Redesigning my network yet again

so a while back i posted on the forum about my home network, and figured out a setup (thanks to helpful advice from the forum) but those plans had to be tossed out the window after some changes.

currently i'm figuring out if pfsense is a viable alternative to buying a powerful off-the-shelf router.

the router i'm looking at is €190 for all the features i'd ever need.

i have a spare computer for pfsense (amd athlon x64, 2GB ram) and i decided to look into the price of a 4-port NIC.

the cheapest one i could find was €145, with some stores selling the same card for up to €600.

somehow this price seems incredibly high looking at single-port NICs go down to €24, or even €9 (TP-link ever cheap)

i feel like these cards are very enterprise-grade and not aimed at pfsense users. 

is pfsense even supposed to be used like this, or am i supposed to add a switch behind a single-port NIC for the extra ports? (i can pick up,a gigabit switch for €25) although i feel like this is kind of messy.

if i end up buying the buisiness router the computer is probably gonna go towards a NAS build.

also have to note the expansion slots on the motherboard are pci-e 16x, pci-e 1x and 2 legacy pci slots. (plus built in NIC which i have no clue if its even gigabit.)

the current setup is as follows:

- ISP modem with built in wireless router (the router part is very unconfigurable, so i DMZ to the next device in line)

  - TP-link wireless router 1 (has very strict ip settings to keep my school work from derping up)

    - linux server for vpn, and mostly experiments.

    - my desktop, two laptops, two phones and ipod touch. (important all these are on the same ip range)

    - TP-link wireless router 2 (for all the other wireless devices: ipad, everyone else's laptops)

      - 2 laptops, netbook, ipad and phone.

wireless router 2 is behind a worn out cable, and probably gonna be replaced by the modem's built in function if it proves to be sufficient.

i might also have to explain why the very strict router settings, and second router are there:

i study networking systems and security, and one of the classes is about setting up windows server (and linux) and connecting clients to this in a network with file sharing etc. since at this point theres 3 ranges i keep seperate on router 1 (2-99 = virtual machines, 100-200 = physical computers, 201-254 = network devices) things tend to get messy when my router accidentially assigns a wrong ip address (happens too much for comfort). so i decided to add (yet another) layer to the mess so the other folks dont have to ask why theres an "IP conflict" every week.

 

EDIT: i forgot to mention: it'd be great if i could use pfsense to split things up in a more sensible way than stacking €50 routers.

Take a dumb 4/5 port switch and use double sided tape or velcro and slap it on the side of your pFsense box. Done. Or cut a hole in the case and put the switch inside.

Not that your going about it the wrong way but I would recommend buying a decent off the self router or even a used server router since your studying networking. IP issues sound like your dhcp is conflicting with your static ip. To simplify this process you should set everything to dhcp and use Mac reserve IP. Ontop of that if you change your IP numbers to stick for a week rather then 24 hours your less likely to have IP conflicts. (However it could jut be a software bug I never had good luck with to routers) 

(These are just ideas vomited out of my head) 

I would use pfsense with that cheap TP link NIC, and buy a smart switch so you can do VLANs and the whole nine yards. I use the Linksys LGS308 and I love it. Those two, in combination with a Unifi AP from Ubiquiti, make for a really awesome network setup that can be easily shifted around (or add another VLAN instead of stacking routers) at will.

Let me know if you want any help, I was in a similar boat a while back.

You only need NICs for each interface you want to have on pfsense (ie WAN and LAN), it's not a switch, if you try to add a bunch of NICs and plug all your stuff in to them it's not going to work. You'd have to mess around with bridging and even then the performance will suck. So yeah, you need to get a switch.

When you buy an all in one router with a bunch of ethernet ports, those aren't individual NICs, the router board will only have two, but usually only one NIC. It will then split that in to two virtual interfaces for the WAN and LAN interfaces and then the LAN interface will go to a switch, and that's how you get your four ports on the back.

Pfsense is not supposed to be an alternative to an all in one router. It is a firewall. It has a lot of other functionality built in to it but it is not even trying to be an all in one device.

I'm not saying don't use it, it's a great firewall and router, just don't expect it to work like an all in one. Instead of spending $150 on a quad NIC get a managed switch (which you can probably get cheaper) which you can configure VLANs on. Then you can create as many virtual interfaces as you want on pfsense and use that to route between VLANs and keep everything separate.

