Hi!
I had an idea tonight. Let's just say I'm not a networking expert by any stretch of the imagination, so even though I've set up some fairly advanced configurations, I do at times struggle with the basic concepts.
Anyway, say I have a LAN subnet, 192.168.90.0/24 for example. But it's getting a bit congested, not because there are 250+ hosts on the subnet, but for structuring reasons. So I played around with an online IP calculator and figured why not make it a /23 network instead, then I would have twice the space. Let's then say I configure the DHCP server to hand out new addresses from 192.168.91.1 - 192.168.91.250 for example so if I connect a new device or spin up a new VM, it would get an address in this space, while the trusted devices would have reservations in the 192.168.90.10 - 192.168.90.200 space for example. Would I then, in the firewall, be able to use a 192.168.90.0/24 rule to make the first half of the /23 network have access to more stuff (like for example other subnets or VPN tunnels) and use a 192.168.91.0/24 rule to have the new/temporary/not-as-trusted devices on the second half of the /23 network have less access? Or would this be unorthodox/inappropriate/have security implications or maybe not even work or would this be a rather common configuration?
(I am aware that host 192.168.90.50 would always have access to 192.168.91.149 for example, since they would be on the same subnet, that's not what I'm asking here.)
All the best!
I had an idea tonight. Let's just say I'm not a networking expert by any stretch of the imagination, so even though I've set up some fairly advanced configurations, I do at times struggle with the basic concepts.
Anyway, say I have a LAN subnet, 192.168.90.0/24 for example. But it's getting a bit congested, not because there are 250+ hosts on the subnet, but for structuring reasons. So I played around with an online IP calculator and figured why not make it a /23 network instead, then I would have twice the space. Let's then say I configure the DHCP server to hand out new addresses from 192.168.91.1 - 192.168.91.250 for example so if I connect a new device or spin up a new VM, it would get an address in this space, while the trusted devices would have reservations in the 192.168.90.10 - 192.168.90.200 space for example. Would I then, in the firewall, be able to use a 192.168.90.0/24 rule to make the first half of the /23 network have access to more stuff (like for example other subnets or VPN tunnels) and use a 192.168.91.0/24 rule to have the new/temporary/not-as-trusted devices on the second half of the /23 network have less access? Or would this be unorthodox/inappropriate/have security implications or maybe not even work or would this be a rather common configuration?
(I am aware that host 192.168.90.50 would always have access to 192.168.91.149 for example, since they would be on the same subnet, that's not what I'm asking here.)
All the best!
Statistics: Posted by acrophobic — Wed Feb 26, 2025 1:19 am