(Bedrijfsnetwerk / Internet)
│
[eth0]
│
┌─────┴─────┐
│ Bridge br0 │ ← PC direct in bedrijfsnetwerk
└─────┬─────┘
[eth1]
│
PC (beheer)
───────────────────────────────
[eth2]
│
Pi4 (IoT)
↳ Internet (NAT) via hoofdrouter
───────────────────────────────
[switch0] (eth3 + eth4)
│ │
Pi3 (IoT) Logo PLC
↳ **Enkel lokaal verkeer (eth1 tot eth4)
Configuratie (EdgeOS CLI)(PuTTY)(webinterface CLI)(ssh poort 22)
===================Interfaces====
configure
# Bridge voor bedrijfsnetwerk + PC
delete interfaces ethernet eth0 address
delete interfaces ethernet eth1 address
set interfaces bridge br0 description 'Bridge WAN + PC'
set interfaces bridge br0 mtu 1500
set interfaces bridge br0 address dhcp
set interfaces bridge br0 member interface eth0
set interfaces bridge br0 member interface eth1
# IoT-netwerk met internet (Pi4)
set interfaces ethernet eth2 description 'IoT-NET (Pi4)'
set interfaces ethernet eth2 address 192.168.20.1/24
# Interne switch (Pi3 + Logo) – geen internet
set interfaces switch switch0 description 'IoT-INT (Pi3 + Logo)'
set interfaces switch switch0 mtu 1500
set interfaces switch switch0 address 192.168.30.1/24
set interfaces switch switch0 switch-port interface eth3
set interfaces switch switch0 switch-port interface eth4
# PoE uitschakelen
set interfaces ethernet eth4 poe output off
===================DHCP-configuratie===
# IoT met internet (Pi4)
set service dhcp-server shared-network-name IOT-NET subnet 192.168.20.0/24 default-router 192.168.20.1
set service dhcp-server shared-network-name IOT-NET subnet 192.168.20.0/24 dns-server 192.168.20.1
set service dhcp-server shared-network-name IOT-NET subnet 192.168.20.0/24 lease 86400
set service dhcp-server shared-network-name IOT-NET subnet 192.168.20.0/24 range 0 start 192.168.20.100
set service dhcp-server shared-network-name IOT-NET subnet 192.168.20.0/24 range 0 stop 192.168.20.200
# Intern subnet (Pi3 + Logo)
set service dhcp-server shared-network-name IOT-INT subnet 192.168.30.0/24 default-router 192.168.30.1
set service dhcp-server shared-network-name IOT-INT subnet 192.168.30.0/24 dns-server 192.168.30.1
set service dhcp-server shared-network-name IOT-INT subnet 192.168.30.0/24 lease 86400
set service dhcp-server shared-network-name IOT-INT subnet 192.168.30.0/24 range 0 start 192.168.30.100
set service dhcp-server shared-network-name IOT-INT subnet 192.168.30.0/24 range 0 stop 192.168.30.200
===================DNS Forwarding===
set service dns forwarding system
set service dns forwarding listen-on eth2
set service dns forwarding listen-on switch0
===================Firewallconfiguratie===
# Basisregels
set firewall name WAN_IN default-action drop
set firewall name WAN_IN rule 10 action accept
set firewall name WAN_IN rule 10 state established enable
set firewall name WAN_IN rule 10 state related enable
set firewall name WAN_LOCAL default-action drop
set firewall name WAN_LOCAL rule 10 action accept
set firewall name WAN_LOCAL rule 10 state established enable
set firewall name WAN_LOCAL rule 10 state related enable
# Firewall voor intern subnet (Pi3 + Logo)
set firewall name IOTINT_OUT default-action drop
set firewall name IOTINT_OUT description 'Pi3 + Logo: alleen intern verkeer, geen internet'
# Toestaan intern verkeer binnen IoT-netwerken
set firewall name IOTINT_OUT rule 10 action accept
set firewall name IOTINT_OUT rule 10 destination address 192.168.20.0/24
set firewall name IOTINT_OUT rule 20 action accept
set firewall name IOTINT_OUT rule 20 destination address 192.168.30.0/24
# (Geen HTTP, HTTPS of NTP toegestaan — volledig geblokkeerd voor extern verkeer)
# Firewall koppelen aan interne interface
set interfaces switch switch0 firewall out name IOTINT_OUT
===================Systeem en beveiliging===
# Routerbeheer
set service ssh port 22
set service gui https-port 443
set service gui http disable
set service gui listen-address 0.0.0.0
# Inlog (voorbeeld)
set system login user admin authentication plaintext-password 'VervangDitWachtwoord!'
# Systeeminstellingen
set system host-name 'EdgeRouterX-IoT'
set system time-zone 'Europe/Brussels'
set system name-server 1.1.1.1
set system name-server 8.8.8.8
commit
save
exit
┌─────────────────────────────┐
│ Corporate Network / ISP │
└──────────────┬──────────────┘
│
│
[eth0] ──┘
PoE IN / WAN
Bridge (br0)
│
│ (Bridge br0)
[eth1] ──┘
PC (Management)
- Direct access to corporate LAN
- Can manage all IoT devices
─────────────────────────────────────────────────────────────────
│
Internal Routing (no NAT)
─────────────────────────────────────────────────────────────────
│
[eth2] ──┬────────────────────────────┐
Raspberry Pi 4 │
Subnet: 192.168.20.0/24 │
- IoT with Internet via main router │
- Can communicate with local IoT network │
│ │
│ │
┌─────────────┴──────────────┐
│ switch0 (internal bridge) │
│ Subnet: 192.168.30.0/24 │
│ (Local-only, no Internet) │
└─────────────┬──────────────┘
│
┌────────────────────────┴────────────────────────┐
│ │
[eth3] [eth4]
Raspberry Pi 3 Logo PLC (PoE off)
- Local communication only - Local communication only
- No Internet access - No Internet access
┌────────────────────┐
│ Raspberry Pi 4 │
│ 192.168.20.10 │
└────────┬───────────┘
│ 1. Send to 8.8.8.8
▼
┌────────────────────┐
│ EdgeRouter X │
│ eth2=192.168.20.1 │
│ eth0=DHCP from firm │
└────────┬───────────┘
│ 2. Routed (no NAT)
▼
┌────────────────────┐
│ Firm Switch │
└────────┬───────────┘
│
▼
┌────────────────────┐
│ Firm Main Router │
│ NAT → Public IP │
└────────┬───────────┘
│
▼
[ INTERNET ]
│
▼