awediohead Posted September 9, 2023 Share Posted September 9, 2023 So I recently finally managed to complete installing ethernet in my home. We now have two ethernet cables going to three bedrooms and our lounge, (8 runs in all) with the unraid server, router, switch and patch panel in a centrally located closet space. Because of my own and my wife's disabilities our bedrooms are also where we have our personal PC's. As a housebound person she makes fairly constant use of this PC, to entertain herself, distract herself from chronic pain, shop online and generally communicate with the outside world. IOW my messing stuff up goes way beyond being just a bit inconvenient. Right now everything is working OK, so any changes I make going forward need to be carefully planned to minimise downtime, especially to internet access, but also to the unraid server which she uses mostly for Plex/Jellyfin. For e.g. I have a power efficient little S920 Fujitsu PC that will make an ideal router to run pfsense on, but for now I've just continued to use an Asus RT-AC86U router which is also the wifi AP. The plan is to switch this to AP-only mode when I eventually replace it with the S920 until I can afford a dedicated AP, but I really need to get through the basic tinkering, learning and making mistakes stage with pfsense BEFORE swapping it out. In the meantime I'm doing a lot of watching videos and reading up on how other people do things but since everyone's hardware is different, while I am learning a lot, I'm also feeling pretty overwhelmed with all the variables to consider. If it were just me I'd play around, experiment, test, break things and reinstall. Not an option if it'll bork my wife's internet access or access to the server, though the former is very much more critical to her. So, some the variables are: Hardware: S920 has 5 x 1Gb ports, Unraid server has 5 x 1Gb ports - both have a four port Intel PCIe card + onboard Realtek port. The Netgear switch has 16 ports - using 8 from the patch panel (1 to 8 - two runs from each of the four rooms) with port 16 going to the RT-AC86U. Software: VLANs and LAGs, Firewall rules Tutorials online talk about the importance of having a management network to administer the server, router and switch that'd also need to be accessible by my PCs, but not from other family PCs or devices for security. So my first question is how would I go about having a separate admin network/interface to access the unraid web ui, the router web ui and the switch web ui, without interfering with my own or my family's access to SMB shares, Plex, and the general home network functionality of other docker plugins. For VM's I'm assuming I'd pass through a dedicated port - but then how does it work that from the same PC in my room I'm able to access the various Web UI's, and watch Plex (or similar) and access a VM if they're all on different networks or VLANs? At the moment I can do all that because it's all on the same network of course. Ideally I'd like to self-host a small website and allow access to some aspects of my server to close family and friends, so I don't want to take shortcuts with basic security practices for the sake of convenience. On the other hand applying the Keep It Simple Stupid principle makes it seem that I'm unnecessarily complicating things. Sorry for the wall of text - I've a lot more questions but some pointers on how to get the foundation / fundamentals right with planning would be hugely appreciated. Thanks Quote Link to comment
Vr2Io Posted September 9, 2023 Share Posted September 9, 2023 (edited) There are two method for your PC to connect different network 1. Assume your PC was on desktop, buy a small VLAN switch sit near the PC, trunk all network to that switch and assign different switch port map to different network. Then plug the PC LAN cable to different port for access different network. 2. Almost same as 1, but use WiFi, some Router / AP support different SSID with different VLAN, then by connect different SSID to access different network. Or you can trunk ( VLAN ) all network to Unraid, i.e. VLAN 1, 2, 3 4, then Unraid have brX.1 , brX.2 , brX.3 , brX.4, config the VM virtual NIC to connect those bridge to access different network. Edited September 9, 2023 by Vr2Io 1 Quote Link to comment
Vr2Io Posted September 9, 2023 Share Posted September 9, 2023 4 hours ago, awediohead said: It Simple Stupid principle makes it seem that I'm unnecessarily complicating things. Although principle was simple, but actually was complicating things. 1 Quote Link to comment
MrGrey Posted September 16, 2023 Share Posted September 16, 2023 On 9/9/2023 at 1:45 AM, awediohead said: So my first question is how would I go about having a separate admin network/interface to access the unraid web ui You sound like an AI, but I'll bight... You can't have a "separate admin network/interface to access..." anything if you're using your ISP gateway. You have to have your own router. MrGrey. Quote Link to comment
awediohead Posted September 16, 2023 Author Share Posted September 16, 2023 Quote For e.g. I have a power efficient little S920 Fujitsu PC that will make an ideal router to run pfsense on I can assure you I'm not an AI bot. As I posted this a while ago I've been digging a lot deeper into how to do what I want to do and the first steps involve ignoring Unraid and focusing on getting pfsense and my switch set up correctly. Then I'll circle back and think about Unraid. Thanks Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.