{"id":568,"date":"2026-04-06T00:40:24","date_gmt":"2026-04-05T21:40:24","guid":{"rendered":"https:\/\/m4.ist\/index.php\/2026\/04\/06\/opnsense-ile-vlan-opnsense-ile\/"},"modified":"2026-04-06T00:40:24","modified_gmt":"2026-04-05T21:40:24","slug":"opnsense-ile-vlan-opnsense-ile","status":"publish","type":"post","link":"https:\/\/m4.ist\/index.php\/2026\/04\/06\/opnsense-ile-vlan-opnsense-ile\/","title":{"rendered":"OPNsense ile VLAN: 2026 Pratik Rehber"},"content":{"rendered":"<h1>OPNsense ile VLAN Segmentasyonu ve Homelab A\u011f G\u00fcvenli\u011fi Rehberi<\/h1>\n<div class=\"rankmath-manual-toc\" data-rankmath-toc=\"1\">\n<p><strong>Icindekiler<\/strong><\/p>\n<ul>\n<li><a href=\"#bolum-1\">OPNsense ile VLAN: \u0130\u00e7indekiler<\/a><\/li>\n<li><a href=\"#bolum-2\">Ev A\u011f\u0131n\u0131za Ba\u011f\u0131ms\u0131zl\u0131k Kazand\u0131r\u0131n<\/a><\/li>\n<li><a href=\"#bolum-3\">Neden \u00d6nemli: A\u011f G\u00fcvenli\u011finde Segmentasyon<\/a><\/li>\n<li><a href=\"#bolum-4\">Temel Kavramlar: VLAN ve Bridge Mant\u0131\u011f\u0131<\/a><\/li>\n<li><a href=\"#bolum-5\">Bridge vs. Router Modlar\u0131<\/a><\/li>\n<li><a href=\"#bolum-6\">Aray\u00fcz Yap\u0131s\u0131 ve VLAN Tan\u0131mlar\u0131<\/a><\/li>\n<li><a href=\"#bolum-7\">Uygulama: VLAN Yap\u0131s\u0131n\u0131 Kurma ve Donan\u0131m Uyar\u0131lar\u0131<\/a><\/li>\n<li><a href=\"#bolum-8\">Donan\u0131m Uyar\u0131lar\u0131: VLAN Destekli Kartlar ve Portlar<\/a><\/li>\n<li><a href=\"#bolum-9\">VLAN Yap\u0131land\u0131rma Senaryosu<\/a><\/li>\n<li><a href=\"#bolum-10\">Yayg\u0131n Hatalar: Operat\u00f6rlerin Dikkat Etmesi Gerekenler<\/a><\/li>\n<li><a href=\"#bolum-11\">En \u0130yi Uygulamalar: A\u011f\u0131n Zay\u0131f Noktalar\u0131n\u0131 Kapatma<\/a><\/li>\n<li><a href=\"#bolum-12\">OPNsense VLAN Kurulumu ve G\u00fcvenlik Do\u011frulama<\/a><\/li>\n<li><a href=\"#bolum-13\">Routing (Katman 3 \u0130leti\u015fimi)<\/a><\/li>\n<li><a href=\"#bolum-14\">Loglama ve Yedekleme<\/a><\/li>\n<li><a href=\"#bolum-15\">S\u0131k\u00e7a Sorulan Sorular<\/a><\/li>\n<\/ul>\n<\/div>\n<h2 id=\"bolum-1\">OPNsense ile VLAN: \u0130\u00e7indekiler<\/h2>\n<ol>\n<li><a href=\"#ev-ag\u0131n\u0131za-ba\u011f\u0131ms\u0131zl\u0131k-kazand\u0131r\u0131n\">Ev A\u011f\u0131n\u0131za Ba\u011f\u0131ms\u0131zl\u0131k Kazand\u0131r\u0131n<\/a><\/li>\n<li><a href=\"#neden-\u00f6nemli-a\u011f-g\u00fcvenli\u011finde-segmentasyon\">Neden \u00d6nemli: A\u011f G\u00fcvenli\u011finde Segmentasyon<\/a><\/li>\n<li><a href=\"#temel-kavramlar-vlan-ve-bridge-mant\u0131\u011f\u0131\">Temel Kavramlar: VLAN ve Bridge Mant\u0131\u011f\u0131<\/a><\/li>\n<li><a href=\"#uygulama-vlan-yap\u0131s\u0131n\u0131-kurma-ve-donan\u0131m-uyar\u0131lar\u0131\">Uygulama: VLAN Yap\u0131s\u0131n\u0131 Kurma ve Donan\u0131m Uyar\u0131lar\u0131<\/a><\/li>\n<li><a href=\"#yayg\u0131n-hatalar-operat\u00f6rlerin-dikkat-etmesi-gerekenler\">Yayg\u0131n Hatalar: Operat\u00f6rlerin