Protecting my public servers
I have 14 public IP addresses which i would like to protect with pfsense. My pfsense has 3 interfaces. LAN, WAN, OPT1(DMZ). I am having a mental block so any help is appreciated.
I would like my LAN to be able to access the public servers with out going through the WAN.
WAN - 220.127.116.11 GW 18.104.22.168 MASK 255.255.255.240
OPT1 -11.22.33.? - 22.214.171.124 MASK 255.255.255.240 - does this make sense?
LAN 192.168.1.x MASK 255.255.255.0
I need to able to limit what is available to the outside. ie servers only provide web services or??? HTTP, SSH, HTTPS….but they can be fully accessible from the LAN or i can open more ports from the LAN to the DMZ? ie have FTP available only from the LAN.
Generally a good read for similarly problems.