PfSense –> Web Server
-
Can anyone point me in the right direction for configuring a pfSense box ALIX.2D3 ( http://www.pcengines.ch/alix2d3.htm ) to act as a router/firewall for a LAMP server?
Basic info:
ONT (Optical Network Termination) with Fiber line split into 2 VLAN's on separate data ports:
-PORT 1 / VLAN 1 into WAN on pfSense box #1 (Home network) - this will have a dynamic IP from ISP
-PORT 2 / VLAN 2 into WAN on pfSense box #2 (CentOS web server running 15 websites) - this will have 2 static IP's from ISP for DNS for the server
-LAN on pfSense box #1 out to 24 port switch (home network drops & wireless access point)
-LAN on pfSense box #2 out to 8 port switch (web server has dual nics plugged in here)
-OPT1 on both pfSense boxes will be unused at ths point, may configure a guest wifi network at some pointI think I have a pretty good handle on setting up the #1 box for my home network. Seems to work fine using default settings. Box #2 for the web server I have no idea where to start. Maybe pfSense isn't even a good idea for this? One of my big concerns was keeping my home network and web server separate, but I am hoping the VLAN's in the ONT have pretty much acheived that, combined with the pfSense boxes…?
Any opinions / suggestions would be greatly appreciated!
-
pfSense is good idea for this.
what is your question? -
Is there any specific changes to the default configuration I should be making (for security, or other reasons), aside from creating firewall rules to allow HTTP / FTP traffic?
-
You will need to create port-forwarding NAT to your web-server.
And you decide what to allow users connected to LAN. -
What about using DirectAdmin for a cpanel? (Basically server IP must be external IP for licensing, meaning NAT/LAN can't be used): http://help.directadmin.com/item.php?id=241
Is there a way around this?
-
To just address the last question, if you need the server to have a static IP, you could create a DMZ bridged to WAN. Another solution is to make the firewall transparent. Search around, there is a lot of information on these options.
-
Thanks for the reply. I will investigate.
-
To just address the last question, if you need the server to have a static IP, you could create a DMZ bridged to WAN. Another solution is to make the firewall transparent. Search around, there is a lot of information on these options.
Followed this guide:
http://202.143.130.99/files/transparent_firewall.pdfWorked like a charm! Thanks for pointing me in the right direction :)