Dikkat Etmesi Gerekenler<\/a><\/li>\n<li><a href=\"#en-iyi-uygulamalar-a\u011f\u0131n-zay\u0131f-noktalar\u0131n\u0131-kapatma\">En \u0130yi Uygulamalar: A\u011f\u0131n Zay\u0131f Noktalar\u0131n\u0131 Kapatma<\/a><\/li>\n<\/ol>\n<h2 id=\"bolum-2\">Ev A\u011f\u0131n\u0131za Ba\u011f\u0131ms\u0131zl\u0131k Kazand\u0131r\u0131n<\/h2>\n<p>Ev a\u011f\u0131n\u0131za OPNsense ile VLAN tabanl\u0131 bir yap\u0131 kurmak, telekom sa\u011flay\u0131c\u0131s\u0131n\u0131n (ISP) kulland\u0131\u011f\u0131 k\u00f6pr\u00fc (bridge) modu cihazlar\u0131na boyun e\u011fmekten kurtarman\u0131z\u0131 sa\u011flar. Bir homelab operat\u00f6r\u00fc olarak biliyoruz ki, her t\u00fcrl\u00fc k\u0131s\u0131tlaman\u0131n alt\u0131na girmek performans ve g\u00fcvenlik a\u00e7\u0131s\u0131ndan uzun vadede feda edilebilir bir pazar de\u011fildir. Bu rehberde, fiziksel donan\u0131m\u0131 sanal a\u011f yap\u0131lar\u0131na ba\u011flaman\u0131n pratik yollar\u0131n\u0131 inceleyece\u011fiz. Telekom kutunuzdan \u00e7\u0131k\u0131p kendi firewall&#8217;unuzun kontrol\u00fcndeki bir a\u011f kurmak, operasyonel kontrol\u00fcn\u00fcz\u00fc geri alman\u0131n en garantili yoludur. Vodafone gibi sa\u011flay\u0131c\u0131larla \u00e7al\u0131\u015f\u0131rken, t\u00fcnel moduna ge\u00e7i\u015f ve VLAN ID y\u00f6netimi s\u0131k\u00e7a kar\u015f\u0131la\u015f\u0131lan bir durumdur.<\/p>\n<p>Biz bu rehberde bu s\u00fcre\u00e7te atlanmaman\u0131z gereken ad\u0131mlara odaklan\u0131yoruz. Ayr\u0131ca, OPNsense&#8217;in sa\u011flad\u0131\u011f\u0131 grafik izleme (Graphs) ve paket yakalama (Packet Capture) \u00f6zellikleri, sadece bir router olarak de\u011fil, kapsaml\u0131 bir a\u011f y\u00f6netim sistemi olarak operasyonel verimlili\u011fi art\u0131r\u0131r. Bu ara\u00e7lar, a\u011f trafi\u011findeki anormal y\u00fcklemeleri veya gizli ba\u011flant\u0131lar\u0131 tespit etmenizi sa\u011flar, bu da ev a\u011f\u0131n\u0131zdaki gizli riskleri tespit etmenin en h\u0131zl\u0131 yoludur.<\/p>\n<p>Ek baglam icin <a href=\"\/opnsense-ile-vlan-segmentasyonu-ve-homelab-ag-guvenligi-rehberi-rehberi\">opnsense ile vlan segmentasyonu ve homelab ag guvenligi rehb<\/a> ve <a href=\"https:\/\/bitgrounds.tech\/posts\/homelab_groundwork_with_opnsense\/\" target=\"_blank\" rel=\"noopener\">homelab_groundwork_with_opnsense<\/a> baglantilarina bakabilirsiniz.<\/p>\n<h2 id=\"bolum-3\">Neden \u00d6nemli: A\u011f G\u00fcvenli\u011finde Segmentasyon<\/h2>\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" alt=\"Neden \u00d6nemli: A\u011f G\u00fcvenli\u011finde Segmentasyon\" loading=\"lazy\" src=\"https:\/\/m4.ist\/wp-content\/uploads\/2026\/04\/Qwen-Image_00177_.png\"\/><\/figure>\n<p>Tek bir b\u00fcy\u00fck a\u011f, ayn\u0131 zamanda tek bir b\u00fcy\u00fck hedeftir. <strong>OPNsense ile VLAN<\/strong> segmentasyonu yapman\u0131n en temel amac\u0131, riski b\u00f6lmektir. Segmentasyon (b\u00f6l\u00fcmlere ay\u0131rma) olmadan, bir sald\u0131r\u0131 tespit edilmezse sistemler genellikle ayn\u0131 anda etkilenir. Bu konsepti sadece g\u00fcvenlik a\u00e7\u0131s\u0131ndan de\u011fil, operasyonel bak\u0131m a\u00e7\u0131s\u0131ndan da ele almal\u0131s\u0131n\u0131z.