So I have thought the last few days about finally reworking my Network here at home to get the Firewall between router and Server. The problem is that my Network is not in a state where I can just move everything behind the firewall, so I want to get to a in-between goal of having security for my server, and if something happens, at least security for the rest of my Network. I work in IT, but still an apprentice, and haven't configured a Firewall myself yet.
So take this image as my Current Infrastructure:
The Double line is not yet established, but planned, (so the current connection can be severed) thats why i have this question.
If i set the basics up, i can connect from LAN (server) to WAN without problems. That works Fine. But i have a NAS, Mailserver, Website, Gameservers and some more things on my Server, that i need to selectively reach from WAN, but things like my NAS, i need to only reach from my internal Network Range (192.168.178.x)
So how can i access the server (Port1, LAN, 192.168.1.x) From my Desktop(192.168.178.250)?
A colleague from work told me to disable the DHCP from my Fritzbox, give it the IP 192.168.178.2, let the Firewall Create DHCP on Port2, WAN, with 192.168.178.1 as the IP for the NIC, enable exposed host for the FW(192.168.178.1) and pointing the gateway to 192.168.178.2 (the new IP for the Fritzbox).
Would this give me the possibility by creating the rule from WAN,any to LAN,any with any service, to get a connection from my 192.168.178.x network to the 192.168.1.x network?
