Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Best Way to Achieve this?

    General pfSense Questions
    2
    4
    378
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      nambi
      last edited by

      I have PFsense running 1 lan 1 wan.

      Everything is on the same subnet. I want t to secure the network moving some components to another subnet.

      I have a CCTV system and a Cloud (Next Cloud)m I would like to have both of these on different subnets, this way if these get compromised my main network will be separate.

      From my understanding I would need to setup Vlans for each subnet along with a reverse proxy for my nextcloud (since port 80 is already being used)

      I have Windows as being my DCHP but was hoping I the new VLANS I setup would use PFSENSE as the DHCP server ONLY for the Vlans. Is this possible to have windows handle DCHP simultaneously with pf sense?

      I have looked at several videos online on how to setup VLANS but when I go into DHCP Server I don't see the new vlans I created there, which I expected was required to setup the subnet addresses, currently I never was using this because Windows was handling the requests.

      Any tips would be appreciated

      1 Reply Last reply Reply Quote 0
      • KOMK
        KOM
        last edited by

        @nambi said in Best Way to Achieve this?:

        along with a reverse proxy for my nextcloud (since port 80 is already being used)

        What?? Don't waste time with that. Get yourself a domain and then use Let's Encrypt/Certbot to get a wildcard SSL cert and then config your Nextcloud to use 443.

        General consensus seems to be let AD handle DNS and DHCP. You can forward your AD DNS to pfSense if you like.

        VLANs have nothing to do with DHCP specifically, other than that they appear as an interface for DHCP to listen and serve on just like with a physical interface. You can have multiple DHCP servers as long as they don't overlap in their scopes, but it is not recommended since you will run into problems like DHCP registration with DNS.

        While Netgate doesn't have a specific VLANs video, the well-respected Lawrence Systems does so you might want to look at that.

        1 Reply Last reply Reply Quote 0
        • N
          nambi
          last edited by

          Thanks for the help. to administrate if I have something else using 443 would I then need to use the reverse proxy?

          Should I be using Vlans for this? Would VLANS give me the added security encase I was ever compromised?

          1 Reply Last reply Reply Quote 0
          • KOMK
            KOM
            last edited by

            @nambi said in Best Way to Achieve this?:

            if I have something else using 443 would I then need to use the reverse proxy?

            That's one way. You could also reconfigure the web listen port for one of your servers to some other port. I tend to avoid using a reverse proxy because its extra complexity with potential issues that I'd rather avoid.

            Also yes, VLANs give you network separation as if they were physical interfaces. You always want to provide a gap between front-facing services and your LAN so that any exploited servers aren't used as a stepping stone to taking over your network.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.