Jump to content
Posted 18 February 2015 - 06:56 AM
Posted 18 February 2015 - 11:09 AM
Yep way overkill for a home network. Problem I see here is you are designing a network based on no understanding of what are the risk vectors. For example what you protecting yourself from with multiple firewalls? Do different subnets provide security?
You also have an issue with the mifi. Mifi is a direct wifi connection to the mifi device. Great for getting [usually limited to 5 connections] wifi devices directly connected to the internet. Might want to consider just using this as your guest network and bring in a dsl connection for your main network. I am curious to know how you are going to connect a firewall to the mifi.
Alternatively they do make wifi routers that have guest wifi networks that are isolated from the main network.
Instead of routers you may want to consider a managed switch and using vlans to protect your devices from each other.
Posted 18 February 2015 - 01:17 PM
If your primary purpose is to learn, I'd suggest getting a smallish Mikrotik router. While not particularly intuitive they do have a decent web interface and lots and lots of online advice and assistance on a wide range of topics. And they are inexpensive. The RB951 series is a nice smallish home WiFi router, the RB2011UiAS-2HnD-IN is a bit more "industrial". These models have WiFi but I haven't played with that part of the setup so I don't know it's full capabilities, but they can act as a wireless client to your MiFi, so you could choose to use it to isolate a small wired subnet or take on a larger role and isolate your whole in-home network. Mikrotiks allow you to configure individual ports as router ports, rather than the typical one uplink and a four port switch. I use an RB750GL (no WiFi) to isolate my lab from the rest of the house, similar to what you are doing. I configured a 192.168.10.x network for the lab and set firewall rules so it can only reach the Internet, not my other LAN, and then only on certain ports (I get a lot of "diseased" computers in the lab to work on.) I log all attempts to outbound access other ports, which helps track down badness in the machine in some instances (usually the C&C servers of malware). I like the Mikrotik (we use them at work as well) because, once you learn a bit, it's pretty easy to work with, particularly the firewall, and the volume of info available on the net is impressive. You do have to be aware of version differences though. It's worth sticking with relatively recent tutorials. This isn't a trivial solution, though. You will probably spend a week or two getting your head around it before you get it working more or less the way you want it to.
Posted 21 February 2015 - 08:35 PM
As mentioned building a network behind a MIFI is going to be difficult. Depending on to what extend your trying to learn most corporate networks are designed Modem--->Firewall/Router----->Layer 2 switch---->Wireless Access points and computers. The Vlans can be created on the router and 802.11Q tagging can be performed on the switch. Just starting out you can do everything with a Cisco WRVS4400 you should be able to find a used one. This will allow multiple wireless networks, Vlans, IPSEC VPN, and a SPI firewall. You can even use the built in Switch to separate the VLan's
Edited by Sneakycyber, 21 February 2015 - 08:35 PM.
Systems and Network Engineer
Certified CompTia Network +, A +
0 members, 0 guests, 0 anonymous users