Homelab and internet access (rookie question!)

Hi all, thanks for keeping the days of forums alive!

I’m looking to tinker with a homelab, to self host a few things and just learn in general. I have a PC together with Proxmox installed, a managed switch and unused router to learn about network segmentation.

Here’s the rookie part, initially I wanted it all offline, a separate network, but then I realized I need to download packages for things, with a Debian VM for instance. I don’t know how to safely connect it to the internet to allow that.

Is it safe to plug the lab setup into a port on the router that connects to the internet? I’m hoping to not have to dabble in things like pfsense and being responsible for a firewall right away, being a beginner.

I currently have it setup like this:
Lab PC > switch > extra router

Can I plug that directly into my internet connected main router? Is the ISP/current router firewall safe enough for this use case? When looking into homelabs it’s very easy to get terrified of allowing any internet connection onto the thing.

I’m hoping to get a bit of direction, whether that’s more info, a spot to learn, subjects I should spend time learning first, or a bit of reassurance.

Thank you!

Hello @adrummerMQ

Based on this information, I would feel confortable doing it. Since the lab stuff is behind 2 different firewalls at least (probablly 3, firstly ISP, second your home router and third is the lab router).

I would assume that it is safe enough unless you are running bad firewalls on those devices above. The only reason that it might be an issue for your home network, if you for example, opnened all the ports on your primary router to the internet. But for this occasion I am assuming that you have not done that.

And no, I doubt there is no need to worry about the internet side, but if you have somet stuff running that you are worrying to call home, it might not be so sure. But in principle it should be safe.

Offcourse, I don’t have information about your complete setup, but to me, it seems to be safe enough.

Edit.

Written with the understanding that what you meant was allowing your host vm’s internet access

The term "safe enough "should not be used when exposing services to the Internet. In my opinion, most companies’ extremely good enough attitude is responsible for all the data breaches the world has experienced in the last ten years.

1 Like

Turn off UPNP on the router(s).

1 Like

The firewall protects your Network from the bad guys on the Internet. Whatever service you step up will require you to mess with the firewall. I advise people by telling them what I would do in their situation.
I would create two separate VLANs: one for your learning environment (Home Lab) and another for everything else. It’s important to isolate the network traffic between these two VLANs. This means that traffic from the Home Lab VLAN should not be allowed to access the Everything Else VLAN, and vice versa.

To achieve this, you can set up a firewall rule on the Everything Else VLAN to block all traffic directed toward the Home Lab VLAN. Start by familiarizing yourself with how to configure your router and switch. There’s no need to use pfSense or any other open-source firewall at this stage unless you specifically want to.

Focus on mastering the configuration of your existing network equipment first to ensure proper VLAN setup and traffic isolation.

@jode, that was a good tip about turning off the UPNP protocol. Most people forget to block that type of traffic or can’t because they run a UPNP protocol service like Plex or Jellyfin. Since I have Smart TVs in my Home Lab, I can’t block the UPNP protocol on my Home Lab router, so I isolate the Internet traffic for my Smart TVs from the rest of the Home Lab traffic using VLANs.

1 Like

Will not disagree, but I am not 100% that was what was asked? To me, the question was if it would be safe to connect the lab network to a lan that is connected to internet?

lol, I cannot disagree. Look up the case of Vastaamo, it was a pretty big storm herre a couple of years ago.

If you dont plan to do port forwarding to expose sevices to the internet your questiom is eqivalent to ‘Is it save to connect my windows notebook to the internet’. Not sure how you think it being a server / homelab / hypervisor makes it inherently less secure than any other device. The same rules apply.

1 Like