Show Posts
1
General Discussion / Advice accepted for new configuration
« on: April 04, 2024, 03:03:57 pm »
Hey everybody, I'm Tom - hope everything is going well for you 
Almost three months ago I finally went from a FWA connection to a FTTH and it’s great.
After this passage I felt the time was right to start monitoring and securing my home network properly.
Here’s the setup:
The mini-PC interfaces are structured as follows:
The NETGEAR switch presents this configuration:
Port 1 – attached to the firewall
Port 2 – smart TV
Port 3 – promiscuous
Port 4 – free, but this would be the port dedicated to the wireless AP
Port 5 – gaming console
Port 6 – free
Port 7 – IoT bridge for smart lights
Port 8 – secondary entertainment/gaming PC
The idea would be to properly segregate the network so that the wired connected devices do not have access the local network except communications to a small printer connected via wireless, and to also separate the wireless devices connected to the access point because they will only need to browse externally and will not need to have access to the local network.
How do you recommend that I proceed?
Should I aggregate the three LAN interfaces into one or is it better to keep them separate?
Does it make sense to create VLANs or is it enough for me to work well with firewall rules?
I hope I have given you all the information you need, and thank you very much in advance for all the help you can give me.
Almost three months ago I finally went from a FWA connection to a FTTH and it’s great.
After this passage I felt the time was right to start monitoring and securing my home network properly.
Here’s the setup:
- ISP modem/router (i.e. ZTE H388XF) in bridge mode
- Mini-PC (Intel® N100, 8 GB RAM, 4 × Intel® I226-V 2.5 Gbps RJ45) with OPNsense 24.1.4 installed
The mini-PC interfaces are structured as follows:
- igc0 – WAN (configured via PPPoE to ISP modem/router)
- igc1 – OPT1 (this interface terminates directly into a network wall port, ideally this would be a DMZ port for mixed use)
- igc2 – OPT2 (this interface also terminates directly into a network wall port, where the primary entertainment/gaming PC is connected)
- igc3 – LAN (this cable is connected to a 8-port gigabit switch in the living room, a NETGEAR GS308E)
The NETGEAR switch presents this configuration:
Port 1 – attached to the firewall
Port 2 – smart TV
Port 3 – promiscuous
Port 4 – free, but this would be the port dedicated to the wireless AP
Port 5 – gaming console
Port 6 – free
Port 7 – IoT bridge for smart lights
Port 8 – secondary entertainment/gaming PC
The idea would be to properly segregate the network so that the wired connected devices do not have access the local network except communications to a small printer connected via wireless, and to also separate the wireless devices connected to the access point because they will only need to browse externally and will not need to have access to the local network.
How do you recommend that I proceed?
Should I aggregate the three LAN interfaces into one or is it better to keep them separate?
Does it make sense to create VLANs or is it enough for me to work well with firewall rules?
I hope I have given you all the information you need, and thank you very much in advance for all the help you can give me.