Protecting my public servers
-
Hi,
I have 14 public IP addresses which i would like to protect with pfsense. My pfsense has 3 interfaces. LAN, WAN, OPT1(DMZ). I am having a mental block so any help is appreciated.
I would like my LAN to be able to access the public servers with out going through the WAN.
WAN - 11.22.33.2 GW 11.22.33.1 MASK 255.255.255.240
OPT1 -11.22.33.? - 11.22.33.14 MASK 255.255.255.240 - does this make sense?
LAN 192.168.1.x MASK 255.255.255.0I need to able to limit what is available to the outside. ie servers only provide web services or??? HTTP, SSH, HTTPS….but they can be fully accessible from the LAN or i can open more ports from the LAN to the DMZ? ie have FTP available only from the LAN.
Thanks
-
Generally a good read for similarly problems.
http://doc.m0n0.ch/handbook-single/#id11641814
http://forum.pfsense.org/index.php/topic,7001.0.html