[SOLVED]Help with routes on múltiples pFsense



  • Hi, excuse my inexperience. I wanted to ask them to help me set up a basic routing for my LAN.
    I plan to use a pfSense firewall edge against the internet. This would have a WAN interface, one LAN, and another for DMZ. The roles I would run are firewall, nat, and router. (I'll call it fw1)
    I want to use another pfSense against my LAN that will work as a transparent proxy. (I'll call it px1) The roles I would run are firewall, proxy server, router.
    I'm having problems because I don't know how to set up routing and subnetting so that the proxy goes out to the internet directly through the firewall edge.
    Here are some examples of how I understand that I should do the routing.
    Outbound traffic:
    LAN client internet request > Proxy Server > Firewall Edge > Internet.
    LAN client DMZ resource request > Proxy Server > DMZ resource.
    Inbound traffic:
    Internet > Firewall Edge> DMZ resource.
    DMZ resource > Proxy Server > LAN resource.

    I don't really know how to do the subnetting, that is, how to arm the IP address logic.

    Until now I had only used pfSense one at a time, I had never configured an external one along with an internal one.

    Any example would serve me very well.
    I am very grateful to you indeed.
    Gabriel



  • I never did it, I will have to, but I have a similar network with other stuff.

    DMZ 10.2.3.0/27 - 30 hosts max
    LAN 192.168.2.0/24 - 254 hosts max

    Both Pfsenses have interfaces on the Dmz.

    The rest should be setup on the clients gateways and proxy config.


  • Rebel Alliance Global Moderator

    What do you get in such a scenario other than complexity?  Why can you not just run proxy on fw 1?



  • @johnpoz:

    What do you get in such a scenario other than complexity?  Why can you not just run proxy on fw 1?

    When I read you message I start thinking… Is true, is more complex 2 pfsense servers...

    If I wanted to have a single pfSense that makes Firewall, NAT, Proxy Server and route certain external connections to my DMZ. I can do it?
    Considering that I also want that from my LAN they can access certain resources in the DMZ. Could it be done with just one pfSense?


  • Rebel Alliance Global Moderator

    yeah can be done with just 1.. Not sure why you think it couldn't?

    Your using a reverse proxy from the outside into your dmz.



  • @johnpoz:

    yeah can be done with just 1.. Not sure why you think it couldn't?

    Your using a reverse proxy from the outside into your dmz.

    I realised that is more easy to do this whith only one pfSense in HA clúster.

    Thankls for help.