Text only | Text with Images

OPNsense Forum

English Forums => General Discussion => Topic started by: jimcease on September 11, 2024, 04:00:24 PM

Title: New to OPNsense Need Expertise to verify my work so far
Post by: jimcease on September 11, 2024, 04:00:24 PM
Background, just built a m720q tiny intel 8500t 16 mb ram 256gig SSD and bringing up Tplink TL-SG1016DE.  I am a newb and scheduling cut over before my family wakes up on Saturday morning.  I need to make sure Plex, IP CAM, printing, and Consoles work as expected.  Once wired network is verified working I will convert ASUS GT AX 11000 to AP Mode.  OPNsense will be connected to Xfininty Internet and get a public IP.

So far created VLANs with some rules
Lan :192.168.1.1/24      Where network equipment will reside - main PC will be moved once all working to USER Vln
Plex:192.168.10.1/24    This is where my Plex server will reside created Alias called Plex
User:192.168.20.1/24   This is where all PC equipment will be located
IOT: 192.168.30.1/24    This is where all my phones, streaming devices, printer, and gaming consoles live Alias for consoles and printer
Guest: 192.168.40.1/24  All Guest devices will connect here
IPCam: 192.168.50.1/24 IP camera lives here alias IPCam
https://photos.app.goo.gl/3syMwEqEujLw6Mbg8    LAN
https://photos.app.goo.gl/9FzFpDpLALsahjzX8 (https://photos.app.goo.gl/9FzFpDpLALsahjzX8)    User VLAN
https://photos.app.goo.gl/peZFfcdAbdiy5sqX6  (https://photos.app.goo.gl/peZFfcdAbdiy5sqX6)    Plex VLAN
https://photos.app.goo.gl/edGse7WBfuAaL7fJ8 (https://photos.app.goo.gl/edGse7WBfuAaL7fJ8)   IOT VLAN   
https://photos.app.goo.gl/3ESN8CXKLrhVjRqA6 (https://photos.app.goo.gl/3ESN8CXKLrhVjRqA6)   Guest VLAN     
https://photos.app.goo.gl/LujiihVcQqmH8cGM7 (https://photos.app.goo.gl/LujiihVcQqmH8cGM7)    IPCam VLAN


https://photos.app.goo.gl/kK9z6zJyk1Y5nw7u5 (https://photos.app.goo.gl/kK9z6zJyk1Y5nw7u5)   NAT Type 2 Rule     

The next question is DNS should I start open and then try DOT?
DOT https://homenetworkguy.com/how-to/configure-dns-over-tls-unbound-opnsense/ (https://homenetworkguy.com/how-to/configure-dns-over-tls-unbound-opnsense/)
Force local resolver https://homenetworkguy.com/how-to/redirect-all-dns-requests-to-local-dns-resolver/ (https://homenetworkguy.com/how-to/redirect-all-dns-requests-to-local-dns-resolver/)     

After I verify that all is working should I attempt to implement:
Antivirus https://docs.opnsense.org/manual/how-tos/proxyicapantivirusinternal.html (https://docs.opnsense.org/manual/how-tos/proxyicapantivirusinternal.html)
IP Block and GEO Block https://windgate.net/opnsense-ip-blocklists-and-geo-ip-block-to-enhance-security-against-malicious-attacks/ (https://windgate.net/opnsense-ip-blocklists-and-geo-ip-block-to-enhance-security-against-malicious-attacks/)           

First thanks for verifying my thinking as I am really new and trying to learn things quickly.  Thanks for taking the time and sharing your knowledge with me.  Lastly my apologies as I could not figure out how to get the images to post so I added links to them.  Again I greatly appreciate your help so will my family when things are working.



Title: Re: New to OPNsense Need Expertise to verify my work so far
Post by: bartjsmit on September 11, 2024, 08:21:27 PM
What is your WAN connection? Will OPNsense get a public IP?
Title: Re: New to OPNsense Need Expertise to verify my work so far
Post by: jimcease on September 11, 2024, 08:59:27 PM
I will be connecting WAN to Xfinity and obtaining a public IP.
Text only | Text with Images