<\/p>\n<p>Segmentasyon, a\u011f\u0131n\u0131z\u0131 g\u00fcvenlik a\u00e7\u0131s\u0131ndan kritik alanlardan ve y\u00fcksek risk alanlardan ay\u0131rt eder. \u00d6rne\u011fin; y\u00f6netim aray\u00fczleriniz, hassas verileriniz veya \u00e7al\u0131\u015fan sunucular\u0131n\u0131z ile test ortam\u0131n\u0131z\u0131, genel kullan\u0131c\u0131lar\u0131n ba\u011fland\u0131\u011f\u0131 a\u011fdan fiziksel ve mant\u0131ksal olarak ay\u0131rmak zorundas\u0131n\u0131z.<\/p>\n<ul>\n<li><strong>\u0130zolasyon:<\/strong> Bir VM&#8217;de yay\u0131lan bir enfeksiyonun veya k\u00f6t\u00fc niyetli bir yaz\u0131l\u0131m\u0131n ana a\u011fa s\u0131\u00e7ramas\u0131n\u0131 engeller.<\/li>\n<li><strong>G\u00fcvenlik Halkas\u0131:<\/strong> Sald\u0131r\u0131ya u\u011frayan bir segmentin, g\u00fcvenli di\u011fer segmentleri vurmas\u0131n\u0131 zorla\u015ft\u0131r\u0131r.<\/li>\n<li><strong>Operat\u00f6rlik:<\/strong> A\u011f trafi\u011finin kaynaklar\u0131n\u0131 ve sorunlar\u0131n\u0131 daha net takip etmenizi sa\u011flar. Bu, homelab ortam\u0131nda bile izlenebilirlik gereklili\u011fidir.<\/li>\n<\/ul>\n<p><strong>Ger\u00e7ek D\u00fcnya Senaryosu:<\/strong><br \/>\nBir IoT (Nesnelerin \u0130nterneti) cihaz\u0131 (\u00f6rne\u011fin ak\u0131ll\u0131 bir su saatinin zararl\u0131 yaz\u0131l\u0131mla enjekte edilmesi), sadece o VLAN&#8217;a ba\u011fl\u0131 di\u011fer IoT cihazlar\u0131na yay\u0131larak, ana sunucular\u0131n\u0131z\u0131 veya ki\u015fisel verilerinizi koruyan &#8220;G\u00fcvenli LAN&#8221; etraf\u0131nda kalmal\u0131d\u0131r.<\/p>\n<h2 id=\"bolum-4\">Temel Kavramlar: VLAN ve Bridge Mant\u0131\u011f\u0131<\/h2>\n<p>Sisteme ba\u015flamadan \u00f6nce mant\u0131ksal yap\u0131y\u0131 kavramak \u00f6nemlidir. <strong>OPNsense ile VLAN<\/strong>, 802.1Q standard\u0131na dayanan etiketleme teknolojisidir. Bu teknoloji, fiziksel bir kablo \u00fczerinden birden fazla mant\u0131ksal a\u011f\u0131n ta\u015f\u0131nmas\u0131n\u0131 sa\u011flar.<\/p>\n<h3 id=\"bolum-5\">Bridge vs. Router Modlar\u0131<\/h3>\n<p>OPNsense&#8217;de donan\u0131m\u0131 ay\u0131r\u0131rken kar\u015f\u0131la\u015faca\u011f\u0131n\u0131z temel kavramlar Bridge ve Router modlar\u0131d\u0131r. Bu modlar aras\u0131ndaki fark, a\u011f trafi\u011finin nas\u0131l i\u015flendi\u011finde yatar. Bir portun Bridge modunda olmas\u0131, onun sadece bir katman 2 (Layer 2) k\u00f6pr\u00fc g\u00f6revi g\u00f6rd\u00fc\u011f\u00fcn\u00fc, MAC adreslerini iletmesini ve IP adresi atamas\u0131 yapmamas\u0131n\u0131 ifade eder. Kar\u015f\u0131la\u015ft\u0131rmas\u0131 a\u015fa\u011f\u0131dad\u0131r:<\/p>\n<table>\n<thead>\n<tr>\n<th>OPNsense Modlar\u0131: Bridge vs. Router