Hello to everyone,
in the last few years I have used a RB3011 as my home network router without taking full advantage of it. Since last year I moved to my new house, where I was able to route cables and generally figure out the physical layout of my network. Then I had to pause the entire project and leave it at basically the standard configuration, but now the time has come to properly set up things.
I've attached my home current layout.
The two APs are ubiquiti nanoHD AC, the switch is a dumb TP-Link that I plan to upgrate to a PoE one in order to power up more security cameras. Right now all my PoE devices are powered by injectors.
As you can see, I am also experimenting with a server that runs Unraid and several things (torrent client, plex server, gitlab instance, etc etc.), but I have a few questions:
1) It seems to me that this setup is affected by double NAT, as i have two "jumps": ISP -> 192.168.1.0 -> 192.168.88.0. This makes accessing from internet complicated, am I right? How could I simplify things? My target is to be able to expose the home server to the internet in order to be able to answer to API call or enable services like gitlab to be available outside it.
2) I could setup the RB3011 as a PPPoE client and connecting directly to the ISP, but how could I do this while mantaining access to the draytek? It seems that the answer may be "VLAN", but that's uncharted territory for me...
3) I would like to segregate guest phones from family ones, is that something I should do on the ubiquiti config or on the RB3011 config? The RB is the one giving everybody IP and is the default gateway.
4) It is possible to restrict admin access to a handful of devices? I want to be able to tinker with RB settings only from this and that PC, even if I insert the right credentials in another devices. Or is this a bad idea?
Thank you for your time!