How to set-up Local Network

Networking & Firewalls
1

Hi,

I have a home / business network. I’m trying to figure out how to best manage / configure it for improved reliability. The current setup is as follows:

  1. ATT Fibre into an OTA (plugged into the wall no UPS)

  2. Ethernet from the OTA to their Arris Router (pile of Junk)

    • This currently provides DHCP
    • NAT Routing / port forwarding to some web servers I have running in containers
    • They have a local domain of attlocal.net (I can’t change this)
    • Provides an SSID for home wifi (no mesh)

  3. GB Ethernet out of Router into a Cisco switch (SG-200-26) protected by UPS

  4. Ports connected to my home structured cabling

  5. Most of the home devices (N Macs, N PC’s and a printer) are connected by Ethernet

  6. All the rest connected by wifi (iPhones, iPads, etc)

I did have an apple AirPort Extreme connected by Ethernet providing an SSID in bridged mode but it always seemed un-reliable so I shut it down.

I do an apple airport express but that is acting only as a way to get music to an old stereo amp in one room.

So here are my question ?

  1. Can I replace the ATT OTA and get fibre directly into a device of my own ?

I wasn’t at home when they installed the fibre and being the lazy sod’s installers are they just drilled a hole into the nearest room with a plug and installed it there. All of my other stuff terminates in the Garage (cable, Structured wiring, etc)

  1. Can I get rid of the Arris router as its rubbish if so what should I replace it with ?

My Cisco Switch supports Vlans and I would like to put the outside facing Servers in a separate v-lan from my home devices. however, I’m not sure how I would access my web server if that was the case.

  1. I am considering putting a wireless mesh in place as my home is three stories and the router is in the garage. I have been looking at ubiquity as I have enough ethernet to be able to use POE. Also considering Cameras and would like to do the same with that.

  2. In order to access my domain names from inside my network I run DNSMasq on one of the servers to provide the local clients the ability to connect. Problem is I have to configure each device to access the local DNS as the Arris router doesn’t let me change the DNS.

  3. I’d also like to get away from the ISP snooping and utilize some sort of VPN for the whole home.

  4. I’d like to get my IOT devices onto a separate wifi network also.

Any thoughts / ideas gratefully received.

2

Wow sounds like you anticipate being in lockdown for quite a while !

Don’t know your router, but I seem to recall a guy with a youtube video showing how he used SFP modules to get rid of his ISP router. As unhelpful as that is, it might help :slight_smile:

Think most people in this forum, use Pfsense, seems like it will do all the things you want, it will basically run on anything with at least two NIC ports.

Also looked at the Ubiquity APs but were too pricey for me, the TP-Link EAP245 does a good job for my money. Just be sure the AP you do get supports multiple SSiDs/vLANs.

Easy to setup a VPN on Pfsense, if you setup OpenVPN to your home, you can then use your VPN connection via OpenVPN externally.

Yeah vlans are the way to go for your setup, much easier to apply different levels of control to a vlans rather than faff around with individual devices.

3

I think this is the youtube you are referring to - https://www.youtube.com/watch?v=5WWO_4p4UP0

I found it pretty good, he has done a follow up as well. It made me really jealous as I’ve only 80/20 here in the UK, no chance any time soon in getting 1gb fibre, might be lucky if it happens this decade!! :slight_smile:

4

Yep that’s the one, good spot :partying_face:

As it happens Virgin are digging outside, so I suppose Gigabit will be available soon. Though the cost is prohibitive. However, I can’t come up with any reason to have Gigabit on the WAN unless it’s cheap, that won’t happen for another decade.

5

I run some websites from my home network and do various other web development and iOS projects. My weakness in knowledge is the whole Router networking area. I’m thinking of taking an old dell 2850 and see if I can run pfsense on it. not sure how the Cisco Vlans will work or they are just set up in pfsense

6

That 2850 is ok to test out pfsense, but if it’s anything like my 2900 it will be sucking electricity out of the walls. I’ve managed to setup vlans on Pfsense without too much pain then have these link up to a Netgear switch. Seems to all work for my basic home requirements.