Please Help me getting my home network right

wuz · May 9, 2022

Hello there

Im curently on the way to upgrade my home network.General Plan is to go 10Gb and replace current Isp router. also i want to use different Van´s in my Home and start self hosting an website. Plan is to do it in 3 steps. 1. install 10gb cards in gaming rig and unraid server. 2. get the contract going with my new ISP. 3. Buy the hardware for the big upgrade.

I will attach an network schematic of current and new setup. Now im not sure about how some things will work out, what hardware and software to use and if everything is possible the way i imagine it.

1.When i get my new Isp´s router, i wont need the old network anymore. But if it is possible, it would be great to be able to Loadbalance it and use both for maximum Bandwith. Also i would like that devices from the old Network(my house mates pc´s) still be able to access Samba Shares and WebGui´s from the unraid Dockers. Can Pfsense handle Loadbalancing in the way i imagine it ? And if not, would it be possible to do it with an extra device ? (https://www.amazon.de/TP-Link-TL-R470T-Broadband-LAN-Port-Speicher/dp/B004UC9V8Q?th=1) Or will this device just drop all the packages cause it doesnt know´s the van´s ?

2. Is it possible to direct attach 2 networkcards directly for now if i only need the 10gb connection on these machines?

Would this be an Routerless Subnet ? and if yes, do you know if unraid supports it ? Also i was thinking about if i can add the network card to my current balance tlb5 bond but only for conecting to my gaming rig.

3. I want to have 4 Van´s. 1 for trusted Wireless. 1 for IoT and Guest Wireless. 1 for trusted machines(like unraid, gaming rig etc.). 1 only for the Nginx cause i want to isolate it so if someone would be able to get access to my webserver it wouldn´t affect the whole network. Do i need an extra Van for the Webserver ? I will have Port 443 and 80 open for the website. Also port 22/tcp and 3389/tcp are open but only from 192.168.0.0/24. When i redirect incoming port 443 and 80 to my webserver, ist it possible to reach the other ports or simulate an local Ip adress if someone would be to attack my site ? Also on my Unraid machine there are some Ports open and Security is a high concern for me. Main Goal is to protect access to unraid array data and gaming machine/Phones (sensible personal Data). I also think about assigning the Ubuntu Vm in which the Webserver is running an 1Gb network card and plug it directly into the pf sense box, giving it an own van and isolating it that way, but i dont have much pcie to spare

4. The primary Usecase for Van´s is to seperate devices, but is it still possible to let choosen devices comunicate it predefinde ways ? im thinking about having my unraid array in an different van then my gaming rig an laptop but want to be able to access samba shares and connect via ssh to my unraid or vm´s that are running on it. My general thaught process goes in the direction of not blocking all connection completly, more like have a whitelist of services etc. would this make my network vulnerabel again ? Also if i have my printer, ioT etc in an different van, how can i access them ?

5. Is there Hardware i should avoid or something u can recommend for my purpose ?

6. What are the most important/first steps when scuring a home network ?

7. How "dangerous" ist it in general when u are starting to learn networking and hosting etc. and open up Ports ? (by that i mean im not expirienced in that field but want to know what could happen when i start hosting my website)

8. What do you think in general of the layout ?

im looking forward to your Opinion !