F5F Stay Refreshed Power Users Networks Starting at HomeLab? Need guidance on setting up your firewall and network.

Starting at HomeLab? Need guidance on setting up your firewall and network.

Starting at HomeLab? Need guidance on setting up your firewall and network.

S
Samu02
Member
Find
184
03-10-2016, 09:36 AM
#1
I recently dove into the HomeLabs rabbit hole after realizing I needed a password manager. I opted for self-hosting Bitwarden_rs so I could also share it with friends and family who weren’t as tech-savvy. While setting that up, I thought about expanding my services. All this is currently hosted on an older HP machine: |CPU| i7 8 core 2.4Ghz| |Ram| 8Gb| |Network| 1 x RJ45 and 1 X Wireless| |Storage| Crucial CT525MX3 512GB| I’m using 100Mbps down and 10Mbps up (the maximum my ISP allows in my area). It connects through a basic modem box. The public IP is assigned to my D-Link router (a new model this year with all the features I require *See note*). The router supports a virtual server that routes ports 443 and 80 to my Ubuntu server. My current network layout resembles this: Current Network Map I’m trying to determine the safest path to make the server internet-accessible while protecting its data and keeping other devices secure. If this is the future setup I want, key changes include moving the server to a Proxmox VM and installing an OpenVPN firewall inside a VM. To add a NIC, I’d need a USB-to-RJ45 adapter on my laptop. The main challenge is ensuring the system has enough resources for Proxmox, Ubuntu, and OpenVPN. Another idea is using an older router with DD-WRT to set up a DMZ for the server, so it stays isolated. My goal is to extend Wi-Fi coverage throughout the house. Ideally, I’d restrict outgoing ports to only 443 and 80, directing traffic through a reverse proxy if possible. I want to run additional services like DnD VTT, Home Assistant, and Extend. I’m open to adding more hardware later. Right now, I’m focused on experimenting with what I have at home. I already have a personal domain linked to my home network via DDNS, and the client runs on my D-Link router. In short, I’m seeking guidance on transitioning from my current configuration or if I should keep things simple. If the D-Link router works well and meets all my needs, that’s sufficient. Thank you for your assistance. I’ve tried to include as much detail as possible and will add anything else you suggest. TLDR: I recently configured an old laptop as a home lab. I need advice on securing both the server and my local network. Note: The D-Link router is performing well, offering all necessary features like DCHP, DDNS, and virtual servers. My only concern is its VPN capability—only L2TP over IPSec is supported, and I’m unsure about its firewall/firmware security. My plan is to bypass it and use WireGuard on the Ubuntu server instead.
Reply
Reply
S
Samu02
03-10-2016, 09:36 AM #1

I recently dove into the HomeLabs rabbit hole after realizing I needed a password manager. I opted for self-hosting Bitwarden_rs so I could also share it with friends and family who weren’t as tech-savvy. While setting that up, I thought about expanding my services. All this is currently hosted on an older HP machine: |CPU| i7 8 core 2.4Ghz| |Ram| 8Gb| |Network| 1 x RJ45 and 1 X Wireless| |Storage| Crucial CT525MX3 512GB| I’m using 100Mbps down and 10Mbps up (the maximum my ISP allows in my area). It connects through a basic modem box. The public IP is assigned to my D-Link router (a new model this year with all the features I require *See note*). The router supports a virtual server that routes ports 443 and 80 to my Ubuntu server. My current network layout resembles this: Current Network Map I’m trying to determine the safest path to make the server internet-accessible while protecting its data and keeping other devices secure. If this is the future setup I want, key changes include moving the server to a Proxmox VM and installing an OpenVPN firewall inside a VM. To add a NIC, I’d need a USB-to-RJ45 adapter on my laptop. The main challenge is ensuring the system has enough resources for Proxmox, Ubuntu, and OpenVPN. Another idea is using an older router with DD-WRT to set up a DMZ for the server, so it stays isolated. My goal is to extend Wi-Fi coverage throughout the house. Ideally, I’d restrict outgoing ports to only 443 and 80, directing traffic through a reverse proxy if possible. I want to run additional services like DnD VTT, Home Assistant, and Extend. I’m open to adding more hardware later. Right now, I’m focused on experimenting with what I have at home. I already have a personal domain linked to my home network via DDNS, and the client runs on my D-Link router. In short, I’m seeking guidance on transitioning from my current configuration or if I should keep things simple. If the D-Link router works well and meets all my needs, that’s sufficient. Thank you for your assistance. I’ve tried to include as much detail as possible and will add anything else you suggest. TLDR: I recently configured an old laptop as a home lab. I need advice on securing both the server and my local network. Note: The D-Link router is performing well, offering all necessary features like DCHP, DDNS, and virtual servers. My only concern is its VPN capability—only L2TP over IPSec is supported, and I’m unsure about its firewall/firmware security. My plan is to bypass it and use WireGuard on the Ubuntu server instead.

Reply
Reply