This will be a really short post, I never did follow up on my previous post after completing this project but wanted to document. Better late than never I suppose.
I ended up purchasing a dedicated PCIe NIC for my NAS, for a physically isolated cable between it and my mini PC mounting the iSCSI share, and it works exactly as expected - the router has no idea that the network exists and it’s unreachable except from the devices it’s connected to directly.
There wasn’t really any configuration that I hadn’t done, but instead of it being on subinterfaces it was on the new physical interfaces I had connected together.
As I’m running the server as a Proxmox VM, I did have to assign the secondary NIC on the mini PC to the VM itself, but after that it worked like a charm. Just set static IP with no default gateway on both ends, and all my storage traffic is flowing over one cable.
This was a project I didn’t really plan on, it was more of a shower thought and a smaller piece of the puzzle in terms of my home LAN isolation longer term goal. So I’m very happy with how it turned out! As is often the case, the hardest part was mapping it out mentally.
EOF