 

i'm amazed by your answer, in fact, you just taught me more than the networking teacher i'm staring at. The managed switch seems like a good idea, although i'm not sure where to find one.

would it be possible to get a router that can form at least 2 subnets instead? it'd save me one device. i'd have gone for pfsense because buying a NIC would be cheaper than buying new networking equipment, (my parents would rather have 3Mbit/s than spend money on networking equipment, and they think running an extra device will cost them a fortune.)

You can usually get second hand managed switches on ebay pretty cheap. Find one with a webui rather than one you have to program unless you really want to learn that. Smart switches are also good enough for setting up VLANs and are cheaper than a proper managed switch.

There are plenty of routers which support VLANs and virtual interfaces, I don't know any off the top of my head. But you could find one which supports DD-WRT or openwrt and use that. It's easy enough in a router which supports it to assign port 1 to one subnet and port 2 to another (for example), but if you plan on connecting more than a couple of devices then a managed switch will be much easier to work with. You can plug a switch in to each port once you've assigned them to each subnet, but having a single managed switch rather than a bunch of normal ones would be easier and probably cheaper.

Having devices on different subnets is a bit different to having them all on the same subnet. They won't be able to talk to each other without going though the router, so getting it all working can be a little tricky, especially if you haven't worked with something like that before. But if your plan is to keep each subnet isolated from each other then that's much easier.

But yeah, you can get routers which will allow you to do that, and using custom firmware like DD-WRT or openwrt will allow you to do it on routers which don't support it natively . Just make sure you check that the router will work with the firmware before you buy it.

my sister got home today and i took her laptop for some wifi testing (other than me, she is the most wifi-demanding person) and it appears that her laptop's wifi card is that crappy that it really doesnt matter what access point she's on, so i guess i can drop the second access point no problem.

what i'm guessing the network will look like: (this is gonna be even more simple than i imagined)

- wireless modem

  - wifi connected devices

  - powerful router (different IP range for wireless and wired devices, for ex. 2-100 wired, 101-200 wireless)

    - access point for my wifi devices (*)

    - cable to a switch in my room

      - server and desktop

* i know that its possible for a router in bridge mode to be dhcp server to its connected devices. gonna have to figure that out tho.

ps: i really dont mind the managed switch interface all too much, i learn cisco's IOS stuff at school, so its gonna be a good exercise.

Having two DHCP ranges on the same network isn't going to work. If you really need a different IP range for wired and wireless networks you're going to have to set up static IPs. You could have the wired and wireless networks on separate subnets each with their own DHCP range, but then if you want them to be able to talk to each other you have to set up routing between them.

Other than security I don't see a lot of advantage to having your wired and wireless networks on different subnets.

You might find this helpful

https://teksyndicate.com/forum/networking-software/basics-vlans/186281

i'm guessing that i'm gonna have to stop being lazy, and configure my dang IPs then, but i'd mostly keep them seperate to stop my VMs (all running bridged) from getting mixed up with the computers of the folks downstairs (which are gonna end up on my access point either way, no matter how much i tell them not to)

i'm probably just gonna set up static IPs for everything wired, as they dont really move, and have wireless on DHCP on the other end of the range.

since VMs can have custom mac addresses i guess its gonna be fairly easy to recognise them in my (rather messy) list of IPs (thinking all zeros here, with the last 2 numbers to seperate)

while that would be an ideal situation, the devices to do that cost an insane amount of money around here, and are extremely hard to find. my school has a couple devices for networking class, and i know how amazing such a setup is, sadly, for my home network this is gonna cost a tad too much.

i set up my network with current hardware to work similar to my idea in post #8, probably gonna do a few weeks of testing, and if everything works out fine i'm gonna buy decent hardware so i can get rid of this TP-link madness.

i have everything of mine set up as a static IP address, within their own ranges (1-10 network devices, 11-99 wireless devices (dhcp is set up to pick these), 100-199 wired devices, 200-254 VMs) meanwhile this'll also be an exercise in keeping my static IPs how they should be.

gotta thank dexter kane for his advice. might dig into pfsense if stuff ends up working good.

You can pull it off on a small scale using a cheap router with flashed firmware, but yeah something better would be better, especially if you need performance or have a largeish network. I used to do something similar just using an old TP-Link router, but I moved to pfsense and that was a lot better. PFSense and a cheap managed switch will allow you do this a lot of stuff that you would otherwise need some pretty expensive hardware to do, so it's worth looking in to.

 

 

Can you order off newegg? This is where I got mine and I love it.

http://newegg.com/Product/index?itemnumber=N82E16833124519

my parents dont want me to buy anything online. i have to go out for prepaids if i want to buy something on steam "because it could hack my credit card".