Hey guys, I’m hoping for some clarity in terms of how I should be setting up my network for what I want to do

Current setup

Currently, we have a very simply network setup - just a cheap modem/router/wifi combo that servers all of my roommates devices wirelessly, in addition to a line that I ran to a switch in my room.

https://preview.redd.it/moqw85o9761c1.png?width=960&format=png&auto=webp&s=13cfce8a0196495d9cd8a3b7f33a5ec3278d6138

Work in progress

I have a small homelab set up with a backup server and some raspberry pis, but I want to experiment with selfhosting a website just to build my knowledge.

To this end, I’ve looked into setting up a pfSense box. Right now I have pfSense installed on a protectli device, which is connected to the Arris router in a LAN-to-WAN configuration:

https://preview.redd.it/izlxz94a761c1.png?width=960&format=png&auto=webp&s=cbd8a121a0057b36e7cec6de2b87da946f2b982d

Ultimately, I’m trying to figure out the best way to set up the network for someone who is relatively new to networking. Ultimately I want

  1. To make sure I’m not interrupting my roommates’ internet
  2. To be able to access the self hosted website
  3. To do this all securely

Proposed network

The pfSense box has multiple NICs, so if my understanding is correct I can completely segment my devices from my roommates’. Additionally, I have a smart switch, so I’m hoping to set up separate VLANs for my devices accessible from outside the network, as well as IoT devices

https://preview.redd.it/yohn77ja761c1.png?width=960&format=png&auto=webp&s=8627725a1c8db23d4cac87417045e824cb8f8463

Questions

I’m new to networking so any advice is much appreciated. I have a few specific questions, but I’m not sure if they cover all considerations I should be taking! In particular:

  1. Does my proposed network layout make more sense than just putting all my devices on the current LAN-to-WAN subnetwork I have? What needs to be done for this current setup to work - I can think only of port forwarding.
    1. Is one option better than the other for DDNS which I intend to setup with cloudflare? It seems like the proposed network would be much better
    2. Is one option safer for my roommates’ devcies (I presume my proposed one is)

If relevant, no roommate devices will need to be able to talk to any of my devices (I think that’s what this pfSense Block RFC1918 Private Networks
option relates to?)

Thank you so much!

(cross-posted from r/homelab)