Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Network Firewall/Nat Plan Validation

    Scheduled Pinned Locked Moved General pfSense Questions
    4 Posts 3 Posters 1.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jlgdeveloper
      last edited by

      Hi Everyone

      I am trying to ensure that I can set up the attached diagrammed network without any "gotcha's" that I have overlooked.

      Verbally, this is the plan:

      The web facing firewall (pfsense) would present external IP's to the web. Internally, there will be several private internal lan's each with their own pfsense firewalls.

      I need to be able to translate the http and https url traffic to any of the internal firewalls and through those to webservers internal to those lan's.

      The left most network would have IIS servers. Would I need to bind the webserver netwaork adapter to the url or would I then be having to bind iis to and internal IP?

      Any thoughts would be appreciated in lieu of physically setting this up to test.

      Thanks,

      Jonathan

      webserver-nat-validation.jpg
      webserver-nat-validation.jpg_thumb

      1 Reply Last reply Reply Quote 0
      • Cry HavokC
        Cry Havok
        last edited by

        Ideally you need one external (Internet) IP per web server.  If you don't have that then you can use the likes of HAproxy (search the forum for more) for HTTP, I don't know if it can also work for HTTPS.

        Edit: Corrected product name

        1 Reply Last reply Reply Quote 0
        • jimpJ
          jimp Rebel Alliance Developer Netgate
          last edited by

          @Cry:

          Ideally you need one external (Internet) IP per web server.  If you don't have that then you can use the likes of HAVP (search the forum for more) for HTTP, I don't know if it can also work for HTTPS.

          I think you mean HAproxy.

          Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

          Need help fast? Netgate Global Support!

          Do not Chat/PM for help!

          1 Reply Last reply Reply Quote 0
          • Cry HavokC
            Cry Havok
            last edited by

            That'll be it  ::)

            I'll go edit that post (if I still can).  Thanks.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.