Well, Just plug pfsense to ADSL and buy managed switch and some unifi wlan aps. You can install proxy on pfsense box also..
Eero 22.12.2017 23.57 "Antonio" <m...@geotux.it> kirjoitti: Hello, I'm trying to design an optimal network setting for my home and was wondering what people's thoughts were based on my needs: 1) Need a single DHCP, DNSMasq server; 2) want to route traffic through VPNs only on certain parts of my network 3) want to eventually install a proxy somewhere on the network to route traffic from my kids laptops/tablets. 4) obviously want to firewall all centrally as best as possible. My setup is as follows: a) I have a little compact mini PC with four ethernet connections (1x WAN and 3x LAN) - its wifi too b) A Netgear Modem onto ADSL c) A Netgear router Hawk 7000 d) a couple of desktop PCs wired to (a) as well as a server e) several mobiles, IoTs that connect wireless to (c) At the moment the connection is (b)->(c)->(a)->PCs but I feel I'm not getting the best of this setup, particularly pfSense which at the moment is just firewalling my PCs/server. I generally consider the wifi network the weak point as guest come and connect to it that's why its connected before (a); traffic from (c) cannot get past (a) but the PCs/server can get out on the internet. I feel that (a) should be connected to (b) and (c) should then be connected to one of the LAN ports on (a), say LAN2 (I would have a switch on LAN1 with PCs/server). I could then use pfSense to route traffic from LAN2 to WAN and firewall LAN1 so that traffic from LAN2 could not go to LAN1. That way, I could then set up pfSense as my single DHCP and DNSMasq server. I could then set up VPNs for just traffic of LAN1 or LAN2. Would you agree with this sort of setup or do you think I could implement things better? I look forward to some of your thoughts. Best regards -- Respect your privacy and that of others, don't give your data to big corporations. Use alternatives like Signal (https://whispersystems.org/) for your messaging or Diaspora* (https://joindiaspora.com/) for your social networking. _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
