Installing a hardware firewall/DHCP/Wireguard Server
Hello All!
I just purchased a Intel Celeron box from AliExpress to replace (and hopefully improve) the functions of my raspberry pi running wg-easy and pihole. I'd like this new box to handle DHCP, firewalling/ad blocking, and act as my wireguard server.
Currently I'm connecting my Internet modem (thankfully not a router, so no NAT) to my TPlink Archer AX21's WAN port and then using the LAN ports to connect to my devices. I see that I can turn off NAT on the TPLink, but I assume I wouldn't be able to use the new device as a DHCP server if I do, right? I could put the TPLink in AP mode but I'm not sure if that shuts off the WAN or LAN ports.
Is the best move to leave the TPLink in router mode (I'm not sure this matters) and plug the firewall into one of the LAN ports? I can do this but it'll require some re-running of cables so I wanted to check first.
Just to confirm, you don't have space next to your modem and/or router for the new Celeron box, correct?
I'm not sure how good of performance you would have if you run the firewall on the Celeron box connected to the LAN portion of your current router, but you could always give it a shot and if it doesn't work the way you'd like it to then you could try a different solution. From my understanding this setup would cause all traffic to go through your router at least 2x (even if it's only on layer 2 via the built-in switch.) it may not be that much of a drain though, I've never run a setup like that before
The best layout would be modem -> opnsense router -> Tplink device running in AP mode. From what you've said that doesn't sound feasible at this time. You might be able to utilize a bridge mode somehow, but at that point I'd be guessing since I don't remember much about the tplink consumer router capabilities
Sopuli seems to be down, so responding from a different account.
Yeah, it's actually that there isn't power for the Celeron box where all the other Ethernet currently is.
Just so I'm understanding, why would all traffic need to go to my router (do you mean the opnsense one or the tplink one) twice? Wouldn't it go Device -> Switch -> opnsense -> modem > internet? Or for my intranet communications, Device1 -> switch -> opnsense -> switch -> device2
OPNsense is a gateway/firewall/DHCP/router my network looks like this
optical to Ethernet conversion (the isp's things) -> opnsense box -> network switch -> all other device (including wifi APs)
all traffic gets routed thru the opnsense box as it is the gateway to my network, runs the ipv4 nat and DHCP server
router in their comment refers to the the one that actually touches the Internet