If not using Vlans would it not be more secure to use dual NIc, this is what chatgpt says :
Your cams are limited by the 10/100 connections and everything above 16mbit stream will eat so much space on your harddrives. the benefit will be only little when comparing the image.
1G uplink
1000/16 = around 62 cameras
so do your own math and think what vms you need. if you dont have any vm plans just install it baremetal.
Using a dual NIC setup on your Proxmox host can be an effective way to isolate your insecure cameras from the rest of your network, especially if you don’t have VLAN capability. Here's how you can set this up and the benefits it offers:
### Benefits of Dual NIC Setup
1.
Network Isolation: One NIC can be dedicated to the cameras and the other to the main network, providing physical isolation.
2.
Traffic Segregation: It ensures that camera traffic does not mix with your main network traffic, reducing the risk of potential security breaches.
3.
Performance Improvement: Separating traffic can improve overall network performance and reduce congestion.
### Steps to Configure Dual NIC on Proxmox
#### 1. Hardware Setup
-
Install Second NIC: Ensure your Proxmox host has a second NIC installed and recognized by the system.
#### 2. Proxmox Network Configuration
1.
Identify NICs: Identify the network interfaces. Typically, they might be named
eth0
,
eth1
, etc.
- Use
ip a
or
ifconfig
to list network interfaces.
2.
Configure Network Interfaces:
- Edit the network configuration file:
/etc/network/interfaces
.
Code:
plaintext
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet static
address 192.168.1.2
netmask 255.255.255.0
gateway 192.168.1.1
auto eth1
iface eth1 inet static
address 192.168.2.2
netmask 255.255.255.0
-
eth0
connects to your main network.
-
eth1
connects to your camera network.
3.
Create Bridge for Camera Network:
- Create a new Linux bridge for the camera network.
Code:
plaintext
auto vmbr1
iface vmbr1 inet static
address 192.168.2.3
netmask 255.255.255.0
bridge_ports eth1
bridge_stp off
bridge_fd 0
-
vmbr1
will bridge
eth1
for use with your VMs/containers.
#### 3. Configure
Blue Iris VM
1.
Assign NICs:
- Assign the
vmbr1
interface to the Blue Iris VM in Proxmox.
Code:
plaintext
hardware
network device
add
2.
Network Configuration within VM:
- Configure the VM’s network interface to use the
vmbr1
bridge.
Code:
plaintext
auto eth0
iface eth0 inet static
address 192.168.2.4
netmask 255.255.255.0
gateway 192.168.2.2
3.
Blue Iris Configuration:
- Configure Blue Iris to use the IP addresses of your cameras in the 192.168.2.x subnet.
### Firewall Rules and Security
- Restrict Access: Set up firewall rules to ensure only necessary communication between the Blue Iris server and the camera network.
- Block Unwanted Traffic: Block any outbound traffic from the camera network to the internet unless explicitly required.
#### Example Firewall Rules on Proxmox Host
-
Install and Configure iptables
:
Code:
sh
# Allow traffic from camera network to Blue Iris VM
iptables -A FORWARD -i eth1 -o vmbr1 -s 192.168.2.0/24 -d 192.168.2.4 -j ACCEPT
# Block all other traffic from camera network to main network
iptables -A FORWARD -i eth1 -o eth0 -j DROP
### Conclusion
Using a dual NIC setup on your Proxmox host allows you to effectively isolate your camera network from your main network, improving security and performance. This setup provides a practical alternative to VLANs by physically segregating network traffic and implementing firewall rules to control communication between networks.