pfSense as VPN+Firewall on hosted server



  • How would you configure pfSense in a situation like this:

    I have a server hosted in a datacenter that is assigned a private IP range that the hosting center then maps with public IPs, for example like this:

             LAN IP       Public IP
    VM 1     10.0.0.170   203.0.113.170
    VM 2     10.0.0.171   203.0.113.171
    VM 3     10.0.0.172   203.0.113.172
    VM 4     10.0.0.173   203.0.113.173
    

    pfSense should be installed on VM 1 and set up as a firewall and VPN server for the rest of the network, so that VM 2, VM 3, VM 4, is publicly accessible only on port 80. All other ports should only be accessible when logging in via VPN.

    How would I set this up using pfSense ? Setting up firewall rules and setting up a VPN is easy enough, but how do i route all traffic through pfSense, and what do I assign as WAN and LAN interfaces ?


  • Moderator

    @mkaltoft As I suppose your datacenter ISP that hands out the public IPs hasn't allocated you a public IP subnet/space that could be routed, just let him point all public IPs to IP of the pfSense in VM1. Then use 1:1 NAT or port forwardings to map .171 public to .171 private.



  • @jegr said in pfSense as VPN+Firewall on hosted server:

    @mkaltoft As I suppose your datacenter ISP that hands out the public IPs hasn't allocated you a public IP subnet/space that could be routed, just let him point all public IPs to IP of the pfSense in VM1. Then use 1:1 NAT or port forwardings to map .171 public to .171 private.

    That makes a lot of sense - thank you so much.