Hacker News new | past | comments | ask | show | jobs | submit login

> I want to have multiple publicly addressable subnets in my home LAN

...is something nobody in the history of home LANs has ever said.




Because they don't know the words. It's not uncommon for people to want to do things that would be best done with a separate subnet though.

For example, VPNing in from your phone or making a separate isolated network for untrusted IoT devices.


being publicly addressable != being publicly accessible

I work in network security. I know what words I'm using.


You want your network of untrusted IoT devices to be publicly accessible??

(Probably not.)


Indeed not. That's not what I said.

I don't even want them talking out to the internet by default, which is why I have a separate subnet with a different set of firewall rules that only allows whitelisted outbound connections.


NAT is a "constrained resource" solution that cosplays as a security solution. Firewalls and ACLs are meant for governing traffic, not NAT.


My home LAN setup has exactly that, and I even switched ISPs to get it.

My old ISP only have me a /64 which is completely useless if you want to create subnets. The new one gave me a static /48.




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: