Page 2 of 2 FirstFirst 12
Results 11 to 18 of 18

Thread: Network (hardware) setup diagram - correct?

  1. #11
    Join Date
    Feb 2019
    Location
    Virginia
    Beans
    16
    Distro
    Ubuntu 18.04 Bionic Beaver

    Re: Network (hardware) setup diagram - correct?

    Adding this: http://www.dslreports.com/faq/16077
    Breaks down the various connection scenarios using a 2nd router with the Verizon Actiontec modem/router. Scenarios 3, 4, & 5 avoid the double NAT problem; however, 4 & 5 involves bridging.
    Option 3 which is what I have set up appears to use the Verizon router as primary (internet & routing) and my TP-Link router as a switch.
    Selecting the correct configuration is the first step it seems. I can buy additional equipment if needed.

  2. #12
    Join Date
    Nov 2008
    Location
    Metro Boston
    Beans
    13,773
    Distro
    Kubuntu Development Release

    Re: Network (hardware) setup diagram - correct?

    Quote Originally Posted by TheFu View Post
    But does the Verizon still do NAT or can it be setup in bridge mode?
    Both my routers use NAT. The Archer has a DHCP connection to the LAN side of the Verizon router.

    I don't see any advantage in using a bridged router.
    If you ask for help, do not abandon your request. Please have the courtesy to check for responses and thank the people who helped you.

    Blog · Linode System Administration Guides · Android Apps for Ubuntu Users

  3. #13
    Join Date
    Mar 2010
    Location
    Squidbilly-Land
    Beans
    15,628
    Distro
    Ubuntu Mate 16.04 Xenial Xerus

    Re: Network (hardware) setup diagram - correct?

    A flat network as shown provides little to zero security.
    * subnet for "devices" - TVs, video players, all wifi stuff. I treat this like it is internet/untrusted
    * subnet for internet facing services, always wired.
    * subnet for trusted services, always wired,
    * subnet for trusted desktops, always wired.

    Setup exact firewall rules to allow only the required connection between these subnets for specific clients.
    Devices using DHCP should be avoided, unless they are using IP reservations. Any "guest devices" don't have any firewall access except to the internet.
    Servers and desktops (non-portable devices) get static IPs on the correct subnet for their purpose.

    If you get really secure and have lots of data, you might want a physically separate storage/admin network for backup and access only by trusted clients. Beware, this other connection may provide back-network access if it isn't handled correctly.

    I would begin by making a detailed list of every device and every service you will run on each device. Then assign them to a subnet. Services on a single device or VM that belong on multiple subnets need to be split apart.

    And always remember that VLANs are just suggestions. They don't provide real security if the physical connections are shared.

    The main reason to use the WAN router in bridge mode is to remove any belief that the ISP management provides **any** security. Make no mistake, the ISP totally controls that box. My ISP would reset any password I entered back to the default every night when they changed their WAN-admin password. They did that to prevent any fired techs or remote support people from having access more than their last day of work.

    They can see all the devices on that LAN from that 1 box. But in bridge mode, they only see what YOUR WAN router allows. Just something to consider.
    Last edited by TheFu; 3 Days Ago at 10:21 PM.

  4. #14
    Join Date
    Feb 2019
    Location
    Virginia
    Beans
    16
    Distro
    Ubuntu 18.04 Bionic Beaver

    Re: Network (hardware) setup diagram - correct?

    Here is what I can imagine so far. I'm not sure I have them in the right category but the "what I have" is correct. Is it reasonable that the 3 trusted services I have listed could all run on 1 metal server box? I've read elsewhere where some will use a separate physical server (Rasberry or other) to serve media or cloud...but I'm thinking my 1 box could handle it all?

    * I may eventually set up an offsite backup server but that can wait.

    Internet/Untrusted devices:


    1. Verizon Set top TV box (room 1) – Coax Connection to wall which leads to the Verizon ONT
    2. Verizon Set top TV box (room 2) – Coax Connection to wall which leads to the Verizon ONT
    3. Apple TV (wi-fi)
    4. Sony BluRay player (wi-fi)
    5. 3 Personal laptops (wi-fi)
    6. 3 iPhones (wi-fi)
    7. 1 iPad (wi-fi)
    8. 1 Corporate issued/owned laptop (wi-fi), uses it’s own software (Cisco Any-connect) to connect via VPN to the corporate intranet.


    Internet Facing Services (Wired)


    1. ?


