I have a router set up just for my wifi cameras. The router is not plugged into the internet, but it is directly connected to one of two Ethernet ports on my ×86 home assistant server. The other Ethernet port for Home Assistant is connected to the internet. Is there any chance a device connected that router could somehow access the internet from homeassistant?
It is TECHNICALLY possible, but not worth actually thinking about.
You are bridging two networks. One that is internet isolated to one that isn’t. The danger is that some bug, exploit or even simple firewall misconfiguration allows a bad actor to gain access, exploit and do what they want.
It’s all about the level of risk you are willing to assume.
Unless you actually make the homeassistant server into a bridge it wouldn’t on the network layer. Ideally you would prevent any inbound connections from the offline network (so it cant use any open ports there to try and pivot). But yeah really unlikely.
No, your sever will not by default route network traffic between the two separate networks. That would only happen if you intentionally installed and configured extra software to do that.
You might want to look into getting a more advanced home router that would allow you use VLANs to isolate your network cameras rather than running a separate hardware router. This is a common way to isolate Wifi smart home devices, and allows you easily create separate VLANs with different levels of network access.
I have AdGuard Home connected to the isolated network (running on home assistant) so I can use the DHCP server and UI. Any chance AdGuard could be that sort of extra software you are talking about?
I’m not overly familiar with Adguard, but I would say no. Adguard provides an ad blocking DNS sever and DHCP server, but neither of those handle routing.
Thanks for the response. That’s a big relief.