I don't know where put Unraid server

Neba · May 6, 2024, 10:59am

I have a network organized around pfSens with several VLANs. I also have a UniFi AP. I don’t know where and how to connect the Unraid server. Should it be in a separate VLAN or should it not be routed at all. I don’t know which port in the managed switch TPLink tl-sg108e and which settings to turn on (Tag or Untag). Should it be in the same subnet as the AP and switch. In which case I can VMs and containers put in individual vlans (i.e. put Jellyfin on the IoT network so the clients don’t have to traverse pfsense to reach it).

So, do I create a separate Vlan just for Unraid? and only Unraid is attached to that Vlan, or maybe AP as well. Do I set a fixed IP address on Unraid Web Gui or do I fix the IP address through pfSense via the MAC address.

My idea is as follows.

Home Vlan (my PC) IP: xx.x.10.x
IoT Vlan (smart house…) xx.x.20.x
Media Vlan (Nvidia Shield, Rpi, android box,…) IP: xx.x.30.x
Kids Vlan IP: xx.x.40.x
Guest Vlan IP: xx.x.50.x
I haven’t thought about VPN Vlan yet, but I will consider it.

I can’t figure out what IP address to put on the Unraid, an UniFi AP, on the Switch without having communication problems.

If you can write me an example, like
Unraid server IP xxx xxx xxx xxx
UniFi AP IP xxx xxx xxx xxx
Switch IP xxx xxx xxx xxx xxx
pfSense LAN port xxx xxx xxx xxx

I know that I have to create a Vlans and different SSIDs on the AP as well.

Only that beginning is not clear to me regarding the assignment of those IP addresses.

I hope you understand me

LTS_Tom · May 6, 2024, 11:02am

I don’t use unraid but assuming it’s possible to put multiple network cards in the system that would be a way to have the apps on one network but the storage on the other.

liquidjoe · May 6, 2024, 12:28pm

If it is just jellyfin don’t worry about routing that. You can route that all day long.

Neba · May 6, 2024, 12:38pm

I am wondering if Unraid or ProxMox or NAS should be routed through psSense or not. Whether to put it on Untagged (Pvid) or Tagged (Trunk) connection.

I have a lot of containers, but I mentioned that one as an example

Thx

liquidjoe · May 6, 2024, 1:08pm

OK, so we are talking about the admin screen. Do you care if anything on the subnet can reach your unraid login? If you like to play the game of zero trust, you need to assume some level of compromise on that subnet.

I generally like to route anything that has a logon screen that I want to protect and/or log. I’m not a data baller that needs special routing for NAS.

Neba · May 6, 2024, 1:39pm

I read somewhere that Servers are not routed, so that’s why I’m asking. So I put the Unraid server and the UniFi AP on a separate VLAN

liquidjoe · May 6, 2024, 2:20pm

Everything is routed. That is how the internet works.

You can isolate the two services if you want. Ask/answer the “why” question before “how”.