Virtual Bastion Host

beatt · December 31, 2024, 12:57pm

Hi All

I intent to swap out at Odroid H2+ with the 5 NIC card against a BPI R3 Mini as main router and so far the H2 acted as bastion host but the R3 is also a AP so I am wondering if i can set up a virtual bastion host on the r3 like a lxc openwrt or do some fancy vlan set up to make that happen?

Reason is to take greater advantage of the H2 to be able to call into lan

beatt · December 31, 2024, 1:26pm

Sorry got it wrong the H2 is a DMZ host not a bastion atm but i would like to put the R3 in front as bastion but the AP does not fit relay so i am looking for advice.
if that cant be done or what a good and chaep device would be

_bernd · December 31, 2024, 1:57pm

Why can't you/ want you use different devices?
Just configure all vlan and if needed separate route tables and namespaces on a single device...

beatt · December 31, 2024, 2:58pm

@_bernd Sure single device is the go but how do i set up which vlans?

_bernd · December 31, 2024, 4:28pm

I don't understand the question. You need to answer yourself in the first place want you need and want.... Like one vlan for wan, lan, server, iot, guest, jump host, etc pp
Configure the switch on the router for each vlan, configure addresses on each interface, set the ports either to untagged or tagged, configure dhcp, and configure the firewall rules....

beatt · January 1, 2025, 3:37am

I may not have asked the question in a great way but your answer Is spot on anyway
So off i go and set up a separate subnet / firewall zone for the DMZ relates stuff and the AP and DMZ related traffic wont cross path.

Thanks for that

system · January 11, 2025, 3:37am

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.