Homelab Network Setup: VLANs, Firewall, VPN Guide 2026
Secure your homelab properly. Network segmentation, firewall rules, and VPN for safe self-hosting.
A secure network is essential for self-hosting. One breach shouldn't give attackers access to everything.
Recommended VLAN Setup
10
Management
Router, switches, APs
20
Trusted
Personal devices, laptops
30
Servers
Homelab, NAS, services
40
IoT
Smart home, cameras
50
Guest
Visitors, isolated
Firewall Rules (iptables example)
# Block IoT from accessing trusted network
iptables -A FORWARD -i vlan40 -o vlan20 -j DROP
# Allow only specific services from outside
iptables -A INPUT -p tcp --dport 443 -j ACCEPT
iptables -A INPUT -p udp --dport 51820 -j ACCEPT
# Default drop
iptables -P FORWARD DROPWireGuard VPN
- Use WireGuard for remote access
- Never expose services directly to internet
- Use Cloudflare Tunnel as alternative
DNS & Ad Blocking
- Pi-hole or AdGuard Home network-wide ad blocking
- Use DNS over HTTPS (DoH) for privacy
- Block known malware domains
Article updated February 26, 2026