Sounds cool but maybe a bit overkill for what i need ... Cheers
Respect your privacy and that of others, don't give your data to big corporations. Use alternatives like Signal (https://whispersystems.org/) for your messaging or Diaspora* (https://joindiaspora.com/) for your social networking. Il 22/12/2017 22:35, Eero Volotinen ha scritto: > Well, > > Just plug pfsense to ADSL and buy managed switch and some unifi wlan > aps. You can install proxy on pfsense box also.. > > > Eero > > 22.12.2017 23.57 "Antonio" <[email protected] <mailto:[email protected]>> > kirjoitti: > > Hello, > > I'm trying to design an optimal network setting for my home and was > wondering what people's thoughts were based on my needs: > > 1) Need a single DHCP, DNSMasq server; > > 2) want to route traffic through VPNs only on certain parts of my > network > > 3) want to eventually install a proxy somewhere on the network to > route > traffic from my kids laptops/tablets. > > 4) obviously want to firewall all centrally as best as possible. > > My setup is as follows: > > a) I have a little compact mini PC with four ethernet connections (1x > WAN and 3x LAN) - its wifi too > > b) A Netgear Modem onto ADSL > > c) A Netgear router Hawk 7000 > > d) a couple of desktop PCs wired to (a) as well as a server > > e) several mobiles, IoTs that connect wireless to (c) > > At the moment the connection is (b)->(c)->(a)->PCs but I feel I'm not > getting the best of this setup, particularly pfSense which at the > moment > is just firewalling my PCs/server. > > I generally consider the wifi network the weak point as guest come and > connect to it that's why its connected before (a); traffic from (c) > cannot get past (a) but the PCs/server can get out on the internet. I > feel that (a) should be connected to (b) and (c) should then be > connected to one of the LAN ports on (a), say LAN2 (I would have a > switch on LAN1 with PCs/server). I could then use pfSense to route > traffic from LAN2 to WAN and firewall LAN1 so that traffic from LAN2 > could not go to LAN1. > > That way, I could then set up pfSense as my single DHCP and DNSMasq > server. I could then set up VPNs for just traffic of LAN1 or LAN2. > > Would you agree with this sort of setup or do you think I could > implement things better? > > I look forward to some of your thoughts. > > Best regards > > -- > Respect your privacy and that of others, don't give your data to > big corporations. > Use alternatives like Signal (https://whispersystems.org/) for > your messaging or > Diaspora* (https://joindiaspora.com/) for your social networking. > > _______________________________________________ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > <https://lists.pfsense.org/mailman/listinfo/list> > Support the project with Gold! https://pfsense.org/gold > > _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
