Home network design for regular LAN, IoT and testing questions
Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Home network design for regular LAN, IoT and testing questions
Good day everyone.
I would like you advices on the type of setup I should be doing.
I want to isolate my networks. I will have a regular network, IoT devices and a testing laptop.
Devices: iMac, MacBook, iPhone, Apple TV, Testing laptop (Malware reverse engineering), Phillips Hue Hub, Watchman Wifi Camera, CCTV's (not yet), ISP Modem, Apple Time Capsule, DIR-655 router, TP-Link TL-SG108E x 2 and I would like to have a pfsense box so I can monitor exactly what comes in and out and block manually host and ip's that I don't want.
Let me know if you have any inputs on the type of setup and configuration I should be doing.
I avoid IoT (Tom Lawrence at SMLR calls it the "Internet of Targets") like the plague it is, though I'm sure the point will come when I cannot escape it. Connecting stuff to a network simply because it's there ignores that "because it's there" is seldom a good reason for doing anything. Just ask any 15-year-old boy.
But about the home network in general, I'd say you're on the right track with pfSense. Though I'd highly recommend taking it a step furter and going with regular OpenBSD -current. It's about as easy to set up and maintain yet will give you far more flexibility in what you can do, even if you just think about PF only. However, whether you can go that route is up to what kind of hardware you have available.
I read about the 3 dumb router setup, seems interesting.
How about, ISP modem -> Apple Time Capsule -> TP Link TL-SG108E -> and doing 3 VLANS? 1- regular network, 2- testing laptop and 3- IoT? (I might have trouble controlling those phillips bulb with the iPhone)
The thing I'm missing is a visibility on the network. I'd like something like a SIEM and something that I could block the phonehome calls and stuff like that.
I have no firewall devices at the moment. Purchasing a Netgate SG-2220 or SG-2440 would be around 300-800$. I was trying not to spend and use what I had
Firewalls do not have to be big and powerful unless you plan on putting a lot of traffic through them. You don't need the latest and greatest system to be your firewall. Grab one of your systems with more than one nic and use that.
I understand, it's only me that wants the best buy for home but I definitely understand you and I should go cheaper for regular home use. The funny thing is that I don't have any devices with 2 NICs at the moment, so I do have to purchase something! Once done I should put that between the modem and router or inside the network?
I always see both setup but not sure which one I should apply.
Firewalls do not have to be big and powerful unless you plan on putting a lot of traffic through them.
This is very true. About a decade and a half ago I worked for a international company with with about 25,000 employees around the world (this was in the Win2000/XP/Pentium I and II days). It had an excellent IT department led by an extremely reasonable and approachable IT manager.
Their firewall was a 486. It didn't have to do anything but filter incoming and outgoing traffic, and it did that quite nicely.
Tom Lawrence at SMLR, whom I mentioned earlier, is a big fan of pfsense. He runs a successful computer business servicing local businesses in his area and has done a lot of work with it.
That would depend on what you plan on hanging off of it. You going to need at least 2. 1 for LAN and 1 for WAN. If you plan on having a DMZ then you'll need one for that too.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.