Installing a hardware firewall/DHCP/Wireguard Server - eviltoast

Hello All!

I just purchased a Intel Celeron box from AliExpress to replace (and hopefully improve) the functions of my raspberry pi running wg-easy and pihole. I’d like this new box to handle DHCP, firewalling/ad blocking, and act as my wireguard server.

Currently I’m connecting my Internet modem (thankfully not a router, so no NAT) to my TPlink Archer AX21’s WAN port and then using the LAN ports to connect to my devices. I see that I can turn off NAT on the TPLink, but I assume I wouldn’t be able to use the new device as a DHCP server if I do, right? I could put the TPLink in AP mode but I’m not sure if that shuts off the WAN or LAN ports.

Is the best move to leave the TPLink in router mode (I’m not sure this matters) and plug the firewall into one of the LAN ports? I can do this but it’ll require some re-running of cables so I wanted to check first.

  • Monkey With A Shell@lemmy.socdojo.com
    link
    fedilink
    English
    arrow-up
    2
    ·
    9 months ago

    If I’m picturing the gear right, putting the TP into AP mode would just make it a client of the network that would then serve as your WiFi and the new box could be set up as the router/gateway for both the TP and the other clients formerly plugged into the TP.

    Usually, changing the mode from router to AP would keep the LAN side active as an unmanaged switch, and may even add the wan port to it. So if all above holds true go modem, Celeron (opnsense), TP (LAN to LAN) and then plug the remaining Ethernet either into the TP or the other LAN ports on the Celeron box, both should be the same local network.

    • doctorzeromd@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      ·
      9 months ago

      That would be great, and if the WAN port becomes a LAN port, even better. I don’t see anything about that in the manual, but I’ll cross my fingers

        • doctorzeromd@lemmy.world
          link
          fedilink
          English
          arrow-up
          1
          ·
          edit-2
          9 months ago

          Worst case I’ll just use the 4 LAN ports on the TPLink and leave the WAN on the TPLink unused

            • doctorzeromd@lemmy.world
              link
              fedilink
              English
              arrow-up
              1
              ·
              9 months ago

              Modem to WAN port of firewall, LAN port of firewall to wireless router in AP mode, other lan ports to other devices?

              • Monkey With A Shell@lemmy.socdojo.com
                link
                fedilink
                English
                arrow-up
                1
                ·
                9 months ago

                It works so long as you’re not trying to create separate networks. When/if you decide to start with some vlan madness and such the AP likely won’t work for that, unless it’s fancy and can do multiple SSID on separate clans, but most WiFi/router combos don’t go that far.

                Basically the new firewall/router box becomes the boss of everything done ng DHCP, likely DNS relaying, and all the monitoring. Simple and efficient, just wouldn’t go hosting public services with the setup since there’s no ‘DMZ’ to keep it separate from you personal devices.

                • doctorzeromd@lemmy.world
                  link
                  fedilink
                  English
                  arrow-up
                  1
                  ·
                  9 months ago

                  Cool, that’s exactly what my plan is currently. I will eventually run all the cables but I want to drop in this firewall and start learning it in the meantime.

                  I may even go the route of some managed switches and WANs that do support multiple SSIDs on different VLANs, but first I want to get comfortable with my new single network.