Kar\u015f\u0131la\u015ft\u0131rmas\u0131<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td><strong>Kar\u015f\u0131la\u015ft\u0131rma Kriteri<\/strong><\/td>\n<\/tr>\n<tr>\n<td><strong>\u0130\u015flevi<\/strong><\/td>\n<\/tr>\n<tr>\n<td><strong>G\u00fcvenlik<\/strong><\/td>\n<\/tr>\n<tr>\n<td><strong>Kullan\u0131m Alan\u0131<\/strong><\/td>\n<\/tr>\n<tr>\n<td><strong>Uygunluk<\/strong><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h3 id=\"bolum-6\">Aray\u00fcz Yap\u0131s\u0131 ve VLAN Tan\u0131mlar\u0131<\/h3>\n<p>OPNsense&#8217;de bir VLAN olu\u015ftururken, donan\u0131m portunun ayarlar\u0131na g\u00f6re i\u015flemin derinli\u011fi de\u011fi\u015fir. Genellikle fiziksel bir WAN portu, trafi\u011fi kar\u015f\u0131ya (ISP taraf\u0131na) g\u00f6nderirken, OPNsense aray\u00fcz\u00fcn\u00fc &#8220;Bridge&#8221; modunda \u00e7al\u0131\u015ft\u0131r\u0131r. Bu sayede ISP&#8217;in NAT katman\u0131na tak\u0131lmadan, kendi NAT katman\u0131n\u0131z\u0131 ve g\u00fcvenlik duvar\u0131n\u0131z\u0131 (OPNsense) \u00f6n planda kullan\u0131rs\u0131n\u0131z.<\/p>\n<h2 id=\"bolum-7\">Uygulama: VLAN Yap\u0131s\u0131n\u0131 Kurma ve Donan\u0131m Uyar\u0131lar\u0131<\/h2>\n<p>Kurulum a\u015famas\u0131nda donan\u0131m se\u00e7imi, ba\u015far\u0131n\u0131n yar\u0131s\u0131d\u0131r. \u00d6zellikle VLAN deste\u011fi sa\u011flayan kartlar ve port ay\u0131rmalar\u0131 konusunda dikkatli olmal\u0131s\u0131n\u0131z. Kurulumun temeli, VLAN ID&#8217;lerinizi do\u011fru bir haritaya d\u00f6kmektir.<\/p>\n<h3 id=\"bolum-8\">Donan\u0131m Uyar\u0131lar\u0131: VLAN Destekli Kartlar ve Portlar<\/h3>\n<p>Fiziksel kart se\u00e7imi yaparken marka\/model bilgisini g\u00f6z ard\u0131 etmeyin. \u00d6zellikle evdeki eski veya ucuz kartlar VLAN deste\u011finde k\u0131s\u0131tlamalara sahiptir. Genellikle Intel tabanl\u0131 a\u011f kartlar\u0131, Realtek kartlara k\u0131yasla \u00e7ok daha kararl\u0131d\u0131r. A\u015fa\u011f\u0131daki tablo, se\u00e7im yaparken dikkat etmeniz gerekenleri \u00f6zetler:<\/p>\n<table>\n<thead>\n<tr>\n<th>Donan\u0131m Uyar\u0131lar\u0131: VLAN Destekli Kartlar ve Portlar<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td><strong>Donan\u0131m Se\u00e7imi<\/strong><\/td>\n<\/tr>\n<tr>\n<td><strong>VLAN Destekleme<\/strong><\/td>\n<\/tr>\n<tr>\n<td><strong>Port Say\u0131s\u0131<\/strong><\/td>\n<\/tr>\n<tr>\n<td><strong>Kararl\u0131l\u0131k<\/strong><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h3 id=\"bolum-9\">VLAN Yap\u0131land\u0131rma Senaryosu<\/h3>\n<p>Bir homelab operat\u00f6r\u00fc olarak, standart bir ev planlamas\u0131 yapmak yerine &#8220;g\u00fcvenlik odakl\u0131&#8221; bir plan kurmal\u0131s\u0131n\u0131z. \u00d6rnek bir VLAN haritas\u0131 \u015f\u00f6yledir:<\/p>\n<table>\n<thead>\n<tr>\n<th>VLAN ID<\/th>\n<th>Ad\u0131<\/th>\n<th>Kullan\u0131m Amac\u0131<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td><strong>10<\/strong><\/td>\n<td><strong>Management<\/strong><\/td>\n<td>OPNsense, DSL Cihaz\u0131 ve Sistemler. Y\u00f6netim trafi\u011fi her zaman g\u00fcvenli olmal\u0131d\u0131r.