TheDubiousDubber
Contributor
- Joined
- Sep 11, 2014
- Messages
- 193
So I'm hoping someone here can help or point me in a good direction.
I'm currently trying to overhaul my network. As a result I'm trying to implement a number of things both to learn and to attempt to fix some problems and prevent others.
Currently I have a few hardwired desktop clients (Mac, Windows, Linux) along with a number of wireless clients (iPad, iPhones, other laptop devices, game consoles and a wireless printer). I also have a dedicated FreeNAS server and a dedicated Hyper-V server. I have a cable connection to my modem which then goes straight to my Sophos UTM which is being used as router/firewall. From there I have the LAN connection going into an X1052 switch which is then run to wired devices as well as the AP for wireless devices.
What I would like to do is securely configure the network to allow certain things and prevent others. More or less I'm looking for some help on segmenting it properly. I would like to be able to host a webserver (for hosting a personal website). To do this, my understanding is that it is best to put this in a DMZ and allow network traffic to flow into but not out of the webserver. So if webserver is compromised there is no access to the rest of the network. I would also like to setup a VPN so I can access freenas plugins (couchpotato, sickrage, sab) from outside my network. I had this working, but it stopped and I never could figure out why (most likely a DNS issue). I've also been unable to get plex working remotely despite having NAT and the firewall configured to do so.
I guess what I'm ultimately trying to get at is the ability to properly setup a number of VLANs and such to segment the network. I want to prevent guests from accessing FreeNAS shares, prevent webserver from accessing anything inside the network, though I would like other VMs to be able to access certain shares. I'm trying to implement common practice in regard to much of it (though I'm not entirely sure what that is in many cases). I do believe it is typical to segment things like IPMI access. There is a lot of information out there and given that most home networks are flat, most of the relevant information out there is in terms of enterprise setups, and that can sometimes be difficult to translate over to what I'm trying to do.
Sorry for the wall of text, but if someone has some suggestions on where to start, a good outline, or some good reading material for a noob like me, I would very much appreciate it.
I'm currently trying to overhaul my network. As a result I'm trying to implement a number of things both to learn and to attempt to fix some problems and prevent others.
Currently I have a few hardwired desktop clients (Mac, Windows, Linux) along with a number of wireless clients (iPad, iPhones, other laptop devices, game consoles and a wireless printer). I also have a dedicated FreeNAS server and a dedicated Hyper-V server. I have a cable connection to my modem which then goes straight to my Sophos UTM which is being used as router/firewall. From there I have the LAN connection going into an X1052 switch which is then run to wired devices as well as the AP for wireless devices.
What I would like to do is securely configure the network to allow certain things and prevent others. More or less I'm looking for some help on segmenting it properly. I would like to be able to host a webserver (for hosting a personal website). To do this, my understanding is that it is best to put this in a DMZ and allow network traffic to flow into but not out of the webserver. So if webserver is compromised there is no access to the rest of the network. I would also like to setup a VPN so I can access freenas plugins (couchpotato, sickrage, sab) from outside my network. I had this working, but it stopped and I never could figure out why (most likely a DNS issue). I've also been unable to get plex working remotely despite having NAT and the firewall configured to do so.
I guess what I'm ultimately trying to get at is the ability to properly setup a number of VLANs and such to segment the network. I want to prevent guests from accessing FreeNAS shares, prevent webserver from accessing anything inside the network, though I would like other VMs to be able to access certain shares. I'm trying to implement common practice in regard to much of it (though I'm not entirely sure what that is in many cases). I do believe it is typical to segment things like IPMI access. There is a lot of information out there and given that most home networks are flat, most of the relevant information out there is in terms of enterprise setups, and that can sometimes be difficult to translate over to what I'm trying to do.
Sorry for the wall of text, but if someone has some suggestions on where to start, a good outline, or some good reading material for a noob like me, I would very much appreciate it.