Currently my home/SOHO network is a mess. I have devices from laptops, mobile phones, hi-fi gadgets used for personal use of me, wife, children, guests … to workstations, servers, Proxmox and VirtualBox virtual machines used for my work/business … to cameras, IoT devices, one Access Point on the other part of the house ….
And everything is driven by consumer wifi router Linksys EA9500 connected to internet by ISP’s modem. In between I have two unmanaged switches
All devices have IP address 192.168.1.XXX, usually DHCP, some DHCP reservation, some static. Have no DNS.
To access some of my home servers from internet (when I am on vacation or i.e. have some contracted developer to work on my database) I use port forwarding with Putty SSH tunnelling.
For now it all works … I can use my databases from my applications servers … so I can do development and my business is running, wife is happy … she can do her design stuff, hi-fi is working. But I know it as a mess … and I have a bad feeling to create a public accessible web page on my servers or open my web applications for testing for my clients or create i.e. create NextCloud installation and make accessible it to my clients.
I want to create better setup gradually without breaking current “working” setup and using existing hardware as much as possible. I have a decent set of servers, network cards, … which are underutilized. I am SW developer, I can create/manage Proxmox and VirtualBox environments, databases. Networks, firewalls ,DNSs, VPNs … are my weak side.
My general goal is to fix this mess and to segment/split network to make things more secure: so my servers using for my business should not be accessible from network where other family member’s gadgets are or where IoT gadgets are.
Other goals are:
As already mentioned, these goals should be achieved gradually … without breaking everything which works now.
I am sure some of you also faced similar challenges. What do you suggest? How should I start? The goals make sense or you have some other view …
Regards,
Sašo
And everything is driven by consumer wifi router Linksys EA9500 connected to internet by ISP’s modem. In between I have two unmanaged switches
All devices have IP address 192.168.1.XXX, usually DHCP, some DHCP reservation, some static. Have no DNS.
To access some of my home servers from internet (when I am on vacation or i.e. have some contracted developer to work on my database) I use port forwarding with Putty SSH tunnelling.
For now it all works … I can use my databases from my applications servers … so I can do development and my business is running, wife is happy … she can do her design stuff, hi-fi is working. But I know it as a mess … and I have a bad feeling to create a public accessible web page on my servers or open my web applications for testing for my clients or create i.e. create NextCloud installation and make accessible it to my clients.
I want to create better setup gradually without breaking current “working” setup and using existing hardware as much as possible. I have a decent set of servers, network cards, … which are underutilized. I am SW developer, I can create/manage Proxmox and VirtualBox environments, databases. Networks, firewalls ,DNSs, VPNs … are my weak side.
My general goal is to fix this mess and to segment/split network to make things more secure: so my servers using for my business should not be accessible from network where other family member’s gadgets are or where IoT gadgets are.
Other goals are:
- create some sort of VPN access to my network (better then port forwarding with SSH tunnel) than I can grant access to my resources for i.e. contractors
- create some sort of reverse proxy so I can create some web site or service like NextCloud and share it to outside world
- protect my network from malign intrusions from outside world
- use some form of DNS (now I have to operate with IPs when connect i.e. databases with application servers, and have problem to remember or see and make mistakes when typing)
As already mentioned, these goals should be achieved gradually … without breaking everything which works now.
I am sure some of you also faced similar challenges. What do you suggest? How should I start? The goals make sense or you have some other view …
Regards,
Sašo