<\/td>\n<\/tr>\n<tr>\n<td><strong>20<\/strong><\/td>\n<td><strong>IoT<\/strong><\/td>\n<td>Ak\u0131ll\u0131 TV, Termostat, Lambalar. G\u00fcvenlik a\u00e7\u0131s\u0131ndan en zay\u0131f zincir.<\/td>\n<\/tr>\n<tr>\n<td><strong>30<\/strong><\/td>\n<td><strong>Lab\/Workstation<\/strong><\/td>\n<td>\u00c7al\u0131\u015fma bilgisayarlar\u0131, Test Sunucular\u0131. Y\u00fcksek riskli ama y\u00f6netilen cihazlar.<\/td>\n<\/tr>\n<tr>\n<td><strong>40<\/strong><\/td>\n<td><strong>Guest<\/strong><\/td>\n<td>Misafirler i\u00e7in internet eri\u015fimi. Ana a\u011fa eri\u015fimi engellenmelidir.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>OPNsense aray\u00fcz\u00fcnde bu yap\u0131y\u0131 kurmak i\u00e7in \u015fu ad\u0131mlar at\u0131l\u0131r: Interfaces &gt; Assignments k\u0131sm\u0131ndan yeni bir VLAN Interface eklenir. \u00d6rne\u011fin, VLAN 10&#8217;u WAN portuna taglanm\u0131\u015f trafi\u011finden ay\u0131rmak i\u00e7in bir VLAN interface olu\u015fturulur ve bir IP adresi atan\u0131r. Buradaki kritik nokta, VLAN interface olu\u015ftururken &#8220;Physical interface&#8221; se\u00e7iminin do\u011fru yap\u0131lmas\u0131d\u0131r.<\/p>\n<h2 id=\"bolum-10\">Yayg\u0131n Hatalar: Operat\u00f6rlerin Dikkat Etmesi Gerekenler<\/h2>\n<p>Bir\u00e7ok homelab tutkunu, kurulum sonras\u0131 a\u011fda donma ya\u015far. Bu durum genellikle yap\u0131sal yanl\u0131\u015fl\u0131klardan kaynaklan\u0131r. Bir operat\u00f6r olarak, hatan\u0131n kayna\u011f\u0131n\u0131 bulmak i\u00e7in \u00f6nce donan\u0131ma, sonra yaz\u0131l\u0131ma bakmal\u0131s\u0131n\u0131z.<\/p>\n<ul>\n<li><strong>WAN Aray\u00fcz\u00fc Y\u00f6nlendirici Olmal\u0131:<\/strong> ISP cihaz\u0131n\u0131 &#8220;Bridge&#8221; moduna al\u0131p, kendi OPNsense kurulumunda WAN aray\u00fcz\u00fcn\u00fc de &#8220;Bridge&#8221; yaparsan\u0131z, NAT kurallar\u0131 devreye girmeyece\u011fi i\u00e7in internete \u00e7\u0131k\u0131\u015f yap\u0131lamaz. WAN aray\u00fcz\u00fcn\u00fc mutlaka &#8220;Router&#8221; modunda b\u0131rak\u0131n.<\/li>\n<li><strong>Portlara VLAN Tag Eklenmemesi:<\/strong> Fiziksel porttan gelen trafi\u011fi OPNsense&#8217;deki VLAN aray\u00fcz\u00fcne ba\u011flarken, VLAN etiketinin (tag) atlanmas\u0131, cihazlar\u0131n birbirini g\u00f6rmemesine neden olur.<\/li>\n<li><strong>Statik Rota Eksikli\u011fi:<\/strong> E\u011fer WAN taraf\u0131nda \u00f6zel bir alt a\u011f kullan\u0131yorsan\u0131z veya ISP&#8217;niz VLAN ID&#8217;leri gerektiriyorsa, OPNsense&#8217;de gerekli statik rotalar\u0131n kurulmamas\u0131 a\u011f\u0131n do\u011frusal \u00e7al\u0131\u015fmas\u0131n\u0131 bozar.