I’m trying to set up an HA system. It seems that good security hygiene says that you should have your sensitive devices (PCs, tablets, etc.) on a different LAN/subnet from your Internet-of-Things devices, so they can’t spy on broadcast traffic. The simplest solution (which I have now) is to connect a second router to my primary one, and hang IoT devices off it. It looks like this:
Router 1 lan ports -> PC1, PC2, Router2’s WAN port (192.168.1.100, but internal address of 192.168.0.1)
Router2 lan ports -> HA device, Device2, Device3, etc. (w/ addresses of 192.168.0.x).
Right now, all devices can see the internet, but no devices off Router1 can see devices off Router 2 and vice verse.
This is very secure, but also inconvenient. Since the HA device can’t see my PCs (phones, tablet), it can’t send them notifications and they can’t control it directly. I can get around this through some cloud-services, but it also means that HA can’t get statuses from those devices. What I’d really like is either:
- Keep HA device on Router2, but somehow allow it to see everything on Router1 (but do no allow anything else on Router2 to see anything on Router1).
- Move Home Automation Manager to Router1, let it see everything on Router2, but only let devices on Router2 see the Home Automation Manager, not anything else on Router1.
Do you know of anyway to do this? I wasn’t sure how to set up port-forwarding, NAT, etc., so this happens?
(Another option is to have all PCs off Router2 and all IoT things off Router1, if this makes it easier. But I still wasn’t sure how to make it work).
Any ideas? I’ve searched the net for this, but there are so many permutations, and very few have the needs of an HA system.