Thoughts on my plan for a home network?

[truckerDave]

Not really any questions to be answered in this reply. It's more of a "Me thinking out loud" kind of post.

Well, I think I have everything I need to get this set up. Although, I could use some short ethernet cables. 25 and 50 footers are a bit much when everything is within 10 feet of one another. I am still undecided how to best give PC 1 and PC 2 access to the Server while allowing me, and only me, access from the web.

So far, I have the OPNsense firewall running. However, with no rules added as yet. I have initially configured the switch well enough that I can reach both the switch GUI and the OPNsense GUI and get out to the internet using PC 1.

Next up, I think I'll have a look into getting the server connected to this network and figuring out how to connect to it from PC 1. A trivial task for some, I'm sure. But I'm still learning. Which is one of the main reasons for doing this. It would be simple to eliminate the firewall and switch and have everything connect to the ISP router. My "network" has been running like that for decades.

Or maybe I'll delve into OPNsense? I guess that would make sense as it's the gate keeper. And If I can't get it doing what I need it to do, all of this is for nothing. Right?

 

[jpnilson]

I would tell you not to put too much faith in your firewall as the main line of defense. It is useful but very important to harden all of your systems and observe good security hygiene. You can have all the security in the world and someone connected to your network opens an email and clicks on a link and you can imagine the rest. I use Pfsense for internet facing things and vpn. For these things I also use a dmz network. when in the dmz you cannot communicate into my internal network. If I need to communicate with things in the dmz I use a terminal server. All of that is quite paranoid and you really need to determine what you want to do. I guess end of day I consider all security measures as speed bumps. If its valuable encrypt it.