I am in the process of reconfiguring my home LAN.

Currently my desktop computer (which is also an 'always on' server machine) is visible to the outside world on several ports: ssh, smtp, http and maybe a couple of others (I'd have to check the router configuration to be sure).

I have two ADSL connections, both with static IP and I use a Draytek Vigor 2820n router for load balancing. The 2820n handles one ADSL connection and there's an old Speedtouch ADSL modem/router on the other phone line whose LAN side connects to the 2820n's ethernet WAN input.

What I'm thinking of doing to improve my security (or at least reduce the likelihood of a break-in doing much damage) is to have a dedicated 'dmz' server on the LAN/WAN between the Speedtouch router and the 2820n's WAN port. I can then open up the appropriate ports on *that* system to provide access from the outside world but if someone breaks in they won't be able to see anything much except that machine and a couple of routers.

My question is about what private IP address ranges to use, currently they're as follows:-

2820n - 192.168.1.1 This has *everything* hanging on it, backup NAS, family computers, media boxes, etc.

Speedtouch - 192.168.13.254 2820n WAN - 192.168.13.65 (assigned by Speedtouch DHCP) New dmz computer would be added to this LAN

Would it be worth changing things around so that the Speedtouch LAN is 192.168.1.x (the almost universal default for home LANs) and the 2820n one is 192.168.13.0, or even 10.0.0.0 or 172.16.0.0 so that an intruder is less likely to guess that there's another LAN to look for? I know this is 'security by obscurity' to some extent but it's no effort really except some minor configuration changes to some static addresses and DHCP servers so if it offers any advantage it's probably worth doing.