    Trusted Services (Wired)


    1. NextCloud Server (Ubuntu Server)
    2. Music Server (Ubuntu Server)
    3. Storage/Backup Server (Ubuntu Server)


    Trusted Desktops (Wired)


    1. Gaming Desktop PC (Windows 10)
    2. Daughter Desktop PC (Windows 10)


    I have learned recently about subnetting & available hosts in each range so I'm starting to visualize how the separate subnets would be addressed.

    As for the routing, if I put my ISP modem/router in bridge mode and use my WAN router to control the networking (as in configuration #4 in my earlier verizon link), would there be any VPN related problems due to the bridge mode?


    -------------
    Unrelated, is it wise to do my first real install of Ubuntu Server using the version 18.04.1 or 18.04.2 (just released, newer kernel)? I've read that some recomm. starting with version 16. as it's more seasoned. I plan to set up the server this weekend.

    Thanks to everyone for the help. Much appreciated.
    Last edited by aljames2; 2 Days Ago at 04:11 PM.

  5. #15
    Join Date
    Feb 2019
    Beans
    1

    Re: Network (hardware) setup diagram - correct?

    Today I taking a look at the home networking hardware and Understanding Home Networking Through Network Diagrams

  6. #16
    Join Date
    Sep 2011
    Location
    Behind you!
    Beans
    1,040
    Distro
    Ubuntu 16.04 Xenial Xerus

    Re: Network (hardware) setup diagram - correct?

    Quote Originally Posted by aljames2 View Post
    is it wise to do my first real install of Ubuntu Server using the version 18.04.1 or 18.04.2
    There is a much bigger difference setting up a 16.04 server verses 18.04 than between 18.04.1 and 18.04.2.

    Personally, I would ALWAYS setup a server with the most current release and try and make that work first before going older. Sure, there are a lot more tutorials out there for 16.04 than 18.04 and some applications require older libraries but you eventually will want to move into the current release so why not start there first.

    On my site (in sig), I have detailed steps on installing a production-level server for 16.04 and 18.04 as well as how to install NextCloud and MariaDB for both versions.

    Nothing you mentioned as far as I can tell would require the 16.04 version. My servers were installed with the 1st version of 18.04 and have auto-updated (with my scheduled scripts) to 18.04.1 without any issue as well as recently going to 18.04.2 automatically without any issues at the OS or application level for what I am running.

    Sticking with the LTS version "is" your stable option. Using the in-between versions (odd numbers like 17.01 / 19.01) are not wise decisions for server scenarios unless there is a specific use case.

    LHammonds

  7. #17
    Join Date
    Feb 2019
    Location
    Virginia
    Beans
    16
    Distro
    Ubuntu 18.04 Bionic Beaver

    Re: Network (hardware) setup diagram - correct?

    Thanks LHammonds, I will be referring to your tutorials very soon.

    -----------------
    I think this network configuration should work fine, similar to @SeijiSensei suggests but since I also have the Verizon TV & features that depends on the Verizon router I need a 2nd bridge:

    Bridging the Verizon Router passes all Internet WAN traffic through, making my TP-Link router primary. Another internal bridge passes data from my router back to the Verizon Router coax LAN for TV SetTopBox data. Without this 2nd bridge my TV's won't work right.

    FIOSbridge.jpg

    Tutorials I've read indicate the effects of this configuration to be:

    PROS:

    • Bypasses the small NAT table in the Verizon Router. NAT limited by primary router, not Verizon Router.
    • TV VOD and guide data supported.


    CONS:

    • May require a HARD reset of the Verizon Router to restore to factory defaults.
    • Not all configuration information saved to config file. Some bridging information lost on a power fail.
    • Switch ports on Verizon Router not available as LAN ports.


    Other forums have support/steps on how to accomplish this in the routers.

    My goal of all this here is to check with the server pros to see if this foundation is viable to build a home network with a VPN setup?
    Last edited by aljames2; 1 Day Ago at 04:09 AM.

  8. #18
    Join Date
    Feb 2019
    Location
    Virginia
    Beans
    16
    Distro
    Ubuntu 18.04 Bionic Beaver

    Re: Network (hardware) setup diagram - correct?

    @TheFu, I have a few questions about your VPN WiFi Simplified diagram if you don’t mind. I see the connection between the ISP router & lab router is LAN to WAN (not bridge mode I’m assuming), does this create a double NAT? The wireless access point, if connected to the ISP router would require that the ISP router not be in bridge mode, correct?

    If instead, the access point were connected to the lab router using a different subnet, would that provide adequate separation?

Page 2 of 2 FirstFirst 12

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •