Protecting my public servers



  • Hi,

    I have 14 public IP addresses which i would like to protect with pfsense. My pfsense has 3 interfaces. LAN, WAN, OPT1(DMZ). I am having a mental block so any help is appreciated.
    I would like my LAN to be able to access the public servers with out going through the WAN.
    WAN - 11.22.33.2 GW 11.22.33.1 MASK 255.255.255.240
    OPT1 -11.22.33.? - 11.22.33.14 MASK 255.255.255.240 - does this make sense?
    LAN 192.168.1.x MASK 255.255.255.0

    I need to able to limit what is available to the outside. ie servers only provide web services or??? HTTP, SSH, HTTPS….but they can be fully accessible from the LAN or i can open more ports from the LAN to the DMZ? ie have FTP available only from the LAN.

    Thanks




Log in to reply