Hey All-

I'm looking for some recommendations on how to set up a secure home network. I'd like to have an internal private lan as well as a webserver, so I want to make sure my internal systems are secure.

I have an unmanaged switch and two routers, so I was thinking of coming off the modem and into the switch, then splitting off into the two separate routers, one for the internal lan and the other for a DMZ or something. I'll probably also put a smoothwall behind each of the routers too.

I'm not a network security person so I would appreciate any suggestions, proposed revisions, new ideas or network layouts, and reasons behind your choices. If I can provide more information about my specific situation, please let me know.

Thanks so much. :)

Selym

modem to router router to switch plug computers and devices into the switch that will have internet access, turn firewall on in modem forward port 80 to the webserver box.

Hello freshfitz,

Thanks for replying. So you're saying to go with one router into my unmanaged switch which will have my personal LAN on it as well, right? Will my personal LAN be vulnerable at all? Do you suggest putting a second firewall between the switch and my internal LAN machines? I will put my LAN machines on a private, different subnet of course, but I guess I just want to be absolutely sure I'm doing all I can to try and prevent intruders or snoopers.

Thanks again for taking the time to write. Much appreciated.

Selym

modem to router router to switch plug computers and devices into the switch that will have internet access, turn firewall on in modem forward port 80 to the webserver box.

The firewall inside the router will be able to supply the security there is no way they can route from the internet address to your internal through the firewall unless you open up vulnerable ports

Thanks Freshfitz. I appreciate the replies.

-------------------------------------------------------------------------------------
I've heard you should shut wireless off for the router in which you are forwarding ports, although I'm not exactly sure why.

Should the webserver be placed in the DMZ?

Anyone else have any words of wisdom or a different opinion on the best way to set this up?

If you can afford a machine to do nothing but act as a firewall, I would place it between the modem and router. Otherwise, I would do the same: modem -> router -> switch. The current wave of routers allow you to specify an IP Address for the DMZ machine.

Wireless is like the hubs of old. They broadcast everything to everyone. It was very easy to snoop on a hub and it is just as easy in the wireless realm. How that relates to forwarding ports, I am uncertain. Wireless is simply a bad hole if it gets infiltrated.

Nothing is impossible. Just because you have a router does not mean your internal network is safe. Machines on my internal network run their own firewalls and I have gone a few extra steps to pick an internal network that is not standard (192.168.0/1.x is "standard"). (I do not have a dedicated firewall machine)

I do not know where the webserver should be placed. I generally only run one when I have a reason (ie: on vacation or a friend needs access)

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.