I'm setting up a home network in a few weeks (ish) once I start uni, get a new laptop and eventually (In the next 6 months or so) get a gaming PC. I'm a bit of an idiot with networking so I'd like some help from those who are infinitely more knowledgeable than I on the matter.
Basically at the moment, we have a completely wireless network (Virgin Media with one of their Super hub abominations, UK members will know what I mean - basically it's a crappy router that they give you as their standard installation package) that the PCs etc connect to. I have an old router laying around (which is actually a decent netgear one, but the powers that be who pay the internet insisted on the virgin one) so I wanted to create my own "private" network within a network. I'm going to have the above laptop, gaming PC plus my current netbook as an ubuntu file server, basically just a secondary backup for my university work and to host my images and music. It's got an Ethernet port so that's all good. I'm likely to be using Samba unless somebody has a better solution? Essentially I want my netbook server accessible ONLY to me, not to the entire household.
Could I run an ethernet cable from the superhub downstairs, up to my office and into the secondary router to give me wired speeds, but keep the secondary network private from the rest? I don't particularly like the idea of having it all open (I like my privacy) and frankly nobody else needs to access it anyway. I'd like to be able to access it from outside the house as well (remote connection via a VPN - worth making my laptop into a private VPN or connecting something like a Raspberry Pi?).
I hate waiting years for it to transfer over the slowest network known to mankind so I figured wiring it up was the way to go, and I work with a lot of HD media etc so as you can imagine it gets tedious as anything.
The only way to do it with consumer routers (ie gateways) is to let the NAT function protect you. You would plug the WAN port of this router to the Virgin media router lan port. Your stuff will then be as safe as anything behind a router on the internet...the rest of your housemates will be considered internet to your machines. If your were to use a commercial switch you could apply filter rules between the ports. Few if any consumer routers will let you apply rules for traffic BETWEEN the LAN ports.
Now comes the big problem VPN. Some VPN has trouble with some routers. You at the very minimum must be able to port forward to your stuff on the virgin box. Mostly you are going to have the issue that only 1 person can have the vpn ports forwarded. Next you must port forward a second time on your router to get to the real machine. Still after all this some forms of VPN will not pass though a router correctly. Your best bet is if you can get at ssl/tls type connection these use tcp and look like https sessions.
Now if you were to use a external VPN server and open HTTPS sessions with it then you could connect to that service and it would connect the tunnels. Things like teamviewer and gotomypc work that way. There are other vpn services that also work that way. You need no port forwarding to make this type of vpn work.