Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Network setup questions

    Scheduled Pinned Locked Moved General pfSense Questions
    1 Posts 1 Posters 725 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R Offline
      raw0ats
      last edited by

      Hey everyone, I am not sure this is posted within the right location but I will try my luck here.

      I have decided to redo the whole network in my home after having strange internet activity where just using 1 windows 10 pc and an xbox one at the same time resulted in using 80% of a 100mbps/100mbps fiber fios line. I could not find any major malware on the windows 10 pc but will be doing a complete reinstall before connecting it back to the network. Aside from that there are a number of other devices that connect to the network and I would also assume the layout of the network was not optimal for the number of devices connected. This is also another reason for changing things up. I did run things like snort and wireshark for a time and tried to anaylze the packets myself but do not exactly know what I was looking for at the time. I figure it might just be easier to start fresh and reset all devices, bringing one up at a time to a new network.

      Just to lay out all the general details and what I want to do/ am curious about if it will actually work/ having incoming suggestions from everyone here on various setups.

      -I currently have a gaming pc on windows 10, surface pro 3 on windows 10, raspberry pi that I am currently using for web browsing as I still need to reinstall the OS on other devices because of the number of resources being used while using them as well as while they are on the network. In addition to those devices there is another laptop on windows 10 that can single handedly use up to 70mbps with just web browsing which I suspect to be part of the problem here. I tried modifying the firewalls on either windows 10 pc but find it will just be easier to do a fresh install of windows on each machine as I cannot find any notable malware that would cause that kind of network usage.

      There is also a few blue-ray players that the family would like connected  and wifi is the only option for those, however I would like to not use UPnP. Also 3 direct tv dvr's that are connected to the internet using the CCR kit. Also about 4 phones connected with wifi and then occasionally another laptop.

      -I was thinking about having a type of physical DMZ setup for the gaming pc and xbox one that way I could forward whatever ports are needed on the xbox and have a cone nat handled by the first router connected to the Wan cable from the ONT.

      • The setup I was considering would go like this – ONT →  Router 1 doing DHCP/DNS/NAT → Layer 2 or 3 switch with xbox one, gaming pc connected to their own interface using Vlan for those two between router 1 and this switch → pfsense box connected to another interface on previous switch on separate Vlan pointing back to Router 1 → Layer 2 switch 2 running Vlan for wifi and then Vlan for other associated pc's that are connected with ethernet

      I was thinking about running ClamAV, Snort, and maybe a few other packages as well as openvpn on the pfsense box and have already squared away a build that would be complete overkill for running all that and providing openvpn. For more clarity I plan on piecing together a C2758 with pfsense run on an SSD with 8 gb of ram.

      My main concerns are with the first router and first switch in terms of what to use for that. I realize I need a switch that can perform Vlan but am unsure the level of capabilities for that in the difference between a layer 2 or 3 switch between ip vlan routing and mac address vlan routing. I am also concerned with ip address spoofing which is why I think a layer 3 switch in this case might be a better choice to do ip based vlan routing between the pfsense box and gaming vlan coming off router 1through the first switch. Once traffic goes to the pfsense box I plan on having that drop everything unless requested from within however, I am somewhat under the impression that having a cone nat will perform similarily from the first router and I would like to avoid double nat. In order to do this I would need to do static dhcp if I am understanding correctly. That also makes me question though the various protocols such as arp and stp and how those would fit in with this setup and with a layer 3 switch as the first switch. I am thinking since vlans would separate these and the switch would need to be configured to not do intervlan routing which makes me question the real need for a layer 3 switch as switch 1. I am also thinking there are masqurading rules that can be set so double nat does not occur and will not be a problem. I am thinking as long as the first router and first switch support 802.1Q I should be fine with a layer 2 switch.

      I have also tossed around the idea of using one of those netduma routers that have a custom OS running on mikrotik hardware so that I am able to use some of those features with my xbox and enable the one touch vpn and just insure router 1 has vpn passthrough support which would mean I would have to have something capable enough to handle throughput for an xbox vpn through the netduma as well as the vpn associated with the pfsense box. I am unsure whether the netduma supports vlans so I almost think a switch may be better in this case but I will have to do more digging.

      This brings me to what initial router I should be using and I am also having trouble with that. Since I mainly want it to route as fast as possible for the traffic load I am thinking I am going to need something other than a consumer router. I have read that a cone nat is best for xbox and that can be achieved by linux based routers such as routerOS, monOWall or however it is spelled, or even just a machine built to run a linux server to do the routing. It seems mikrotik boards running routerOS might be the best bet here and it may play nicely with the netduma or a mikrotik switch as switch 1.

      So overall I am thinking Mikrotik router rb2011routerOS L5 and up as router 1, netduma or a routerOS switch as the first switch and then my outlined pfsense box after that. I have everything else needed for the network already aside from those 3 things.

      I am curious to what you guys think about the setup, and if everything listed is actually needed or could be tweaked differently. I have questioned whether the first switch is even needed since the xbox, gaming pc, and pfsense box can have their own interface on router 1 and just use vlans. The only reason I thought to have a switch there was based on some dmz suggestions someone made on their website, however I feel like the more involved details of it were left out. Aside from the switch having the netduma with vpn capabilites for the xbox seemed intriguing and the other features they mention like using a specific range for connecting to games, however I have been reading most people have more problems than not while trying to use that router. This makes me think that maybe not having the xbox and gaming pc in a physical dmz is even worth it because I can have the pfsense box do most things that netduma advertises to an extent which factors out even needing an additional router where the pfsense box I previously mentioned and some vlans on another switch would be more than capable to handle all of my network needs.

      I have been mulling over what to do about this for quite some time and figured getting input from others might be worthwhile and I appreciate anyone who has stuck through my train of thought here for this long. I do not know much about networking but I feel I have a small starting base from all the research I have done in the past week to get everything up and running when the time comes.

      I appreciate any feedback I may receive from this as it will only help the learning process and grant me better knowledge to make a better decision before dropping hundreds of dollars on anything. I do also realize the pfsense box I mentioned building is complete overkill for the connection being bought from fios but I figured the raw cpu power for the packages and multiple devices would be needed just to get packets through the box at a quick and efficient rate.

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.