My home network consists of an OpenWRT router with two VLANs:

  • VLAN 01 (192.168.1.1/24): Desktops, unRaid NAS, Radarr, Sonarr, Tautulli, etc
  • VLAN 02 (192.168.2.1/24): Plex and Overseerr

My use case is Plex/Overseer are exposed to the Internet so I want to isolate them as much as possible from VLAN 01.

Overseerr needs to talk to Radarr/Sonarr and Tautulli needs to talk to Plex. On the OpenWRT firewall rules I have only allowed access from the Overseerr IP to the Radarr/Sonarr IP over the Radarr and Sonarr ports. All other traffic from VLAN 02 to VLAN 01 is set to “drop”.

Anything sensitive is on VLAN 01, so I am allowing all traffic from VLAN 01 to VLAN 02. Is this generally considered “OK” or should I lock down traffic from VLAN 01 to VLAN 02 to just the IPs and ports needed for Tautulli communication to Plex?

Thanks