does pfsense behind router make sense



  • Hello,

    I‘m new to pfsense and I’ve never used it before. I want to run a virtualization server with something like nextcloud or a nas in my home network. It would be great if me and some more people could reach it from the internet. My plan is to do portforwarding on my router to give access to the fileserver. My question is if it is more secure to install pfsense on the server (on another vm) and forward any requests to the pfsense vm instead of forwarding directly to the fileserver.



  • I'd say go with pfSense alone. You'll save a lot of headaches that way.



  • @JKnott Would be one way but I need the ISP Router for iptv and stuff.



  • Talk a bit about your ISP and type of internet they provide. It might be possible to bypass their router anyways.

    You don't know till you ask.

    IPTV and stuff?? what other stuff?

    Having pfsense in between your servers and the world is a good idea because it gives you much better control and monitoring capabilities than the ISP supplied router has. Some ISP supplied routers have such a small NAT table that calling them junk is to good a title for them..



  • @Ced said in does pfsense behind router make sense:

    @JKnott Would be one way but I need the ISP Router for iptv and stuff.

    It may be possible to put the router in bridge mode, without affecting other services. Perhaps you can mention your ISP and modem model, so others can provide better info.


  • LAYER 8 Netgate

    OK if you already have a firewall why do you need a pfSense firewall?



  • @Derelict said in does pfsense behind router make sense:

    OK if you already have a firewall why do you need a pfSense firewall?

    The firewall in my modem, in gateway mode, is crappy. For example, it's not possible to set rules in IPv6. Gateway mode also provides just a single /64, so Guest WiFi is IPv4 only.


  • LAYER 8 Netgate

    Well it is up to the ISP device to provide reasonable support for a customer-owned firewall device while still providing the necessary IPTV, etc functionality.