Hey guys - not sure if this is better off in r/selfhosted or r/homelab, so let me know if so!
Currently I live with a few roommates and run a (currently very) small homelab. I want to build a media server soon and potentially expose it to the internet for friends and family. I intend to put the server on an isolated VLAN using pfSense.
I was hoping to just isolate all of my stuff on a pfSense router whose WAN is connected to the LAN of my regular apartment router (a cheap Arris surfboard). My question is - is this just a stupid thing to do?
I think I would, at the very least, have to port forward from the regular router to the pfSense router, and then from that to the media server, and it appears that the arris cannot do that. Would it be smarter to just set up the pfSense router as the sole apartment router and try to turn the old router into an AP?
What would the main considerations be for each method (pfSense solely vs pfSense secondary?
I appreciate any advice, I’m pretty new to networking!
EDIT: If relevant, I’m planning on running pfsense on this 4 port protectli vault
Tailscale.
Don’t punch any holes in your NAT aka port forwarding.
Regarding sharing media with friends and family how far away are they? How much of you upload will be taken? How will you deal with your apartments changing public IP(behind a CGNAT?) and theirs be it on mobile/cellular or even home wifi as described above(CGNAT)?
You might find the only feasible & quality-wise enjoyable solution to be if you and they had storage(NASes). Updates/uploads could “flow” from your end in non-peak(the night) to theirs …
Good point - I hadn’t thought about the upload. They are about 100 miles away.
I was planning on setting up cloudflare DDNS on the pfsense box to deal with changing DNS, and running a reverse proxy to point to the server.