deploy a firewall, a file and media server on one machine



  • continuation of the topic https://forum.netgate.com/topic/58190/how-to-make-autostart-of-add-on-services
    I do not understand why it was closed. probably dilettantes are annoying. Nevertheless.
    simple users will still do so anyway,
    If you do not want to help, give an opportunity to others

    pfsense is very popular for organizing a router in a home network.
    Yes probably it is not safe, but there is no second server.
    We appreciate your concern for security, but is there really no way to deploy a firewall, a file and media server on one machine ?.
    Many people will appreciate your advice.


  • Netgate Administrator

    If you really have to do this for some reason you should virtualise both parts and separate them that way.

    Steve



  • I fully agree.
    It should be done with VM:s if it has to be done.

    For example hyper-v server, it's a free download from MS ( not to confused with windows server - which contains hyper-v)

    on top of that a vm with PFsense and at least another vm that provides your services


  • Rebel Alliance Global Moderator

    There are a plenty of free Virtualization software to choose from these days to leverage your hardware. The mentioned hyper-v, esxi (free), vmware player, virtualbox, xen, etc. etc. The list goes on an on.. My nas clickity clickity can run vms on it.. There just is zero reason to try and install these services inside the actual firewall OS..

    If you have some box you want to leverage for multiple duties. Your firewall, your fileserver, your media server - then have at it, takes of few minutes of setup and can run whatever services you want in a secure manner.. Not dicking with the underlaying features of your "firewall"..

    There are plenty of people willing to help you setup pfsense on VM.. I did it for years and years on esxi. Currently got hardware sg4860.. Which I do believe can run esxi on that hardware if I really wanted to run other services on the box.. But have no need because I just run that on the nas box, etc.

    https://www.netgate.com/docs/platforms/rcc-ve-4860/esxi.html
    This guide will cover two ways to install and use ESXi on RCC-VE devices. This guide was written for the RCC-VE 4860, but applies to any RCC-VE device. The same instructions work for ESXi 6.0.x and 6.5.



  • There are other options like putting the potentially dangerous file sharing servive into a FreeBSD jail. That option however is firmly outside the scope of these forums because you'll need the full version of FreeBSD to run jails, pfSense won't do it.



  • is there really no way to deploy a firewall, a file and media server on one machine ?

    Without reiterating all of the aforementioned security concerns, the short answer is yes, but not by enabling services on PFsense in the underlying OS that were never meant to be enabled.

    If you want PFsense at the edge, then leverage a hypervisor, deploy whatever you want into different VM's and your services will all technically exist on one machine.

    However, if you're looking to deploy an all-in-one solution within the same OS, then you'd move towards more of a small business server distro like... ClearOS, Zentyal, NethServer, etc.


  • Rebel Alliance Developer Netgate

    There are no technical reasons it cannot be done, but there are many other reasons to avoid making an eierlegende Wollmilchsau.

    "I want to do this so you should let me and help me" isn't enough reason to enable poor security behavior. You will end up making a device that does all of those jobs poorly instead of letting dedicated hosts perform their tasks optimally.

    The closest you'll get from a security standpoint is virtualization rather than configuring all of these in the same host OS.



  • Thanks for the advice. I remade the server to ESXi and I liked result


  • Netgate Administrator

    Good decision! 👍