Ok so first let me say this is probably the dumbest thing I have ever tried to do with networking, so if you don't plan on reading this entire post that explains WHY im doing it this way, just quit now.
I'm a teen. I share a home network with my dad/mom/family. They have some tablets, and my dad has a work laptop, and we have one family desktop (little dual core consumer job, nothing fancy). I have a laptop, a home theater pc, a six core server, 2 old laptops, and some old desktops. I do a lot of messing around on my spare time, mostly just for fun (I enjoy learning about networking and how the world of computers fits together) however my dad is the admin on the router. I am admin on all of MY PC's, but I have no control over the router. If I want to open a port, I have to do deep investigating to make sure it will be secure, and I have to find a time where my dad and I can sit down and do it. So as far as game servers or things that I want my friends to be able to use, I can't really do a whole lot because of the hassle of me having to do so much to forward ports, and its often a non-standard port which is a pain for my friends. So I am looking to create my own seperate half of the network that I essentially have full control over since I'm the only one using it. If I break something, it will be on me to fix it, but my dad doesn't have to worry about any of his stuff not working.
The main thing that I want to be different for my network half is I want to have a better router. I have several old desktops that I can use, all made for Windows XP. I want to run Untangle or PFsense on them. But I have some questions and conditions that must be met for my dad to let me do this.
The biggest thing I have to make sure works is internet filtering. He currently has our router set up with OpenDNS based internet filtering, which forwards any and all DNS traffic to the OpenDNS servers (no way around it unless you use IPs instead of DNS hosts). He wants to have full control over what I can and can't see (he's not very strict, to his credit, the only time I've ever run into an issue was when I was using a networking site that OpenDNS thought was a proxy.) So thats the main condition that has to be met. And also he doesn't want to have to change the router to an untangle or PFsense box since he doesn't feel he knows enough to keep one running.
Here is my idea:
I want to daisy chain routers essentially. He doesn't need any ports forwarded for ANY of his stuff, so if I turn on DMZ for the IP of the second router in the chain, ports will open as I need (he is fine with this since it wont be able to touch any of his stuff if something goes wrong). The only thing I really need to know is: If I plug the WAN interface on MY router into a LAN port on my family router, will that router be able to access the internet properly?
The only reason I am doing it this way is because of how the internet filter works. Our router forwards ANY DNS traffic to the opendns servers. So if I had all MY internet traffic go through my dad's router before it accesses the internet, he would have the final say (he could block any site, or pull the plug completely if he wanted to). Plus, I can enable DMZ for the local IP of the second router, so that whenever I open a port on the second router's firewall, the first router forwards it automatically from our public ip.
Basically what I want to do is this:
Cable Modem--->My dad's router--->switch/family LAN--->my router's WAN interface--->my own private network
My dad's router would assign a local IP to the external interface on MY router, and then theoretically mine should be able to access the internet, however the internet filter in my dad's router will have the final say in what I can and can't do. Also, all ports will be opened pointing to MY router's address, and then when I open something in my router's firewall, traffic from the public ip goes to whatever I tell it to.
I know this is not a very effective way of doing things, but I am wondering if it will work, or if there is a better way. I know I could use a PFsense box as our family router, but my dad will not allow me to administer it if we do that, thus defeating the purpose of the whole thing. Our router doesn't support VLANs, or I would do something with those.
When I thought of this idea, it all seemed to work flawlessly, until I realized that the WAN interface on my router would have to go through the family router as a gateway before accessing the internet. Is there a way to specify that?
Please help! I am young and this is unknown territory for me...
Thanks