Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    WAN, 2 LANs and VPN in data center

    Scheduled Pinned Locked Moved General pfSense Questions
    1 Posts 1 Posters 457 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • U Offline
      uruviel
      last edited by

      Currently I have the following setup on my half-rack in a data center.

      Cisco Catalyst Switch:

      • Datacenter management VPN -> VLAN1 (to IPMI port of servers)  (separate routing&gateway)
      • Internet  (EtherChannel) -> VLAN2 (to eth0 of servers) (public internet IPs)
      • Local traffic -> VLAN3 (to eth1 of servers) (10.0.0.1/24)

      All assigned with static IPs, no NAT or DHCP.
      Unfortunately, it's extremely hard to keep the firewall rules stable for each of the servers (UFW + Docker + iptables is such a pain…) so I bought a pfSense appliance. I want to configure it as follows:

      • Datacenter Management VPN -> Management port for pfSense
      • Internet EtherChannel -> WAN
      • WAN -> Filtering bridge -> VLAN2 (internet)
      • WAN -> VPN (but nothing else!) -> VLAN3

      Now it would be really great if I can reach 10.0.0.1/24 via a VPN, but no inbound internet traffic should ever reach that VLAN3 (it's internal traffic, whole point is to seperate internal from external)

      What would be the best way of going about this? In particular I'm a bit confused how I can get VLAN3 seperate from the rest, while still having VPN access to that subnet.

      Any other setup would of course also be welcome

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.