Separate NICs vs NIC with two IP addresses

Optimus Prime

Getting the hang of it
Joined
Sep 29, 2014
Messages
280
Reaction score
30
Hiya. I've managed to get OpenVPN setup and are ready to take of some more housekeeping. I noticed in the Wiki it said there should be two separate NICs. I currently have one NIC, but it has 2 IP addresses - the local network, and machines on the same network with a different IP scheme for the cameras. E.g., the internet connected network is xxx.xxx.3.xxx and the non internet connected network are xxx.xxx.4.xxx. All devices are talking on the same unmanaged switch.

Is this sufficient? Or do I need to completely physically separate?
 
Joined
Apr 26, 2016
Messages
1,090
Reaction score
852
Location
Colorado
The objective is to prevent the cameras from having any access to reach out to the internet. Without know more, it feels like you may not have that separation as an unmanaged switch would probably just push the traffic thru to your router.

What device(s) are between the unmanaged switch and your internet connection from your ISP ?
 

Optimus Prime

Getting the hang of it
Joined
Sep 29, 2014
Messages
280
Reaction score
30
Just my router. I’ve programmed the cameras with a gateway address that doesn’t exist, and the router’s address is not the same scheme as the cameras. Address-wise, the only shared configuration is the multiple IPs assigned to the Blue Iris computer. I cannot reach the cameras otherwise.
 

SouthernYankee

IPCT Contributor
Joined
Feb 15, 2018
Messages
5,170
Reaction score
5,320
Location
Houston Tx
Does the NIC have two RJ45 connectors. If not, then use two network cards. You want two physical networks. There is no traffic that flows from one network to the other network, physical separation.

IP addresses and routing can be spoofed.
 

bp2008

Staff member
Joined
Mar 10, 2014
Messages
12,666
Reaction score
14,006
Location
USA
The main concern is that a device could not follow the IP addressing rules you specified, and get to the internet or other LAN devices that way. It is unlikely, but possible, and therefore the main reason for separate physical networks.

I don't let that concern me at home ;)
 
Top