<\/li>\n<li><strong>Tagged vs Untagged Hatas\u0131:<\/strong> Bu en kritik hatad\u0131r. Bir cihaz\u0131n sadece LAN taraf\u0131nda VLAN&#8217;e ba\u011fl\u0131 oldu\u011fu i\u00e7in (Untagged), o cihaz\u0131n a\u011fda g\u00f6r\u00fcnmesi i\u00e7in ayn\u0131 VLAN&#8217;i do\u011frudan LAN aray\u00fcz\u00fcne de Tag (etiket) olarak atamal\u0131s\u0131n\u0131z. Aksi takdirde cihaz\u0131n MAC adresi y\u00f6nlendirme tablosuna d\u00fc\u015fmez ve eri\u015filemez kal\u0131r.<\/li>\n<\/ul>\n<p>Sorun ya\u015fad\u0131\u011f\u0131n\u0131zda ilk yapman\u0131z gereken i\u015flem &#8220;Rollback&#8221; (geri alma) stratejisidir. Her ciddi kurulumdan \u00f6nce, OPNsense y\u00f6netim panelinden yap\u0131land\u0131rman\u0131n yede\u011fini al\u0131n. B\u00f6ylece bir hata an\u0131nda sistemi bir dakikada s\u0131f\u0131rlayabilirsiniz. Ayr\u0131ca, donan\u0131m kart\u0131n\u0131n BIOS veya \u0130\u015fletim Sistemi ayarlar\u0131nda (Debian\/FreeBSD config) VLAN deste\u011finin a\u00e7\u0131k olup olmad\u0131\u011f\u0131n\u0131 kontrol etmeyi unutmay\u0131n. Baz\u0131 anakartlarda &#8220;Virtualization&#8221; ayarlar\u0131 kapat\u0131ksa a\u011f kartlar\u0131 tam desteklenemez.<\/p>\n<h2 id=\"bolum-11\">En \u0130yi Uygulamalar: A\u011f\u0131n Zay\u0131f Noktalar\u0131n\u0131 Kapatma<\/h2>\n<p>A\u011f g\u00fcvenli\u011finiz, ne kadar \u00e7ok katman kapat\u0131rsan\u0131z o kadar iyi. En az ayr\u0131cal\u0131k (Least Privilege) prensibi burada devreye girer.<\/p>\n<h3 id=\"bolum-12\">OPNsense VLAN Kurulumu ve G\u00fcvenlik Do\u011frulama<\/h3>\n<p>A\u015fa\u011f\u0131daki checklist&#8217;i kullanarak kurulum sonras\u0131 eksik olmayan bir yap\u0131 oldu\u011fundan emin olun:<\/p>\n<ul>\n<li>\u2610 WAN aray\u00fcz\u00fc internet sa\u011flay\u0131c\u0131n\u0131z\u0131n IP yap\u0131s\u0131na g\u00f6re statik IP veya DHCP al\u0131yor mu?<\/li>\n<li>\u2610 T\u00fcm kritik VLAN aray\u00fczleri i\u00e7in &#8220;IP adresi&#8221; atanm\u0131\u015f m\u0131 ve eri\u015filebilir mi?<\/li>\n<li>\u2610 VLAN ayarlar\u0131nda gereksiz portlara trafi\u011fin ak\u0131p gitmedi\u011fi do\u011frulanm\u0131\u015f m\u0131?<\/li>\n<li>\u2610 Yedekleme i\u015flemi (Backup) bir g\u00fcvenli yere (USB veya bulut anahtar) aktar\u0131lm\u0131\u015f m\u0131?<\/li>\n<li>\u2610 G\u00fcvenlik kurallar\u0131nda (Firewall Rules) varsay\u0131lan olarak &#8220;Block All&#8221; (Hepsini Engelle) ilkesi var m\u0131?<\/li>\n<\/ul>\n<h3 id=\"bolum-13\">Routing (Katman 3 \u0130leti\u015fimi)<\/h3>\n<p>VLAN&#8217;ler sadece fiziksel olarak ay\u0131rmak i\u00e7in de\u011fil, bunlar\u0131n birbirleriyle ileti\u015fim kurabilmesi i\u00e7in de \u00f6nemlidir. OPNsense, bir Layer 3 cihaz olarak \u00e7al\u0131\u015ft\u0131\u011f\u0131 i\u00e7in, VLAN aray\u00fczleri aras\u0131nda routing kurman\u0131z gerekir. \u00d6rne\u011fin, <strong>VLAN 30<\/strong> (Lab) \u00fczerindeki bir sunucu, <strong>VLAN 10<\/strong> (Management) \u00fczerindeki OPNsense cihaz\u0131n\u0131 y\u00f6netmek istiyorsa, Firewall Rules k\u0131sm\u0131nda bu trafi\u011fe izin vermeniz gerekir. Aksi halde, &#8220;Destination unreachable&#8221; hatas\u0131 al\u0131rs\u0131n\u0131z. Bu noktada, y\u00f6netim trafi\u011finin sadece kendi VLAN&#8217;i (VLAN 10) i\u00e7inde kalmaya zorlanmas\u0131 daha g\u00fcvenli bir uygulamad\u0131r.