retihnking to my home lan

[ugo1]

Hi

I'm rethinking to my home lan. Now it's Mixed cable/wi-fi lan that start with with an ADSL router USR9108 and two wifi extender. the goal is to isolate a computer which must make as internet server (p2p, wb ftp) so it must accessible from the internet. In the same time I need that rest of the internal lan can't be accesible if my internet server will be hacked. I think a these schema

ADSL modem ---> G108T ---> Vlan1 Internet server
|------> Vlan2
|------> HOME PC1
|------> HOME PC2 link1
|------> HOME PC2 link2
|------> HOME SERVER link1
|------> HOME SERVER link2
|------> WNDR3700 for Wi-fi support




Is this a good way to secure my computers?
I also need to link HOME PC1 to the internet server I need two lan card, two different ip address, right?
Is the 16 port swich (8 port could be a limit for the future) by netgear a valid product?
Is the MBR624GU adsl router a good router (for good router I intend a router which is capable to reconnect the ADSL line automatically (the usr 9108 isn't.....)
Which extender I need to use to extend the wi-fi signal?

Regards

Ugo

 

[ugo1]

Hi think a bit to my new lan configuation (see picture below)

I decise to go for the procurve 1800 24G because is fanless

Question how are secure are the computers on lan in the case that the internet server is hacked? Obviously nat rules are set on the router

How can I lik the Home computer 1 to internet server with break the security level (if exist)?

Regards

Ugo

 

[thiggins]

If any machine on your LAN is compromised, then all can be at risk unless they live on different VLANs. That's why all machines and the server need to run up-to-date anti-virus and anti-malware apps.

I don't understand your second question.

 

[ugo1]

If any machine on your LAN is compromised, then all can be at risk unless they live on different VLANs. That's why all machines and the server need to run up-to-date anti-virus and anti-malware apps.

I don't understand your second question.

I'm interested if only the internet server is compromised will the Vlan isolate it from the rest of the private Lan?. Home and internt server are linux one and of course MS computer has an antivirus

For the second question I need to able to download / upload files from the Internet server. In my layout that is impossible. Or is possible because of the router?

Regards

Ugo

 

[thiggins]

As I said, if the server is separated by a VLAN, then machines on the other VLAN won't be able to communicate with it.

To have a LAN machine communicate with the server, you would need to put it and the server on the same VLAN. You may need to use its LAN IP address instead of its host or domain name if your router doesn't support NAT loopback.

 

[ugo1]

As I said, if the server is separated by a VLAN, then machines on the other VLAN won't be able to communicate with it.

To have a LAN machine communicate with the server, you would need to put it and the server on the same VLAN. You may need to use its LAN IP address instead of its host or domain name if your router doesn't support NAT loopback.

Hi

Some days of holiday make my needs more clear. I substantially need to talk with the internet server http and ftp services using a vpn connection I also need NAT rules for p2p services. All mantaining a good home level of security
I also thought that the link from the internet server to one of the home computer can be done using a second ethernet card without using the swich and using a crosover cable with a different IP class.

Ugo

 

[ugo1]

Hi,

I know are passed two months (I'm bit slow to take my decision) but ideas probably now are more clean

I decided to go with a bipac 7404VGO router which support vlans. The new schema

Procurve Vlans Sets
Vlan 1 Gaming computer lan 1 Internet server lan 2
Vlan 2 Gaming computer lan 2, Home Server lan 1, router vlan1
Vlan 3 Gaming computer lan 2, Home Server lan 2 & 3 , printer lan
Vlan 4 Office computer lan 1, Home Server lan 2 & 3 , router vlan1, printer lan

With the bipac 7404VGO Vlans I suppose I think I have isolate the internet server (P2P mainly use) from the rest of the lan, is that correct? Bipac 7404VGO Vlans truly separate the lans?

Now I would like to access the internet server from the internet using a VPN connection and I want to use the bipac 7404VGO router with his PPTP protocol. This meas that the will assign to the external connection a given IP address (of my choice). Here I have a big problem. I want that the user can reach only the internet server. How to reach this result?

the server will be linux based and the other computer are Windos based

A big thanks in advance for who will have the patience to help me to finish this project.

Regards

Ugo Merlini

 

[ugo1]

Up

hoping that someone can help me

Ugo