this post was submitted on 26 Jun 2023
5 points (100.0% liked)

homeassistant

12084 readers
4 users here now

Home Assistant is open source home automation that puts local control and privacy first. Powered by a worldwide community of tinkerers and DIY enthusiasts. Perfect to run on a Raspberry Pi or a local server. Available for free at home-assistant.io

founded 1 year ago
MODERATORS
[email protected]
5
Connecting home assistant to an offline network (self.homeassistant)
submitted 1 year ago by Crow to c/homeassistant
8 comments fedilink hide all child comments
 

I have a router set up just for my wifi cameras. The router is not plugged into the internet, but it is directly connected to one of two Ethernet ports on my ×86 home assistant server. The other Ethernet port for Home Assistant is connected to the internet. Is there any chance a device connected that router could somehow access the internet from homeassistant?

top 8 comments
sorted by: hot top controversial new old
[–] thehatfox 5 points 1 year ago (1 children)

No, your sever will not by default route network traffic between the two separate networks. That would only happen if you intentionally installed and configured extra software to do that.

You might want to look into getting a more advanced home router that would allow you use VLANs to isolate your network cameras rather than running a separate hardware router. This is a common way to isolate Wifi smart home devices, and allows you easily create separate VLANs with different levels of network access.

[–] Crow 2 points 1 year ago (1 children)

I have AdGuard Home connected to the isolated network (running on home assistant) so I can use the DHCP server and UI. Any chance AdGuard could be that sort of extra software you are talking about?

[–] thehatfox 2 points 1 year ago (1 children)

I’m not overly familiar with Adguard, but I would say no. Adguard provides an ad blocking DNS sever and DHCP server, but neither of those handle routing.

[–] Crow 2 points 1 year ago

Thanks for the response. That’s a big relief.

[–] [email protected] 4 points 1 year ago

Unless you actually make the homeassistant server into a bridge it wouldn't on the network layer. Ideally you would prevent any inbound connections from the offline network (so it cant use any open ports there to try and pivot). But yeah really unlikely.

[–] BoomBoomLemon 2 points 1 year ago

You are bridging two networks. One that is internet isolated to one that isn’t. The danger is that some bug, exploit or even simple firewall misconfiguration allows a bad actor to gain access, exploit and do what they want.

It’s all about the level of risk you are willing to assume.

[–] Diogenes59 2 points 1 year ago (1 children)

It is TECHNICALLY possible, but not worth actually thinking about.

[–] Crow 1 points 1 year ago

Thanks for the quick response.