Configuring DMZ hosting for my new pfsense , on my home router
-
@johnytb said in Configuring DMZ hosting for my new pfsense , on my home router:
so.. about the firewall. Is it true that the basic and absolute principle of home networks firewalls is that all external Internet traffic is blocked? And only devices within the LAN that want to go out to the Internet will receive communication back over the same connection that they themselves created, right?
Correct.
As @netblues says though if you are not hosting anything there is no need to forward ports to pfSense, thus no need for the DMZ setting...?
-
@netblues
Ok. So if my pfsense will keep stays behind my main isp router , and just act as an extra layer of protection, then why setting the main isp router to bridge-mode is recommended ??
I even read on one of the forums that the pfsense would have a really hard time functioning when the main router is not in bridge mode. is it true ? -
@johnytb No, it is not.
-
@netblues Ok thanks alot.
so what about bridge mode and why everyone keeps recommend for it ? what are the benefits of it ? -
@johnytb said in Configuring DMZ hosting for my new pfsense , on my home router:
@netblues Ok thanks alot.
so what about bridge mode and why everyone keeps recommend for it ? what are the benefits of it ?I think it is because as soon as you want to be able to access anything of your own stuff, smart home devices, music server etc, or play games you host for friends. You typically need to open up ports in pfsense, or use UPnP.
And setting the ISP router in bridge mode, pretty much removes that device from the equation giving you the public IP directly on pfsense WAN.
Having pfsense in DMZ will give you almost the same thing, but there are still some minor things that will not work, like UPnP for example.
-
@Gblenn said in Configuring DMZ hosting for my new pfsense , on my home router:
there are still some minor things that will not work, like UPnP for example.
As a matter of fact, upnp works with dmz, but you need to provide the external ip in upnp configuration.
Far too small print for the op though.
-
@netblues said in Configuring DMZ hosting for my new pfsense , on my home router:
As a matter of fact, upnp works with dmz, but you need to provide the external ip in upnp configuration.
Well, it does and it doesn't... For some applications it seem to work but for gaming, not so much...
In fact, with all the games I have tested in the Call of Duty series, none of them can connect when behind private IP, using STUN or providing outside IP. It's worse than having Strict NAT...The ONLY way I have managed to make it work is to fake a public IP on the WAN side of pfsense...
-
@Gblenn Cod is a beast on its own.Only port forward will do the trick, and isn't straight forward
-
@netblues Only port forward will get you half way... Static port is "the trick"...
-
@Gblenn Indeed, but still its port forward :)
p.s. Its been years since, but now I remembered
-
@netblues And UPnP is also port forward.. just automagic. But as I said, never got it to work behind private IP using STUN. There is a feature request active to get a setting to allow UPnP to accept WAN with private IP though...