Private game server behind pfsense

A Former User

Hi all, been searching the forums for suggestions but have come up pretty dry.
I'm building a private server for a popular MMO. I want it completely isolated from all my LAN traffic. If I get a 3rd network card for the server, what more would I need to do? Can someone give me a heads up into the proper starting point?

thanks

marvosa

If you're isolating it physically, then you'll need a 2nd switch in addition to that 3rd NIC.

Otherwise, you can add a managed switch and use VLANs.

KOM

It''s literally as simple as adding a firewall rule to that interface that blocks traffic to LAN.

A Former User

@marvosa said in Private game server behind pfsense:

If you're isolating it physically, then you'll need a 2nd switch in addition to that 3rd NIC.

Otherwise, you can add a managed switch and use VLANs.

The only device on the network is the game server, there will not be any other devices. What do I need the 2nd switch for? The setup, I thought, would be as simple as a network cable from the opt1 interface to the server PC.

@kom said in Private game server behind pfsense:

It''s literally as simple as adding a firewall rule to that interface that blocks traffic to LAN.

Thank you, didn't know if I should take it to another level. Just wanted security by isolation and wasn't sure if there was more I should/could do

stephenw10

You should just be able to connect the server directly if you don't need any other devices on that subnet. Unless it's not using Gigabit Ethernet (unlikely) in which case you might need a cross-over cable.

If you only have incoming connections to the server you don't necessarily need any rules on the OPT1 interface, all traffic from the server is blocked. However you will probably need the server to fetch updates etc so it will need rules to allow it to reach DNS and external IPs at least. Simply by omitting any rules that allow access to LAN though it will be isolated.

Steve

A Former User

Yeah there will be incoming connections to the server, I just wanted to ensure that there's no way a curious player could find their way into my personal LAN. I added a rule for the OPT1 interface (the server) to allow all protocols to any destination, then added another rule that simply blocks all source traffic from OPT1 to LAN. Does that sound right?

stephenw10

That will work as long as the block rule is above the pass rule.

Steve

A Former User

@stephenw10 Fortunately I was able to figure that out. Any other security suggestions? Thanks for the help

marvosa

@bumzag said in Private game server behind pfsense:

@marvosa said in Private game server behind pfsense:

If you're isolating it physically, then you'll need a 2nd switch in addition to that 3rd NIC.

Otherwise, you can add a managed switch and use VLANs.

The only device on the network is the game server, there will not be any other devices. What do I need the 2nd switch for? The setup, I thought, would be as simple as a network cable from the opt1 interface to the server PC.

@kom said in Private game server behind pfsense:

It''s literally as simple as adding a firewall rule to that interface that blocks traffic to LAN.

Thank you, didn't know if I should take it to another level. Just wanted security by isolation and wasn't sure if there was more I should/could do

Why do you need a 2nd switch? You will want a 2nd switch for a proper design. Without it, you leave that segment of your network without a switched fabric.

Can you plug your server directly into the OPT1 NIC, technically yes, but PFsense isn't a switch and shouldn't be used as one. Trying to leverage the PFsense NIC's as switches can lead to performance issues.

stephenw10

You don't need a switch if there are only two hosts in the segment, there is no switching to be done. IMO at least.

I wouldn't use a switch there.

Steve