I'm working on redesigning my home network since we will be moving, and I'll no longer have my wireless secured just by how it is (in basement and large house / lot). Also, I'm doing serving, and I need to get the server off my lan.
This is what I've come up with so far.
I'm going to be setting up a custom firewall, partially for learning needs, partially because I didn't see anything that does all that I want.
1. Can the IDS go on the gateway itself, or does it have to be it's own box? If it is it's own box, where does it go?
2. I want to be able to tunnel to the private network, either from the wireless network (which will be outside the private network) or from wherever I happen to be. Can I run a VPN server on the server? It will be supplying 3-5 machines internally, and probably 1-2 externally. Is this the best setup for the wireless?
3. I may want more then 1 subnet on the private network depending on design and tinkering. I don't really want another NIC in that gateway, can I run them off the one NIC without any real issues?
4. Where should a caching proxy server and my network DNS server go? I will be running a web DNS server and backup on the servers, should I also hit those for DNS lookups from the client machines on my private network? Also, should the gateway run the caching proxy server, or should it be another machine inside the private lan?
5. I like being able to do ssh user@host. How hard is that to setup? I know it can be done with NIS, but as far as I am aware, that doesn't work very well with OSX. Can it be done with DNS?
6. If I want more then one base station for max coverage, what would be the best way to run those while still keeping security? A switch on that NIC and a cable to each, or what?
More questions will probably come later.
Thanks,
Scott
Top
