Public networks behind firewall
-
Hi
I have some public /27 networks with web- and mailservers and some other VM's. What is the best method to make them accessible from the internet? I don't want to use NAT. Are there any other options then bridging?
Thanks
-
@krisbe said in Public networks behind firewall:
Hi
I have some public /27 networks with web- and mailservers and some other VM's. What is the best method to make them accessible from the internet? I don't want to use NAT. Are there any other options then bridging?
Thanks
What is your network topology ? you can use reverse proxy for web and mail servers.
-
It looks like this.
Web- and mailservers were a example. There are also multiple FTP servers, SSH servers, DNS servers, VPN servers etc. Not only from us, but also from clients.
-
@krisbe said in Public networks behind firewall:
It looks like this.
Web- and mailservers were a example. There are also multiple FTP servers, SSH servers, DNS servers, VPN servers etc. Not only from us, but also from clients.
Pfsense is in transparent mode ? have you configured public IP's directly on servers ?
-
Yes indeed, public IP's are configured on the server interfaces.
Transparent mode == bridging WAN and OPT1? -
@krisbe said in Public networks behind firewall:
Yes indeed, public IP's are configured on the server interfaces.
Transparent mode == bridging WAN and OPT1?
YesYou can configure haproxy package available in pfsense to act as frontend for all those servers.
you can assign public ip's as virtual Ip's in pfsense for wan interface, so that It can accept request and forward it to backend servers(web servers, mail , ftp{for ftp check for ports PASSV or ACTIVE} etc). you can read more about in forums. -
@krisbe said in Public networks behind firewall:
I don't want to use NAT. Are there any other options then bridging?
Just turn off NAT, as described here.
-
@jknott said in Public networks behind firewall:
@krisbe said in Public networks behind firewall:
I don't want to use NAT. Are there any other options then bridging?
Just turn off NAT, as described here.
how would that help?
-
@vallum said in Public networks behind firewall:
@jknott said in Public networks behind firewall:
@krisbe said in Public networks behind firewall:
I don't want to use NAT. Are there any other options then bridging?
Just turn off NAT, as described here.
how would that help?
The OPs question was "What is the best method to make them accessible from the internet? I don't want to use NAT. ". That means he wants a basic router, without NAT. So, the solution is to turn it off.
This is one thing that really bugs me about NAT. It's become so persuasive that many people think it's the normal way to do things. It's not. It's a hack to get around the IPv4 address shortage and creates some problems of it's own.
-
I think I found the answers here:
- https://docs.netgate.com/pfsense/en/latest/book/firewall/methods-of-using-additional-public-ip-addresses.html
- https://docs.netgate.com/pfsense/en/latest/book/routing/routing-public-ip-addresses.html
One more question. I want to use a few of these public IP's on devices on another pfSense interface. How can I do that?