Hi guys, I have a fresh install of FreePBX but as I am no expert in network security/FreePBX I ask you for some advice.
I have a 100mb/s internet connected to my DD-WRT home router.
In this router I have 4 LAN ports. Each one is set as a VLAN. All VLANs can access, send and receive data from internet connection but cannot talk to each other (I have VLAN10, VLAN20, VLAN30 and VLAN40).
On port 1 of the router (VLAN10) I connected a 5-port switch and from there I connected my FreePBX server (Port1), my 2 linksys SPA3102 (Port 2 and 3). The port 5 is connected to my DD-WRT router. Port 4 is FREE.
I want to be very secure on this config as I will connect my SPA3102 to my landline phone so any security gaps in here can cost me thousands of dolars.
I also have another computer that I use on a daily basis to surf the net, read emails and work with some excel sheets.
I don’t have the need to connect any device from remote locations on my FreePBX server and I don’t need to be able to access it from the internet as all configuration will be done locally using this computer I just mentioned.
My question is: is it a better option to connect this computer on the same VLAN10 as the FreePBX server and SPAs so I don’t need to access the FreePBX server via SSH or remote or is it better to connect this computer to the other VLAN20?
In this case (computer, FreePBX and SPAs in the same VLAN10) what IP TABLES command should I use on my DDWRT router/firewall and FreePBX server to close all ports from outside the VLAN but allow internet access?
Is it a security gap to have this computer in the same VLAN or is it better to have it on a separated VLAN and allow remote configuration on FreePBX server?
kind regards