Show Posts
1
General Discussion / Feedback requested: Network design, moving away from pfSense
« on: November 12, 2024, 07:04:52 pm »
Hi all. I've been running pfSense 2.5.2 on a PC Engines APU2 for a few years now. Instead of upgrading it to the latest, I decided to move to a new box and install OPNsense. Looking much better so far!
My new firewall:
Qotom-Q750G5
Intel Celeron J4125
8GB RAM
128GB SSD
5x 2.5 Gbit Intel I225-V
Port 1: WAN
Port 2: Management network
Port 3: Unused. maybe add it to LAGG?
Port 4: LAGG
Port 5: LAGG
Server
Asrock Rack X470D4U
AMD Ryzen 7 3700X
4x 32GB ECC memory
2x LSI SAS 9211-8i
6x Toshiba MG09 18TB in zfs-raid2 (data)
6x Crucial MX500 2,5" 500GB in zfs-raid2 (os + containers)
This is an Ubuntu 24.04 host, running LXD 5.21 with about 15 containers. Most I/O stays on this host, and if it leaves my host it is going to either my desktop or some of the mediaplayers.
2x MikroTik Cloud Smart Switch 326-24G-2S+RM
I have around 70 WiFi devices, mainly IoT, connected to 3x Unify AP-AC-PRO's
My physical network setup:
My logical design:
Inbound connections
I have a Mail-in-a-Box server in the cloud, which does rsync backups to home.
IPsec clients (Protocol can be changed, probably to Wireguard.
Nextcloud
I did some reading on https://homenetworkguy.com/ and come up with this design.
LAN Devices
VLAN ID: 10
IP Range: 10.10.0.0/24
Trusted Mobile Devices
VLAN ID: 20
IP Range: 10.20.0.0/24
Guest Network
VLAN ID: 30
IP Range: 10.30.0.0/24
Local Services
VLAN ID: 40
IP Range: 10.40.0.0/24
Public Services
VLAN ID: 50
IP Range: 10.50.0.0/24
Reverse Proxy (Caddy)
VLAN ID: 60
IP Range: 10.60.0.0/24
VPN Services
VLAN ID: 70
IP Range: 10.30.0.0/24
IoT Devices
VLAN ID: 80
IP Range: 10.80.0.0/24
Management Network
VLAN ID: 99
IP Range: 10.99.0.0/24
/24 can be changed to /16, but I don't expect it to be necessary in the near future.
I've been using Linux (and to some extent BSD) for over 20 years and have learned a few tricks along the way. However, network design is new to me. Any feedback would be appreciated!
My new firewall:
Qotom-Q750G5
Intel Celeron J4125
8GB RAM
128GB SSD
5x 2.5 Gbit Intel I225-V
Port 1: WAN
Port 2: Management network
Port 3: Unused. maybe add it to LAGG?
Port 4: LAGG
Port 5: LAGG
Server
Asrock Rack X470D4U
AMD Ryzen 7 3700X
4x 32GB ECC memory
2x LSI SAS 9211-8i
6x Toshiba MG09 18TB in zfs-raid2 (data)
6x Crucial MX500 2,5" 500GB in zfs-raid2 (os + containers)
This is an Ubuntu 24.04 host, running LXD 5.21 with about 15 containers. Most I/O stays on this host, and if it leaves my host it is going to either my desktop or some of the mediaplayers.
2x MikroTik Cloud Smart Switch 326-24G-2S+RM
I have around 70 WiFi devices, mainly IoT, connected to 3x Unify AP-AC-PRO's
My physical network setup:
My logical design:
Inbound connections
I have a Mail-in-a-Box server in the cloud, which does rsync backups to home.
IPsec clients (Protocol can be changed, probably to Wireguard.
Nextcloud
I did some reading on https://homenetworkguy.com/ and come up with this design.
LAN Devices
VLAN ID: 10
IP Range: 10.10.0.0/24
Trusted Mobile Devices
VLAN ID: 20
IP Range: 10.20.0.0/24
Guest Network
VLAN ID: 30
IP Range: 10.30.0.0/24
Local Services
VLAN ID: 40
IP Range: 10.40.0.0/24
Public Services
VLAN ID: 50
IP Range: 10.50.0.0/24
Reverse Proxy (Caddy)
VLAN ID: 60
IP Range: 10.60.0.0/24
VPN Services
VLAN ID: 70
IP Range: 10.30.0.0/24
IoT Devices
VLAN ID: 80
IP Range: 10.80.0.0/24
Management Network
VLAN ID: 99
IP Range: 10.99.0.0/24
/24 can be changed to /16, but I don't expect it to be necessary in the near future.
I've been using Linux (and to some extent BSD) for over 20 years and have learned a few tricks along the way. However, network design is new to me. Any feedback would be appreciated!