Select a result to preview

#HomeLab

001 - Network Proposal

My current network is that of a normal home network install. It's mostly as you would expect. A Modem/Router combo, bridged to a mesh router system.

Drawing 2024-08-13 09.11.06.excalidraw.png|500

This is not conducive to running internet facing servers though, as if a breach were to occur the entire home network, including smart TV's, Laptops, Desktops, IoT devices, etc. would be at risk for further breaches. So we must make the physical network more secure as well as the endpoint devices.

The Solution

My solution to this is to visualize a router within Proxmox. I can then create two network interfaces inside PFSENSE to create two networks, a LAN and a DMZ. The LAN will be physically connected to a 24 port switch. The existing Eeros will be put into bridge mode to act as AP's to handle the WiFi portion of the network. The DMZ network will be only be connected to the virtualized servers and strict firewall rules will be applied to the network. This solution fully separates my local network from the internet facing servers and should effectively segment the home network from any possible attackers. As long as endpoint protection is properly maintained, and all firmware and software is kept up to date there should be no concern for a huge threat on the home network.

To achieve all of this, new runs will have to be in place to move the modem into a more favorable position than it currently is in

NetworkDiagram.excalidraw.png|500