[SOLVED]Help with routes on múltiples pFsense

_neok

Hi, excuse my inexperience. I wanted to ask them to help me set up a basic routing for my LAN.
I plan to use a pfSense firewall edge against the internet. This would have a WAN interface, one LAN, and another for DMZ. The roles I would run are firewall, nat, and router. (I'll call it fw1)
I want to use another pfSense against my LAN that will work as a transparent proxy. (I'll call it px1) The roles I would run are firewall, proxy server, router.
I'm having problems because I don't know how to set up routing and subnetting so that the proxy goes out to the internet directly through the firewall edge.
Here are some examples of how I understand that I should do the routing.
Outbound traffic:
LAN client internet request > Proxy Server > Firewall Edge > Internet.
LAN client DMZ resource request > Proxy Server > DMZ resource.
Inbound traffic:
Internet > Firewall Edge> DMZ resource.
DMZ resource > Proxy Server > LAN resource.

I don't really know how to do the subnetting, that is, how to arm the IP address logic.

Until now I had only used pfSense one at a time, I had never configured an external one along with an internal one.

Any example would serve me very well.
I am very grateful to you indeed.
Gabriel

lonblu

I never did it, I will have to, but I have a similar network with other stuff.

DMZ 10.2.3.0/27 - 30 hosts max
LAN 192.168.2.0/24 - 254 hosts max

Both Pfsenses have interfaces on the Dmz.

The rest should be setup on the clients gateways and proxy config.

johnpoz

What do you get in such a scenario other than complexity?  Why can you not just run proxy on fw 1?

_neok

@johnpoz:

What do you get in such a scenario other than complexity?  Why can you not just run proxy on fw 1?

When I read you message I start thinking… Is true, is more complex 2 pfsense servers...

If I wanted to have a single pfSense that makes Firewall, NAT, Proxy Server and route certain external connections to my DMZ. I can do it?
Considering that I also want that from my LAN they can access certain resources in the DMZ. Could it be done with just one pfSense?

johnpoz

yeah can be done with just 1.. Not sure why you think it couldn't?

Your using a reverse proxy from the outside into your dmz.

_neok

@johnpoz:

yeah can be done with just 1.. Not sure why you think it couldn't?

Your using a reverse proxy from the outside into your dmz.

I realised that is more easy to do this whith only one pfSense in HA clúster.

Thankls for help.