Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Help me fill in the dots - Advanced Home Network with FQDN via DynDNS

    Scheduled Pinned Locked Moved General pfSense Questions
    9 Posts 2 Posters 2.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M Offline
      MagicCamera
      last edited by

      Ok I will try and keep this brief. I've attached a diagram of the equipment I have at my disposal and want to set up the network properly.

      I want to be able to access the FQDN from within my LAN(s). I am a little bit in the dark as to how to utilize the OPT1 and OPT2 of the pfsense SG2440 box.

      I'd like some insight to connecting it all together with proper firewall (simple but effective that is) settings. Not sure this would fall in the realm of official pfSense support of which I have 2 incidents to spend  :D

      My FQDN sites are Oracle VirtualBoxes, however one of them should not be accessible from the internet but serve data to the web server. Now I have had this working just fine before I added the SG2440 box but didn't like the pfSense VirtualBox being chained behind the Linksys box which was where the SG2440 is now.

      Suggestions and insights to any literature resources. I have the pfSense book but it doesn't really cover tutorial style set ups.

      Thanks in advance

      1 Reply Last reply Reply Quote 0
      • johnpozJ Online
        johnpoz LAYER 8 Global Moderator
        last edited by

        Well if your going to want to run multiple segments, I see 192.168.1, 10.1.10 and a 192.168.3 with also 192.168.2 mentioned your going to need a swith that supports vlans or multiple switches.

        you could leverage the switch ports on your old wifi router for 1 of the segments and your other switch for another one of them, etc.

        So the different networks you want to have would be on the different interfaces of pfsense

        so lets say lan would be 192.168.1.0/24
        opt1 would be 10.1.10.0/24
        and opt2 would be 192.168.3.0/24

        if you wanting to use 192.168.2.0/24 as well then you would need to do that via vlan or get another nic on pfsense.

        I can draw this out for you if you need.

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 25.07.1 | Lab VMs 2.8, 25.07.1

        1 Reply Last reply Reply Quote 0
        • M Offline
          MagicCamera
          last edited by

          Drawing it out would be nice. I am just wondering though if I need the VirtualBox version of pfSense now, I guess it just adds too much complexity.
          The 192.168.2.0 is not necessary, it seems the mac OS automatically gives my wifi card that IP if I set it up to share internet connection. I'll probably just turn the wifi off on that machine since it is rather redundant and quite possibly overkill.

          But the important thing is to get my Ubuntu FQDN web server facing the internet accepting incoming traffic.

          Thanks for the reply

          Oh and that is why I didn't connect the X marks :D hoping someone would show me an option.

          1 Reply Last reply Reply Quote 0
          • johnpozJ Online
            johnpoz LAYER 8 Global Moderator
            last edited by

            I didn't notice that you want to run pfsense in virtual as well as hardware - that is kind of overkill.

            Here is a simple breakdown.. Again you need switch ports to connect to the different networks.

            to use your wireless router as just AP and switch ports, disable its dhcp server connect it to pfsense via lan port, then you can connect other devices to the other lan ports and they will be on that segment.

            Pfsense will provide dns and dhcp for your network.  So all clients can resolve all other clients via dns.  As to your server being available to the public - that is simple port forward to the IP your web server is on.

            3segments.jpg
            3segments.jpg_thumb

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 25.07.1 | Lab VMs 2.8, 25.07.1

            1 Reply Last reply Reply Quote 0
            • M Offline
              MagicCamera
              last edited by

              Yes much more simplified and easier to set up the firewall rules too.

              However my thoughts on using a virtual box pfsense was that the main pfsense would send all ports open to it and that the virtual box would manage the web server stuff.

              Thanks for your information.

              1 Reply Last reply Reply Quote 0
              • johnpozJ Online
                johnpoz LAYER 8 Global Moderator
                last edited by

                Why??  And why would you send ALL Ports to another firewall?  When you have a firewall already that could send just the ports you want..

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 25.07.1 | Lab VMs 2.8, 25.07.1

                1 Reply Last reply Reply Quote 0
                • M Offline
                  MagicCamera
                  last edited by

                  You are right, it is illogical. So I have moved off of that idea.

                  However, I am trying to figure out how OPT1 and OPT2 can reach the internet, right now I am stuck on that notion.

                  I have 2 NICs en3 and en5 assigned from the mac mini to Opt1 and Opt2, when I turn off the main NIC en0 on LAN, internet access is lost.

                  Trying out the firewall options for OPT1 and OPT2 in order for them to provide internet access.

                  Seems if I duplicate the LAN default rules it works, but not sure if this is correct method. Currently connected via wifi from my workstation to the mac mini wifi which is sharing the internet connection through En3 that is connected to OPT1.

                  Of course the wifi connection is temporary. Just using it to test connections without having to get up off my bum and move wires around :D

                  1 Reply Last reply Reply Quote 0
                  • johnpozJ Online
                    johnpoz LAYER 8 Global Moderator
                    last edited by

                    Yeah you need to have rules - there is nothing wrong with a default any any if that is what you want to allow.  You can be as open and or as restrictive as you want.  But you have to have something or the default deny is blocking everything.

                    An intelligent man is sometimes forced to be drunk to spend time with his fools
                    If you get confused: Listen to the Music Play
                    Please don't Chat/PM me for help, unless mod related
                    SG-4860 25.07.1 | Lab VMs 2.8, 25.07.1

                    1 Reply Last reply Reply Quote 0
                    • M Offline
                      MagicCamera
                      last edited by

                      Yep. Agreed. Something for me to experiment with now and create a proper DMZ.

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.