Adding a pfSense firewall to a public server



  • Is there a way to add pfSense for firewalling to an existing web server?  The server is a WAMP box and the company admins use RDP to remotely administer it.  I'd like the admins to connect to pfSense via VPN before being able to establish RDP connections or even limit RDP to just some specific IP ranges.  Since the WAMP server already has a public IP, is there a way to do that?  The only way I know is to give the WAMP server a private IP, give the pfSense box the public IP, and forward traffic as needed.  I'm hoping to not do that as I don't know if they have anything coded with the Public IP.  If they do, then changing the IP would cause problems.

    Thanks for any assistance.



  • pfSense runs on FreeBSD. You cannot install it on another OS.

    If a VPN is your only goal install OpenVPN on that server and run an OpenVPN server on it directly.
    Then configure the Windows Firewall to allow RDP only on the VPN interface.



  • Thanks.  I'm not looking to install pfSense on the same box.  I'm looking to place a box between the public server and the internet without changin the public IP of the server.  I can't think of a way to do that so I'm asking if anyone here might think it is possible.  I don't like the fact that the server sits open on the internet 24x7 and would like to place it behind something secure.



  • Sounds like you want what's called a "transparent or bridging firewall".  There are some guides out on the web for using pfSense in that capacity.  Search for "pfSense transparent firewall" to get started.

    Bill