tempforever said on Mon, 31 Jan 2022 21:11:55 -0500
>o1bigtenor via Dng wrote:
>> Wondering about physical setup.
>> I had thought of running my network (part of it at least) like this:
>>
>> WAN == router == firewall == managed switch == complicated network
>>
>> It has been suggested to me that I should combine the router and
>> the firewall functions into the same machine. Which option (combining
>> functions or separating functions) gives a more robust network?
>>
>> Where would a pihole function in this scenario?
>>
>>
>My home network:
>
>WAN (modem) == router/firewall == switch == uncomplicated network
>
>The pihole resides as part of the uncomplicated network, plugged into
>the switch.
>
>My consumer router/firewall has unused ports; it could have gone in one
>of them.
>
>In any case, I'd recommend it being inside the firewall with the rest
>of the network.
Very soon I'll build myself an OpenBSD/pf firewall/router. At that time
I might set up something like the following:
11.22.33.44 0.0/24 100.0/24
INTERNET======SPECTRUM_MODEM_FW/ROUTER====BSD/PF======WIRED_LAN
\\
\=====WIFI_ACCESS_POINT=====Laptops
0.0/24 0.0/24
The preceding leaves the Spectrum modem/firewall/router/wifi open to
the 20005 attack, but that attack can't go anywhere easily. I'll try
very hard to disable the Spectrum's wifi. The OpenBSD/pf will protect
the wired network from packets initiated from the Internet or from the
wifi laptops. I might leave ports 80 and 22 open to the laptops so they
can get house websites or ssh in. Also, I'll need to have them receive
DHCP from somewhere, and try to configure the DHCP to specific MAC
addresses.
SteveT
Steve Litt
Spring 2021 featured book: Troubleshooting Techniques of the Successful
Technologist
http://www.troubleshooters.com/techniques