Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    SG-2100 DMZ for home cloud

    Scheduled Pinned Locked Moved L2/Switching/VLANs
    23 Posts 3 Posters 2.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      SteveITS Galactic Empire @Sean 0
      last edited by

      @sean-0 said in SG-2100 DMZ for home cloud:

      Wouldn't 192.168.1.2 be under the lan network

      Don't know, you have to tell us. :) What is the IP of the web server? You should end up with something like this on the NAT port forward:
      ee613e4e-5c14-4eba-bc23-5767e1c04c3c-image.png

      @sean-0 said in SG-2100 DMZ for home cloud:

      it takes me to the firewall dchp

      Not sure what that means...pfSense's web page? That would be if you're browsing to an IP on the pfSense.

      Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
      When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
      Upvote ๐Ÿ‘ helpful posts!

      S 2 Replies Last reply Reply Quote 0
      • S
        Sean 0 @SteveITS
        last edited by

        @steveits I am creating a subnet in the process. I stumbling through the ip routing/network setup. 192.168.1.1 is the pfsense router/firewall ip. So at somepoint a static ip has to transcribe to the vlan ip. I am considering using haproxy, I believe this would add security and I wouldn't have to change the dchp server setup

        1 Reply Last reply Reply Quote 0
        • S
          Sean 0 @SteveITS
          last edited by

          @steveits How would I determine the webserver IP, it is currently a dchp server... do i need to convert to static or can I reverse proxy?

          S 1 Reply Last reply Reply Quote 0
          • S
            SteveITS Galactic Empire @Sean 0
            last edited by

            For NAT to work it directs to a specific IP so the web server either needs a static IP or a DHCP reservation. If it's DHCP it will work until the web server happens to get a different IP for some reason.

            As far as determining the IP what is the OS of the web server? (run "ipconfig" for Windows or "ip a l" or whatever) If it's getting DHCP from pfSense it would be shown in the DHCP status page.

            Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
            When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
            Upvote ๐Ÿ‘ helpful posts!

            S 2 Replies Last reply Reply Quote 0
            • S
              Sean 0 @SteveITS
              last edited by

              This post is deleted!
              S 1 Reply Last reply Reply Quote 0
              • S
                Sean 0 @Sean 0
                last edited by

                @steveits Its ubuntu live server running apache, but the ip seems off. It doesn't match the ip I entered following the vlan guide. Reverse proxy will solve any dchp potential issues, once configured correctly. My set up matches your picture. I need to accomplish:
                Firewall setup.PNG

                S 1 Reply Last reply Reply Quote 0
                • S
                  Sean 0 @Sean 0
                  last edited by

                  partial success.PNG
                  The server is showing, I can't seem to figure out how to set the trusted domain properly, I have entered as many as I can find.

                  1 Reply Last reply Reply Quote 0
                  • S
                    SteveITS Galactic Empire @Sean 0
                    last edited by

                    The end of the doc I posted above mentions "You should also enable DHCP if necessary, by going to Services > DHCP Server > OPT1 (for the example above)." If you didn't do that you'll need to set a static IP on the web sever.

                    re: untrusted domain, is that what shows in your browser when you connect to the web server? If you're using HTTPS you'll either need a certificate matching the hostname you're using to connect to it, or you'll need to ignore the certificate warning. That's not a pfSense issue.

                    Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
                    When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
                    Upvote ๐Ÿ‘ helpful posts!

                    1 Reply Last reply Reply Quote 0
                    • S
                      Sean 0 @SteveITS
                      last edited by

                      @steveits I got it working on lan. Now I'll have to figure out wan so I can Isolate the server via vlan switch

                      1 Reply Last reply Reply Quote 0
                      • S
                        Sean 0
                        last edited by

                        @SteveITS After isolating the vlan on the switch, I had to configure a static IP, and now must configure for the WAN access. Would you know anything about this?

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.