Hello, I’m getting into self hosting and looking to setup a small home lab to play around with different technologies. I’m considering setting up a DMZ to keep my lab hardware separate from the rest of the network and other users. What is some of the minimal hardware required to do this on a small budget? Also what are some of the necessary security measures I should understand. One of my first projects would be to setup a small Linux box that I can ssh into remotely. Thanks.
EDIT After much reading today and great guidance from this community this is basically what i ended up doing… Got a dell optiplex on ebay for about 55 bucks and a dual intel network card on amazon with a managed switch. If i can bridge my current router as an access point, i should be on my way! This community rocks! Lemmy is awesome!
EdgeRouter is proprietary but minimal. You can also look at Opnsense running on a used thin client off ebay.
I did this myself for all of 150 dollars. I bought an OptiPlex 7050 off of Amazon and added a dual intel network card. From there, I installed OPNsense. I have a DMZ, WAN, and LAN interface.
After much reading today, this is basically what i ended up doing. Got an optiplex on ebay for about 55 bucks and a dual intel network card on amazon with a managed switch. If i can bridge my current router as an access point, i should be on my way!
One of my first projects would be to setup a small Linux box that I can ssh into remotely.Why not just take the next step and setup tailscale? That way you can learn and also not have to worry about setting up a full security stack and everything for your DMZ.
Tailscale will let you create a virtual local network so that you don’t have to expose anything to the internet.I’ll look into that thanks!
You can physically isolate by running multiple independent switches, you could run different subnets on the same switches or you could VLAN separate but that would require a managed switch or setting up your topology that something tags the traffic with the proper vid before running on the unmanaged switches. All have their pros and cons but i would strongly recommend getting a managed switch (managed firewalls/routers/switches depending on features/port count can all fill that need) and doing VLAN separation if you don’t have a lot of equipment you’re starting out with.
Thanks for the advice! I ended up getting a managed switch on amazon and an older dell computer to set up OPNsense. Can’t wait to get started!
Managed switch to create vlans and a firewall to manage the traffic.
Past that it’s really a case of how much you want exacting control. Even a single /24 network gives 253 hosts and the class C space allows for a whole pile of those, so in theory it’d be easy to put everyone in their own network, but a pain to maintain.
