pfSense DMZ Home Network Lab

jemu · Dec 6, 2018, 9:39 AM

How would I build DMZ home network lab with external and internal firewall using pfSense.
Should I use two instances of pfSense or one instance can accomplish this.

NogBadTheBad · Dec 6, 2018, 9:48 AM

No need for two routers for home use DMZ in my opinion.

Use VLANS or different LAN interfaces on the router for your LAN & DMZ and two switches.

If you use VLANS you'll need a switch that supports 802.1q.

On the DMZ interface block traffic to the LAN interface addresses.

jemu · Dec 6, 2018, 10:00 AM

what is the disadvantage of deploying two instances. I find it to be straight forward

NogBadTheBad · Dec 6, 2018, 11:12 AM

Just seems to be a bit of an overkill tbh.

tim.mcmanus · Dec 6, 2018, 1:58 PM

You could also do this with three NICs and two switches.

NIC 1 -> WAN
NIC 2 -> LAN
NIC 3 -> DMZ

Set up your FW rules so that connections can go into the DMZ, nothing can initiate a connection out of it. Then you're done. You'll have the physical segmentation you're looking for, and it's relatively inexpensive and fairly simple to do this.