs, correct?
If I understand corectly, this should assign frames entering from the router to VLAN 10, and frames entering from the NAS to VLAN 20, with both PCs seeing them; but router and NAS cannot communicate.
In a _real_ 802.1q world, each VLAN does make up a dedicated, individual network, with it's own dedicated IP subnet. And _nothing_ does magically pass from one network to another.
The idea you describe has not much in common with two VLAN, much more it some kind of some asymmetric VLAN cofig, which requires more effort and careful config. I would strongly advise _never_ to operate any host (PC, NAS, ...) direct on a (most likely public) IPv4 address. Move all hosts behind a NAT router or preferably a security appliance (because simple NAT raouter typically don't have the ability for handling multiple NAT configurations), and only configure exactly the service(s) you need to expose to the Internet, either by a simple port forwarding, by a one2one NAT for one of your public IP addresses to one device on the LAN.
Curious why you think you want a PC fully exposed to the wild Internet?
Avoid any "solutions" like putting the cart before the horse.
