I think the overkill is all the extra appliances doing things that pfSense can do.
You want the pfSense to be in the middle, you want the traffic to be filtered and routed… pfSense is great for this very task, you don’t need the Hawk or Netgear firewalls… aDSL modem -> pfSense -> switch -> Rest of network > On Dec 22, 2017, at 6:15 PM, Antonio <[email protected]> wrote: > > Sounds cool but maybe a bit overkill for what i need ... > > Cheers > > Respect your privacy and that of others, don't give your data to big > corporations. > Use alternatives like Signal (https://whispersystems.org/ > <https://whispersystems.org/>) for your messaging or > Diaspora* (https://joindiaspora.com/ <https://joindiaspora.com/>) for your > social networking. > > Il 22/12/2017 22:35, Eero Volotinen ha scritto: >> Well, >> >> Just plug pfsense to ADSL and buy managed switch and some unifi wlan >> aps. You can install proxy on pfsense box also.. >> >> >> Eero >> >> 22.12.2017 23.57 "Antonio" <[email protected] <mailto:[email protected]> >> <mailto:[email protected] <mailto:[email protected]>>> >> kirjoitti: >> >> Hello, >> >> I'm trying to design an optimal network setting for my home and was >> wondering what people's thoughts were based on my needs: >> >> 1) Need a single DHCP, DNSMasq server; >> >> 2) want to route traffic through VPNs only on certain parts of my >> network >> >> 3) want to eventually install a proxy somewhere on the network to >> route >> traffic from my kids laptops/tablets. >> >> 4) obviously want to firewall all centrally as best as possible. >> >> My setup is as follows: >> >> a) I have a little compact mini PC with four ethernet connections (1x >> WAN and 3x LAN) - its wifi too >> >> b) A Netgear Modem onto ADSL >> >> c) A Netgear router Hawk 7000 >> >> d) a couple of desktop PCs wired to (a) as well as a server >> >> e) several mobiles, IoTs that connect wireless to (c) >> >> At the moment the connection is (b)->(c)->(a)->PCs but I feel I'm not >> getting the best of this setup, particularly pfSense which at the >> moment >> is just firewalling my PCs/server. >> >> I generally consider the wifi network the weak point as guest come and >> connect to it that's why its connected before (a); traffic from (c) >> cannot get past (a) but the PCs/server can get out on the internet. I >> feel that (a) should be connected to (b) and (c) should then be >> connected to one of the LAN ports on (a), say LAN2 (I would have a >> switch on LAN1 with PCs/server). I could then use pfSense to route >> traffic from LAN2 to WAN and firewall LAN1 so that traffic from LAN2 >> could not go to LAN1. >> >> That way, I could then set up pfSense as my single DHCP and DNSMasq >> server. I could then set up VPNs for just traffic of LAN1 or LAN2. >> >> Would you agree with this sort of setup or do you think I could >> implement things better? >> >> I look forward to some of your thoughts. >> >> Best regards >> >> -- >> Respect your privacy and that of others, don't give your data to >> big corporations. >> Use alternatives like Signal (https://whispersystems.org/ >> <https://whispersystems.org/>) for >> your messaging or >> Diaspora* (https://joindiaspora.com/ <https://joindiaspora.com/>) for >> your social networking. >> >> _______________________________________________ >> pfSense mailing list >> https://lists.pfsense.org/mailman/listinfo/list >> <https://lists.pfsense.org/mailman/listinfo/list> >> <https://lists.pfsense.org/mailman/listinfo/list >> <https://lists.pfsense.org/mailman/listinfo/list>> >> Support the project with Gold! https://pfsense.org/gold >> <https://pfsense.org/gold> >> >> > > _______________________________________________ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > <https://lists.pfsense.org/mailman/listinfo/list> > Support the project with Gold! https://pfsense.org/gold > <https://pfsense.org/gold> _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
