New to this world
-
Hello everyone!
I'm a programmer and I've had a home debian server for a few years now.
My router the a crappy thomson tg784 from my ISP which acts as a demarc I believe.
I've decided that I want to install a pfsense at home and I have some objectives while doing so:- Get a decent firewall.
- Get a proper traffic redirection (DNS?)
- Separate my server network from my personal network.
- Server network only in cable and personal network with cable and WI-FI
Since I'm new to networks I got a few questions related to the use of pfsense and networking in general.
To separate the two networks (home use and server use) I'll need to create two subnets being the one for personal use the default right? or is there a another way to separate them?
Can it be impossible to someone in the personal network which to the server and vice versa? (thats why I wanted two separate cable connections and only one WI-FI)
I'm going to be using a 10 year old computer (at least for now) with some small upgrades to make it just a little faster and I was wondering if theres any advantage of having an SSD for internal cache.
Since I have two domains and two linux servers to redirect the traffic to the correct server I have to install DNS on the pfsense right? or is there a better way of doing it? At the moment all the traffic is going to a single server apache and then redirected to the other apache if desired.
I think my router actually acts as a demarc for the ISP and I'm not sure if I can switch it for the pfsense. Is disabling the firewall of the router, disabling the firewall and connecting it strait to the pfsense a good options?
Are there any good tutorials or documentation to help a noob (me) to set this kind of network with pfsense?Thanks,
João Lourenço. -
Hi joaogl,
To separate the two networks (home use and server use) I'll need to create two subnets being the one for personal use the default right? or is there a another way to separate them?
OK, you can use vlan (for this you need a switch) or your server have 03 network card (wan,lan,wireless).
Can it be impossible to someone in the personal network which to the server and vice versa? (thats why I wanted two separate cable connections and only one WI-FI)
Yes, for this you can configure the access by rules of the firewall.
Since I have two domains and two linux servers to redirect the traffic to the correct server I have to install DNS on the pfsense right? or is there a better way of doing it?
Not, for this you can configure with the firewall with Nat–-Port Forward by redirect the traffic from the server01 to server02.
I think my router actually acts as a demarc for the ISP and I'm not sure if I can switch it for the pfsense. Is disabling the firewall of the router, disabling the firewall and connecting it strait to the pfsense a good options?
You can use pfsense as boundary only you must put the router in bridge mode
-
Given what you describe, either you will need one interface per network or you will need switch with VLAN support.
"home Wifi" means that you will connect your wifi access point to your home LAN, that's it… if you don't want to isolate wifi network.
However, depending on your location, you should think about isolating wifi from "home LAN".
Well, it depends on what you have on your home LAN but risk is higher with wifi than cable to have some unwanted connection.
you could also implement WPA2-enterprise with Radius for authentication so that wifi access is under better control.Anyway, whatever solution you select, keep in mid that merging LAN and Wifi might not be a very good idea.
With either VLAN or real NIC, you will isolate "server LAN" and "home LAN" with FW in the middle so yes, you can control which IP is authorized to access your "server LAN".
Traffic redirection to your Apache servers is not clear to me.
Do you mean internal traffic from home LAN to server LAN or traffic from internet to internal Apache servers.Are you sure you have 2 different domains here? (why not but I suspect you mix-up "domain" and fqdn
In any case, pfSense DNS feature should be used only for internal devices. If you need to resolve internal services exposed to internet, do this using external (public) DNS.