Please HELP-Have a stupid NAT question that I can't answer

Ok so first let me say this is probably the dumbest thing I have ever tried to do with networking, so if you don't plan on reading this entire post that explains WHY im doing it this way, just quit now.

I'm a teen. I share a home network with my dad/mom/family. They have some tablets, and my dad has a work laptop, and we have one family desktop (little dual core consumer job, nothing fancy). I have a laptop, a home theater pc, a six core server, 2 old laptops, and some old desktops. I do a lot of messing around on my spare time, mostly just for fun (I enjoy learning about networking and how the world of computers fits together) however my dad is the admin on the router. I am admin on all of MY PC's, but I have no control over the router. If I want to open a port, I have to do deep investigating to make sure it will be secure, and I have to find a time where my dad and I can sit down and do it. So as far as game servers or things that I want my friends to be able to use, I can't really do a whole lot because of the hassle of me having to do so much to forward ports, and its often a non-standard port which is a pain for my friends. So I am looking to create my own seperate half of the network that I essentially have full control over since I'm the only one using it. If I break something, it will be on me to fix it, but my dad doesn't have to worry about any of his stuff not working.

The main thing that I want to be different for my network half is I want to have a better router. I have several old desktops that I can use, all made for Windows XP. I want to run Untangle or PFsense on them. But I have some questions and conditions that must be met for my dad to let me do this.

The biggest thing I have to make sure works is internet filtering. He currently has our router set up with OpenDNS based internet filtering, which forwards any and all DNS traffic to the OpenDNS servers (no way around it unless you use IPs instead of DNS hosts). He wants to have full control over what I can and can't see (he's not very strict, to his credit, the only time I've ever run into an issue was when I was using a networking site that OpenDNS thought was a proxy.) So thats the main condition that has to be met. And also he doesn't want to have to change the router to an untangle or PFsense box since he doesn't feel he knows enough to keep one running.

Here is my idea:

I want to daisy chain routers essentially. He doesn't need any ports forwarded for ANY of his stuff, so if I turn on DMZ for the IP of the second router in the chain, ports will open as I need (he is fine with this since it wont be able to touch any of his stuff if something goes wrong). The only thing I really need to know is: If I plug the WAN interface on MY router into a LAN port on my family router, will that router be able to access the internet properly?

The only reason I am doing it this way is because of how the internet filter works. Our router forwards ANY DNS traffic to the opendns servers. So if I had all MY internet traffic go through my dad's router before it accesses the internet, he would have the final say (he could block any site, or pull the plug completely if he wanted to). Plus, I can enable DMZ for the local IP of the second router, so that whenever I open a port on the second router's firewall, the first router forwards it automatically from our public ip.

Basically what I want to do is this:

Cable Modem--->My dad's router--->switch/family LAN--->my router's WAN interface--->my own private network

My dad's router would assign a local IP to the external interface on MY router, and then theoretically mine should be able to access the internet, however the internet filter in my dad's router will have the final say in what I can and can't do. Also, all ports will be opened pointing to MY router's address, and then when I open something in my router's firewall, traffic from the public ip goes to whatever I tell it to.

I know this is not a very effective way of doing things, but I am wondering if it will work, or if there is a better way. I know I could use a PFsense box as our family router, but my dad will not allow me to administer it if we do that, thus defeating the purpose of the whole thing. Our router doesn't support VLANs, or I would do something with those.

When I thought of this idea, it all seemed to work flawlessly, until I realized that the WAN interface on my router would have to go through the family router as a gateway before accessing the internet. Is there a way to specify that?

Please help! I am young and this is unknown territory for me...

Thanks

Your router gets a DHCP lease from the family router, and in the DHCP information will be the address of the gateway it should use, just like every other computer connected to the family router. You don't have to do something fancy to set the gateway just because it is a router instead of something else.

That'll work fine, just  hook your wan port to the network and set it to dhcp. Make sure you use a different subnet to the one on your dad's network though, or it won't work. 

Ok forgive me, but what do you mean "Use a different subnet than the one on my dads network?"

As I understand it, using the normal 10.60.0.xxx IP range will work fine right? Because my dad's router uses 192.168.1.xxx

I shouldn't have to do anything special to the WAN interface, just hook it up to a LAN port on my dads router and set the WAN interface to configure over DHCP?

And also just out of curiosity, we have a PLEX Media Server/HTPC that my family sometimes uses and I'm wondering: If I leave THAT machine only on my dad's network, and from my network I type in "192.168.1.126" (that machine's IP) will I be able to access it locally? Or will I have to go out to my public IP and back in again?

Thanks again for all your help, I don't know what I'd do without you guys 

Yeah that's what I mean, as long as you're on different subnets like you are it will work but if you were both on say 10.1.1.0 then  it wouldn't work, they just need to be different. Plex should work if you know the it address or host name, DLNA won't work though. You can get it working but it's pretty tricky to get it going between networks. 

Also your dad's network won't be able to see or access anything on your network, because of NAT. You can use port forwarding for specific things if you need to though. But you should be able to see everything on his network and access it like you normally would 

THANK YOU SO MUCH!!! I got PFsense installed on my spare desktop (1.9ghz Pentium 4 with 1GB of RAM), and I was up until 2 in the morning setting it up. I kept having DNS and upstream gateway issues. In the end you know what it was? IPv6. My dad's network doesnt support it, so I had to turn off IPv6 in the WAN interface. After I straightened that part out, the pfsense box has been ROCK SOLID for about a week. Thanks again for the help, I got everything how I like it now, and I have my own half of things to play with :D

Thank you so much!

Good to hear, glad you got it working

The only thing I can't get working is HAVP antivirus....I got a transparent Squid cache working (or working as far as I can tell, there are files in the cache folder)

I cannot for the life of me get HAVP antivirus to work. I followed TekSyndicate's video EXACTLY, and nothing worked. I have probably download the EICAR test file a billion times. Any ideas?

Which version of squid are you using? If you're using squid3 try using the older version instead. I remember there were a lot of issues with getting squid3 to work, a bunch of files are missing so it never actually starts. Are you sure it's working? Check the system log or go to the proxy page and see if there's any activity on the real-time tab.

If the proxy is working then check then try restarting the HAVP service and checking the system log to see if there are any errors. It's been a while since I messed around with it so I don't really remember how to set it up.