• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

does pfsense behind router make sense

Scheduled Pinned Locked Moved General pfSense Questions
pfsensefirewallnasforwardinghome
8 Posts 4 Posters 1.6k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • C
    Ced
    last edited by Nov 1, 2019, 4:06 PM

    Hello,

    I‘m new to pfsense and I’ve never used it before. I want to run a virtualization server with something like nextcloud or a nas in my home network. It would be great if me and some more people could reach it from the internet. My plan is to do portforwarding on my router to give access to the fileserver. My question is if it is more secure to install pfsense on the server (on another vm) and forward any requests to the pfsense vm instead of forwarding directly to the fileserver.

    1 Reply Last reply Reply Quote 0
    • J
      JKnott
      last edited by Nov 1, 2019, 7:33 PM

      I'd say go with pfSense alone. You'll save a lot of headaches that way.

      PfSense running on Qotom mini PC
      i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
      UniFi AC-Lite access point

      I haven't lost my mind. It's around here...somewhere...

      C 1 Reply Last reply Nov 1, 2019, 7:49 PM Reply Quote 0
      • C
        Ced @JKnott
        last edited by Nov 1, 2019, 7:49 PM

        @JKnott Would be one way but I need the ISP Router for iptv and stuff.

        J 1 Reply Last reply Nov 1, 2019, 8:19 PM Reply Quote 0
        • C
          chpalmer
          last edited by Nov 1, 2019, 8:10 PM

          Talk a bit about your ISP and type of internet they provide. It might be possible to bypass their router anyways.

          You don't know till you ask.

          IPTV and stuff?? what other stuff?

          Having pfsense in between your servers and the world is a good idea because it gives you much better control and monitoring capabilities than the ISP supplied router has. Some ISP supplied routers have such a small NAT table that calling them junk is to good a title for them..

          Triggering snowflakes one by one..
          Intel(R) Core(TM) i5-4590T CPU @ 2.00GHz on an M400 WG box.

          1 Reply Last reply Reply Quote 0
          • J
            JKnott @Ced
            last edited by Nov 1, 2019, 8:19 PM

            @Ced said in does pfsense behind router make sense:

            @JKnott Would be one way but I need the ISP Router for iptv and stuff.

            It may be possible to put the router in bridge mode, without affecting other services. Perhaps you can mention your ISP and modem model, so others can provide better info.

            PfSense running on Qotom mini PC
            i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
            UniFi AC-Lite access point

            I haven't lost my mind. It's around here...somewhere...

            1 Reply Last reply Reply Quote 0
            • D
              Derelict LAYER 8 Netgate
              last edited by Nov 1, 2019, 8:33 PM

              OK if you already have a firewall why do you need a pfSense firewall?

              Chattanooga, Tennessee, USA
              A comprehensive network diagram is worth 10,000 words and 15 conference calls.
              DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
              Do Not Chat For Help! NO_WAN_EGRESS(TM)

              J 1 Reply Last reply Nov 1, 2019, 8:49 PM Reply Quote 0
              • J
                JKnott @Derelict
                last edited by Nov 1, 2019, 8:49 PM

                @Derelict said in does pfsense behind router make sense:

                OK if you already have a firewall why do you need a pfSense firewall?

                The firewall in my modem, in gateway mode, is crappy. For example, it's not possible to set rules in IPv6. Gateway mode also provides just a single /64, so Guest WiFi is IPv4 only.

                PfSense running on Qotom mini PC
                i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
                UniFi AC-Lite access point

                I haven't lost my mind. It's around here...somewhere...

                1 Reply Last reply Reply Quote 0
                • D
                  Derelict LAYER 8 Netgate
                  last edited by Nov 1, 2019, 9:13 PM

                  Well it is up to the ISP device to provide reasonable support for a customer-owned firewall device while still providing the necessary IPTV, etc functionality.

                  Chattanooga, Tennessee, USA
                  A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                  DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                  Do Not Chat For Help! NO_WAN_EGRESS(TM)

                  1 Reply Last reply Reply Quote 0
                  7 out of 8
                  • First post
                    7/8
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                    This community forum collects and processes your personal information.
                    consent.not_received