I have a Sophos UTM and a FreeBSD file server running at home that are pretty lightly loaded most of the time, to the extent it almost seems silly to have that much stuff running all the time. The server is only under load when it's doing a zfs scrub or (md5) backup, and the Sophos box is only stressed if I am home downloading a bunch of stuff.
I have been kind of looking into a ESXi all-in-one, but have also been reading a bit about FreeBSD jails. I have been thinking about getting an EdgeRouter Lite and replacing the UTM by installing Suricata and creating a transparent bridge behind the firewall to do traffic monitoring from the file server. I've looked at maybe running Plex for media streaming. I would be interested in running some sort of http server and OpenVPN, but I know I can run VPN on the router. I could maybe setup a reverse proxy on the router to the server, I'm not fully sure how much security that adds yet but I am still looking into it.
Has anyone done something like this, and is it a good idea? It sounds like a bit of work setting everything up on the front end, but I think it would be an interesting project. What are the big concerns from a security perspective on this?
My biggest priority would be keeping the file server secure and making sure our personal files don't leave the server towards Internet Land. Most of the junk wouldn't matter much, but I do have a small amount of stuff I would consider sensitive.
I have been kind of looking into a ESXi all-in-one, but have also been reading a bit about FreeBSD jails. I have been thinking about getting an EdgeRouter Lite and replacing the UTM by installing Suricata and creating a transparent bridge behind the firewall to do traffic monitoring from the file server. I've looked at maybe running Plex for media streaming. I would be interested in running some sort of http server and OpenVPN, but I know I can run VPN on the router. I could maybe setup a reverse proxy on the router to the server, I'm not fully sure how much security that adds yet but I am still looking into it.
Has anyone done something like this, and is it a good idea? It sounds like a bit of work setting everything up on the front end, but I think it would be an interesting project. What are the big concerns from a security perspective on this?
My biggest priority would be keeping the file server secure and making sure our personal files don't leave the server towards Internet Land. Most of the junk wouldn't matter much, but I do have a small amount of stuff I would consider sensitive.