Antonio
2017-12-22 21:56:32 UTC
Hello,
I'm trying to design an optimal network setting for my home and was
wondering what people's thoughts were based on my needs:
1) Need a single DHCP, DNSMasq server;
2) want to route traffic through VPNs only on certain parts of my network
3) want to eventually install a proxy somewhere on the network to route
traffic from my kids laptops/tablets.
4) obviously want to firewall all centrally as best as possible.
My setup is as follows:
a) I have a little compact mini PC with four ethernet connections (1x
WAN and 3x LAN) - its wifi too
b) A Netgear Modem onto ADSL
c) A Netgear router Hawk 7000
d) a couple of desktop PCs wired to (a) as well as a server
e) several mobiles, IoTs that connect wireless to (c)
At the moment the connection is (b)->(c)->(a)->PCs but I feel I'm not
getting the best of this setup, particularly pfSense which at the moment
is just firewalling my PCs/server.
I generally consider the wifi network the weak point as guest come and
connect to it that's why its connected before (a); traffic from (c)
cannot get past (a) but the PCs/server can get out on the internet. I
feel that (a) should be connected to (b) and (c) should then be
connected to one of the LAN ports on (a), say LAN2 (I would have a
switch on LAN1 with PCs/server). I could then use pfSense to route
traffic from LAN2 to WAN and firewall LAN1 so that traffic from LAN2
could not go to LAN1.
That way, I could then set up pfSense as my single DHCP and DNSMasq
server. I could then set up VPNs for just traffic of LAN1 or LAN2.
Would you agree with this sort of setup or do you think I could
implement things better?
I look forward to some of your thoughts.
Best regards
I'm trying to design an optimal network setting for my home and was
wondering what people's thoughts were based on my needs:
1) Need a single DHCP, DNSMasq server;
2) want to route traffic through VPNs only on certain parts of my network
3) want to eventually install a proxy somewhere on the network to route
traffic from my kids laptops/tablets.
4) obviously want to firewall all centrally as best as possible.
My setup is as follows:
a) I have a little compact mini PC with four ethernet connections (1x
WAN and 3x LAN) - its wifi too
b) A Netgear Modem onto ADSL
c) A Netgear router Hawk 7000
d) a couple of desktop PCs wired to (a) as well as a server
e) several mobiles, IoTs that connect wireless to (c)
At the moment the connection is (b)->(c)->(a)->PCs but I feel I'm not
getting the best of this setup, particularly pfSense which at the moment
is just firewalling my PCs/server.
I generally consider the wifi network the weak point as guest come and
connect to it that's why its connected before (a); traffic from (c)
cannot get past (a) but the PCs/server can get out on the internet. I
feel that (a) should be connected to (b) and (c) should then be
connected to one of the LAN ports on (a), say LAN2 (I would have a
switch on LAN1 with PCs/server). I could then use pfSense to route
traffic from LAN2 to WAN and firewall LAN1 so that traffic from LAN2
could not go to LAN1.
That way, I could then set up pfSense as my single DHCP and DNSMasq
server. I could then set up VPNs for just traffic of LAN1 or LAN2.
Would you agree with this sort of setup or do you think I could
implement things better?
I look forward to some of your thoughts.
Best regards
--
Respect your privacy and that of others, don't give your data to big corporations.
Use alternatives like Signal (https://whispersystems.org/) for your messaging or
Diaspora* (https://joindiaspora.com/) for your social networking.
Respect your privacy and that of others, don't give your data to big corporations.
Use alternatives like Signal (https://whispersystems.org/) for your messaging or
Diaspora* (https://joindiaspora.com/) for your social networking.