User Tools

Site Tools


Table of Contents

Network Structure

We divide our network into 2 vLANs:

  • Managed (1) - Hosts where only the admins have root access
  • Unmanaged (2) - Hosts where any other user have root access.


In our managed vLAN, we have a few other subnets for things like k8s, but our main one is

For convenience when writing firewall rules, we further divide this into 3 prefixes:

Note that no matter the prefix, the subnet is still the same (/24).


We put these on a seperate vLAN to prevent IP/ARP spoofing attacks, and some other LAN attacks that are possible with root.

Any unmanaged host must use the unmanaged subnet, and must go through the router's port on that vLAN in order to access anything outside that vLAN. This is so we can monitor/firewall traffic.

hosts/network.txt · Last modified: 2023/08/24 14:52 by tcmal