First post; so engagement challenge?
My network at home is working… but working in the same way a corporate network works, when it has been build on exhaustion, budget contraints and caffeine overdoses, while using Agile.
The problem
I need my individual applications running on the NAS, like Calibra-Web, to have their own port, so my better half can read her ebooks while not on our home network. This should also enable me to start something like self-hosting, with an exposed port to the outside world. Of course security is also a factor, but I don’t need to scale to much more than a couple of people.
The physical layout
A two floor apartment with a hell lot of COAX everywhere in the walls. Physical network devices illustrated in my diagram.
Wireless access point/router/switch is ISP provided.
Synology NAS (1918+). Used for Plex, Storage and when working Calibre, Calibre-Web and Audiobookshelf. I also want to use it as a home lab, if my home network doesn’t hamper me.
My limitations
While having some experience within software development, I have little experience with networks. To limit the need to flash my lack of knowledge, let’s say I’m a script kiddie, but willing to learn.
I have those pesky parasites called kids and let the higher powers mercy on your hide, if they can’t get their daily dose of Bluey, so it needs to be stable, i.e. I can’t be running around updating ports all the time. Also I have different devices using the WiFi, so it still needs to behave relatively automatically.
The NAS is on another floor, than the ISP cable entrance, so pulling a CAT6 cable directly to the NAS is not possible.
After having searched, I can’t find people in my similar situation and the people with tech skills, that I known, can’t seem to solve this either. Please help?
Have you looked into Wireguard/openvpn ?
I use openvpn myself, have for years. In my case i simply open the openvpn client on my phone/laptop and hit the connect button; boom im on my local network. Of course openvpn is fairly complex to set up, but wireguard promises the same with minimal (compared to openvpn) hassle.
Edit:
I also replaced my isp router with my own cable modem (no router) and i use a pfsense box/24 port switch as a router.
Secondly, wr250 hit the nail on the head, before playing with ports and network layouts, you might want to roll your own router (either pfSense or OPNSense is a good starting point.) It’ll give you both fine grain control, as well as the ability to tinker with the topology without interrupting anyone. Checkout Patrick’s ServeTheHome youtube channel and website; he’s doing a lot of testing of both miniPCs and Chinese SBCs that make great low cost routers.
Third, there’s a difference between a router and a switch, the difference is important when you search for stuff on the interwebs, otherwise you’ll end up down in rabbit hole for days. In a home, you typically only have one router, it does NAT, DHCP, and firewall at a minimum, and sits at the border to the outside world. Switches will link all your clients together by forwarding packets, with some limited segregation abilities via VLANs (technically there are L3 switch routers, but don’t worry about those till you’ve mastered VLANs.)
Forth, MoCA is great, especially if you have concrete walls, but try building a Wifi 6E/7 mesh with a 6Ghz backhaul (supports starts in 6E.) You should be able to grab a set of returnable mesh access points like TP-Link Deco or similar. The key will be to where you place them, like placing one at either end of the staircase; my rule of thumb is “no more than two turns between nodes”. MoCA might still have a place, as a way to send the ISP link from the entrypoint to the NAS’s room, and then branching out from there via WiFi.
Finally, once you’ve got you network in a stable state and everyone else is happy, you can start with your first home server. My preference is either an old SFF desktop (so you can mod them guilt free), or if you have more budget, a last gen server board with IPMI, like the AsRock Rack X470D4U or X570D4U paired with a 3000 series CPU in a small case (you can even pick something pretty like the Fractal North if you don’t have a closet.)
I will try out the VPN solution, I’ve heard good things about Tailscale too, so I’m going to research a bit. But from my understanding - please correct me, if I’m wrong - it will simply create a virtual private network (in this case running on - or around? - the NAS) which can be accessed from anywhere, by tunneling to that private network, basically linking e.g. a phone to that network. This will then give access to the applications running on the NAS itself, as if I were on my home network?
Yes, absolutely. A copy-paste fail on my part. The only router is the ISP provided while the others are labelled wrong, those are -switches-
Rolling my own router seems like an exciting project, but the proverbial backlog is kinda filled right now and I like to have the knowledge under my skin, before embarking on “holy sheep, Dad lit the network on fire” journey