0
I will start with giving you a Noob Alert, Sorry we have to learn somewhere.
I just wanted to run an idea past you.
I have setup a home server, this is to host a couple of games for my friends. To get a dedicated IP I have connected my server to a Static IP VPN provider, everything is connecting great and the server is running most of the time only when I break something not relevant to this post.
I am thinking of creating an extra layer of protection for my network, is it possible to create a network within a network, I heard of something called a VLAN but I dont have the hardware to do this.
What I am thinking is using an old netgear router, connect it to my network via the WAN port and set it so it runs on a different IP range.
Would this work and is there anything else I would need to thing about?
3What do you really want to achieve? How do you plan to gain additional security? Which real security threats you hope to remedy with some technical solution? – Nikita Kipriyanov – 2019-09-25T05:39:00.903
My consern is if someone braks through into my server via one of the many open ports and then have access to the rest of my network, my thinking is if my server is within its own network then if my server is comparmised then they have no where to go. – larkum – 2019-09-25T06:20:29.967
Consider running an encrypted VPN between you and your friends with keys only your friends have access to. That adds an additional layer of security. You can run the additional VPN on top of the VPN of your provider. Your friends can then connect to this additional VPN. There's a number of open source VPN implementations you can use for this. – dirkt – 2019-09-25T08:07:50.840
As @dirkt has suggested using a private encrypted VPN service would be best without exposing ports externally. Depending on the number of users a service like "Hamachi" could work for you, it is free for up to 5 computers to connect and is fairly priced if you want to use more - https://www.vpn.net/
– CraftyB – 2019-09-25T10:17:34.580Unless the Netgear router is supported by an opensource OS (OpenWrt, DD-WRT, etc.), you'll likely be inducing insecurity, rather than security, due to the lack of security patches that router will have. Routers, even new ones, are End-Of-Life after one year, two at most, by the manufacturer, so unless it's supported by OpenWrt, DD-WRT, etc., I wouldn't recommend running it on any network. OpenWrt also has a wealth of HowTo Wikis to guide you setting up vLANs that are firewalled.
– JW0914 – 2019-09-25T11:18:06.793