<\/p>\n<h3 id=\"bolum-14\">Loglama ve Yedekleme<\/h3>\n<p>Bir operat\u00f6r olarak biliyorum, sorun \u00e7\u0131k\u0131nca ne oldu\u011funu bilmezseniz \u00e7\u00f6zemezsiniz. A\u011f loglar\u0131n\u0131 d\u00fczenli bir \u015fekilde izleyin. OPNsense&#8217;de &#8220;Status &gt; System Logs&#8221; men\u00fcs\u00fcn\u00fc kullanarak trafi\u011fi izleyin. Ayr\u0131ca, i\u015fletim sistemi yamalar\u0131 (firmware updates) yapt\u0131ktan sonra mutlaka yap\u0131land\u0131rma yede\u011fini almay\u0131 unutmay\u0131n. VLAN yap\u0131land\u0131rmas\u0131 yap\u0131ld\u0131\u011f\u0131nda, sadece sistem ayarlar\u0131n\u0131 de\u011fil, ayn\u0131 zamanda VLAN Interface tan\u0131mlar\u0131n\u0131 da i\u00e7eren yedek almak kritiktir.<\/p>\n<h2 id=\"bolum-15\">S\u0131k\u00e7a Sorulan Sorular<\/h2>\n<p><strong>OPNsense ile VLAN segmentasyonu ve homelab a\u011f g\u00fcvenli\u011fi rehberi uygularken en yayg\u0131n hata nedir?<\/strong><br \/>\nEn yayg\u0131n hata, ISP cihaz\u0131n\u0131 &#8220;Bridge&#8221; moduna al\u0131p, kendi OPNsense kurulumunda WAN aray\u00fcz\u00fcn\u00fc de &#8220;Bridge&#8221; olarak tan\u0131mlamakt\u0131r. Bu durumda NAT kurallar\u0131 \u00e7al\u0131\u015fmaz ve internete \u00e7\u0131k\u0131\u015f yap\u0131lamaz. Ayr\u0131ca, baz\u0131 eski donan\u0131mlarda VLAN ID deste\u011finin sadece belirli portlarda olmas\u0131, port numaralar\u0131n\u0131 yanl\u0131\u015f atayarak trafi\u011fin kaybolmas\u0131na neden olabilir. En kritik teknik hata, &#8220;Untagged&#8221; cihazlar\u0131 ba\u011flarken VLAN aray\u00fcz\u00fc ile fiziksel port ayarlar\u0131n\u0131n uyumsuz olmas\u0131d\u0131r.<\/p>\n<p><strong>OPNsense ile VLAN segmentasyonu ve homelab a\u011f g\u00fcvenli\u011fi rehberi ne zaman mant\u0131kl\u0131d\u0131r?<\/strong><br \/>\nEv a\u011f\u0131n\u0131za y\u00f6netim kontrol\u00fc ve farkl\u0131 servislerin (sabit telefon, g\u00fcvenlik kameras\u0131, ana bilgisayar) birbirinden izole edilmesi gerekti\u011finde veya kendi test ortam\u0131n\u0131z\u0131 (homelab) genel kullan\u0131c\u0131 a\u011f\u0131ndan ay\u0131rd\u0131\u011f\u0131n\u0131zda mant\u0131kl\u0131d\u0131r. Bu yap\u0131, bir segmente yap\u0131lacak bir sald\u0131r\u0131n\u0131n di\u011ferlerini vurmas\u0131n\u0131 zorla\u015ft\u0131r\u0131r. \u00d6zellikle IoT cihazlar\u0131 i\u00e7in bir VLAN ay\u0131rma, bilgisayar\u0131n\u0131z\u0131n g\u00fcncelleme s\u00fcre\u00e7lerini etkilemeden onlar\u0131 izole etmenin en sa\u011fl\u0131kl\u0131 yoludur.<\/p>\n<p><strong>Lokal k\u0131s\u0131tlamalar ve ISP uyumlulu\u011fu nas\u0131l ele al\u0131nmal\u0131?