News:

Welcome to the Home Network Guy forum!

Main Menu

Learning Networking by Mucking at Home

Started by codeangler, September 02, 2021, 04:47:24 PM

Previous topic - Next topic

codeangler

Let's start with the end in mind.
Overview of what I'm trying to solve/answer/improve:


  • I want to be able to safely / securely host web apps on Ubuntu Server that's accessible from the public internet
  • intermediate step would be to just allow segment 1 to access to segment 2
  • I want to be able to contribute to an opensource   blockchain consensus on an ubuntu server
  • future segment 3 has a Kubernetes Pi cluster with control plane and applications web accessible

My first time making a networking diagram and this is my attempt.


This is both a current and future state.  Questions below about what needs to be modified.



How did I get to this diagram?

1.  Segment 1 was quick and simple.
     1. a  when I'm on the Segment 1 wifi broadcast, the Pi-Hole is handles DNS.
2.  Working from home, I found video calls sucked so I built Segment 2
     2. a    Segment 2 I attempted to just use the AirStation as an Access Point  (? may have misused the term) but the couldn't figure get it successful, so I now just switch to a different broadcast network.  I get the lower latency and it works fine.
     2. b  I deployed a Docker container on the Segment 2 running Nginx web server ...
         2.b.1  I understand that I can only access localhost from the wifi connection on the AC1750 modem
         2.b.2  I don't understand, why -- when I'm on the segment 1--  can't I access the Nginx app via port address ?



codeangler

#1
Note,  I'm a networking noob ....

1. I may miss use terms  (access point vs modem vs wireless router vs ...)
1. I have been told by a coworker to look into "expanding my subnet", but I'm not sure what to read about first.
1. I'm willing to install new OS on either segment 2 or segment 3  modem/router/wifi tools if necessary

Home Network Guy

Thanks for providing your proposed network diagram. That helps me visualize what you are trying to do.

I notice that for each "segment" (network) you are creating, you are placing a router in front of it. While that can work to provide each network some access to the other networks where you are plugged into, you don't have to use that approach. It complicates the access between the different networks. It may even require static routes on your routers so traffic can be routed properly between all the networks if you wish to access other devices.

A simpler approach would be to put your ISP modem/router into bridge mode, run a router such as OPNsense (which in write about often) and then create all your networks using your OPNsense router. Since everything is connected to one router, you can manage all the access/firewall rules from a single router (instead of having 3-4 routers). For wireless, you could connect one of your existing routers and put it in AP mode so you can only use its wireless functionality (or your could buy dedicated wireless access points which gives you more freedom where to place it).

If you want to try to make your network function with the hardware you have, you may end up having to use separate routers with separate networks since you don't have equipment to utilize VLANs or a single router like OPNsense. It may require setting up static routes, and I don't know if your routers provide many settings for establishing firewall rules to keep your networks separated and protected while also allowing specific access to various services you have hosted on your network.

codeangler

Thanks for the input.  I'll read some more of your pieces on an OPNsense router.

I completed an experiment just before weekend and prior to your reply and set my Buffalo Air station to different subnet and now when I'm on it, I can print.  But I lost wifi admin access so I need to sort that our to plug in to directly.