Hi guys, I'm looking for a bit of advice. I also have no clue where to post this so you looked like the best first port of call.
This is gonna be long so I apologise in advance for that.
Computing is a hobby for me, I'm a chef by trade, but love playing with anything electrical. Everything I have done has been self taught, and I have no professional experience whatsoever in it. With this hobby, I suspect my little network isn't setup in the best/most efficient/most secure way in the world. So I would like to rebuild it to be as secure and as efficient as it could be my skills and knowledge permitting.
The hardware consists of 3x raspberry pi, 1x banana pi r1, 1x atx pc, 1x virgin cable modem, 1x netgear router flashed with ddwrt and 1x Gbps Switch, all in a custom cabinet under my TV. There is more going into the switch from elsewhere, but they wont have web facing services on them.
I have, over the past couple of years had setup everything (except a proper firewall) I want to accomplish again, and most if not all is still working, but after two years playing, realising the error of my ways and more importantly, a recent addition of a full atx pc, plus rewiring and adapting the enclosure, i've decided its time to reconfigure all software.
The Virgin Modem goes into the DDWRT router, which then goes into the switch
The 3 raspberry pi's go into the Banana PI R1, on a seperate subnet to the rest of my home network, The BPi R1 then goes into the switch.
The Atx has 2 network ports, both go directly to the switch.
In my head I'm thinking of spreading the services across the machines like so
Router = DHCP Wifi
ATX Server = (Internet Facing Web SQL VPN Firewall FTP ) + (Local File Servers{NFS & Samba}KVM PXE VNC)
BPi R1 = (Internet Facing DNS) + (Local File Backup & Replication)
Raspi1 = Local HTPC, Tvheadend DVR
Raspi2 = Internet Facing Email Server
Raspi3 = Central Heating Monitor and Controller (Python based)
First few questions in my head....
Is it safe having those services running all on the ATX Server (I know the answer is probably no, but is it common practice).
If not, which would you look at moving?? And what method of segregation would you use?? (Off to one of the raspi or VM on KVM host)
Then....
Is the ddwrt router giving me an extra layer of security, or would it be best to move those services over to the server. I'm thinking of moving over the WiFi with a PCI-e card for some external aerials as the router has none. Should I just do away with the router altogether or keep it??
Thanks to whoever got this far let alone to whoever reply's.
Cheers
Iain
This is gonna be long so I apologise in advance for that.
Computing is a hobby for me, I'm a chef by trade, but love playing with anything electrical. Everything I have done has been self taught, and I have no professional experience whatsoever in it. With this hobby, I suspect my little network isn't setup in the best/most efficient/most secure way in the world. So I would like to rebuild it to be as secure and as efficient as it could be my skills and knowledge permitting.
The hardware consists of 3x raspberry pi, 1x banana pi r1, 1x atx pc, 1x virgin cable modem, 1x netgear router flashed with ddwrt and 1x Gbps Switch, all in a custom cabinet under my TV. There is more going into the switch from elsewhere, but they wont have web facing services on them.
I have, over the past couple of years had setup everything (except a proper firewall) I want to accomplish again, and most if not all is still working, but after two years playing, realising the error of my ways and more importantly, a recent addition of a full atx pc, plus rewiring and adapting the enclosure, i've decided its time to reconfigure all software.
The Virgin Modem goes into the DDWRT router, which then goes into the switch
The 3 raspberry pi's go into the Banana PI R1, on a seperate subnet to the rest of my home network, The BPi R1 then goes into the switch.
The Atx has 2 network ports, both go directly to the switch.
In my head I'm thinking of spreading the services across the machines like so
Router = DHCP Wifi
ATX Server = (Internet Facing Web SQL VPN Firewall FTP ) + (Local File Servers{NFS & Samba}KVM PXE VNC)
BPi R1 = (Internet Facing DNS) + (Local File Backup & Replication)
Raspi1 = Local HTPC, Tvheadend DVR
Raspi2 = Internet Facing Email Server
Raspi3 = Central Heating Monitor and Controller (Python based)
First few questions in my head....
Is it safe having those services running all on the ATX Server (I know the answer is probably no, but is it common practice).
If not, which would you look at moving?? And what method of segregation would you use?? (Off to one of the raspi or VM on KVM host)
Then....
Is the ddwrt router giving me an extra layer of security, or would it be best to move those services over to the server. I'm thinking of moving over the WiFi with a PCI-e card for some external aerials as the router has none. Should I just do away with the router altogether or keep it??
Thanks to whoever got this far let alone to whoever reply's.
Cheers
Iain
