My current config “works”, but doesn’t mean I could do better.
So this is what im planning on doing, please feel free to let me know what I could change to improve on this.
3 Nics = WAN + LAN 1 + LAN 2 + DMZ + SSLVPN
LAN 1 (my secure lan)
Has DHCP, but only to static address which have been mapped.
Web Proxy is configured to all users in host group “proxy on secure” to internet, else block.
My main desktop pc with a pf rule to allow all services, to Any
3 Home Network Media Players, all unable to access web.
NAS has pf rule for updates.
LAN 2 (less secure, has Wifi Access Point)
DHCP On
Web Proxy Via Auth or Host Group
Firewall Rules Via User Objects
-Web
-Steam
-Steam Games
-windows live
User Part of user group “allowed SMB” has a pf User->Windows Sharing - > NasIP
this will have the desktops of my kids, there Iphones, and watever else
SSLVPN
Configured to allow only users of group “VPN Access”
3 Users, each have access to NAS via VPN, Each have a rule set for remote desktop there own PC
My user can also see talk to all entire network (lan 1, lan 2, dmz, other vpn users)
DMZ
No DHCP (this is my test environment + watever else, and I like it this way)
Can Not Reach Anything but the internet (proxy allows all, so does pf)
Will have my test machines which I need on it
It will also have the family xbox, and my PS3 as-well, should i put these on Lan2?
Now a question worth asking, my NAS is also what I use for torrents, it does have another NIC in it, so do I;
a) Portforward it through LAN 1, and use just 1 nic.
b) use the other Nic, and Bind the torrent port to it, so only listens to torrent requests.
EDIT: ill also want to set up QOS, so LAN 1 has overall propriety, but Lan 2 + DMZ, have Propriety Gaming Traffic.
EDIT2: Excuse any spell/gramma. i just got back from a 2day drinking tour thingy.
Thanks in advance.
This thread was automatically locked due to age.
