I realized I was at risk by having smart devices on my normal network, so decided to move them to my guest network.
I don’t like my smart tv, but it’s all I have to work with for now. I want to keep it on my guest network, but still stream using jellyfin. I see on my netgear router there is an option to “let devices on guest network see other devices and access local network” which would probably allow it to see my jellyfin server, but then doesn’t that defeat the point of a guest network? Maybe I need to learn what a reverse proxy is…jellyfin server is currently on windows (not my pc) but could move it to my linux pc if needed.
And yes, I plan to get a media center linux box in the future so I don’t have to deal with the garbage smart tv os!
Why isn’t WAN blocking sufficient? Can you explain more? My threat model is blocking tracking/ads/telemetry, however I’m interested in your point from a security standpoint so would love to hear more about what you meant.
Also, I have a router rule that forces any device to 100% use my pihole. The only way a device can get around this rule is if it used DoH, however I have never once seen a device do that.