I have a fedora server spun up. I created a homeassistant user. I have the IoT devices I don’t trust isolated from the rest of the network by throwing them on a separate VLAN that doesn’t get internet access. The server can reach the normal network and that VLAN if it throws tagged traffic out that port.
I can stumble through and get a systemd .container file set up but I am hopeless with rootless networking. I am positive this type of setup is possible but I can’t wrap my head around what exactly needs done.
I know there are easier ways to do this, but I’ve been meaning to learn more with containers and fedora and, dare I say it, SElinux. Any help is appreciated.
Segmented networks are not officially supported within HA.
HA is designed and expects a flat subnet to work as intended.
Just learn about firewall rules and subnet masks and use them instead of VLANS otherwise you will get nothing but pain.
This is because every segmented network is different for IP’s and number of segments and firewalls and sharing rules and about 650495849085 other things.
This does not mean you can’t use them or that they can’t be made to work, it means that to get them working you are the support structure on your own subnet(s). Consider it Advanced mode…
Oh so I put homeassistant on the primary LAN but create rules on the firewall/router that allow my server to reach outside its own network and into others. As far as homeassistant is concerned it’s all on one network, but some untrusted devices just need added manually from the other subnet and VLAN and rules created that let traffic flow form that specific server to those devices. I get it.
So what network mode do we want here then, bridge?
If you want to use VLANs, then you need to learn all the protocols used.
That means IPv4 and probably also IPv6.
IPv6 is needed for Matter and your IPv4 knowledge is not directly translatable.
You also need to learn all the protocols running on top of IPv4 and IPv6.
Especially the many discovery protocols, which are often non-routable with standard IP routing.
The discovery protocols come in both open and proprietary versions.
The open ones are among others mDNS, SSDP, uPNP and ZeroConfig.
The proprietary ones is harder to say, since it depends on what devices you have.