<\/strong><br \/>\n\u00d6ncelikle ISP&#8217;nin destekledi\u011fi VLAN ID aral\u0131\u011f\u0131n\u0131 ve port ay\u0131rmalar\u0131n\u0131 \u00f6\u011frenmelisiniz. Baz\u0131 sa\u011flay\u0131c\u0131lar sadece belirli portlar (\u00f6rne\u011fin sadece wan portuna) \u00f6zel VLAN ID&#8217;leri g\u00f6nderir. Donan\u0131m kart\u0131n\u0131z\u0131n da bu ID&#8217;leri destekleyip desteklemedi\u011fini kontrol edin. \u00d6rne\u011fin, bir kart\u0131n sadece 4 portuna VLAN tagi gelebilir; bu durumda a\u011f plan\u0131n\u0131z\u0131 bu fiziksel k\u0131s\u0131tlamaya g\u00f6re ayarlaman\u0131z gerekir. Ayr\u0131ca, OPNsense i\u00e7indeki &#8220;Interfaces&#8221; &gt; &#8220;Assignments&#8221; k\u0131sm\u0131nda VLAN interface&#8217;i olu\u015ftururken, o aray\u00fcz\u00fcn hangi fiziksel porttan (Lagg, Opt1 vb.) geldi\u011finin belirlenmesi \u015fartt\u0131r.<\/p>\n<p><a href=\"\/opnsense-ile-vlan-segmentasyonu-ve-homelab-ag-guvenligi-rehberi-rehberi\">Rehberi Daha Detayl\u0131 \u00d6\u011frenmek \u0130\u00e7in<\/a><br \/>\n<a href=\"\/opnsense-ile-vlan-segmentasyonu-ve-homelab-ag-guvenligi-rehberi-sorun-giderme\">Operat\u00f6rler \u0130\u00e7in Sorun Giderme K\u0131lavuzu<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>OPNsense ile VLAN segmentasyonu uygulamas\u0131 ile ev a\u011f\u0131n\u0131za kusursuz homelab g\u00fcvenli\u011fi kazand\u0131r\u0131n. Detayl\u0131 kurulum rehberini okumaya ba\u015flay\u0131n.<\/p>\n","protected":false},"author":1,"featured_media":480,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"rank_math_title":"OPNsense ile VLAN: 2026 Pratik Rehber","rank_math_description":"OPNsense ile VLAN segmentasyonu uygulamas\u0131 ile ev a\u011f\u0131n\u0131za kusursuz homelab g\u00fcvenli\u011fi kazand\u0131r\u0131n. Detayl\u0131 kurulum rehberini okumaya ba\u015flay\u0131n.","rank_math_focus_keyword":"OPNsense ile VLAN","footnotes":""},"categories":[197],"tags":[178,201,199,198,202,200],"class_list":["post-568","post","type-post","status-publish","format-standard","has-post-thumbnail","category-ag-guvenligi","tag-homelab","tag-network-security","tag-opnsense","tag-opnsense-ile-vlan-segmentasyonu","tag-segmentasyon","tag-vlan"],"_links":{"self":[{"href":"https:\/\/m4.ist\/index.php\/wp-json\/wp\/v2\/posts\/568","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/m4.ist\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/m4.ist\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/m4.ist\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/m4.ist\/index.php\/wp-json\/wp\/v2\/comments?post=568"}],"version-history":[{"count":0,"href":"https:\/\/m4.ist\/index.php\/wp-json\/wp\/v2\/posts\/568\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/m4.ist\/index.php\/wp-json\/wp\/v2\/media\/480"}],"wp:attachment":[{"href":"https:\/\/m4.ist\/index.php\/wp-json\/wp\/v2\/media?parent=568"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/m4.ist\/index.php\/wp-json\/wp\/v2\/categories?post=568"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/m4.ist\/index.php\/wp-json\/wp\/v2\/tags?post=568"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}