ISP access provider router which allows port 80 redirect on an apache web server which is online on the web.

Arnaud09

Hello.

The subject relates to putting the web server online and not the private network.

Here I configured my ISP access provider router which allows port 80 redirection on an apache web server which is online on the web.
In other words, I put two web servers and a DNS server online from my home by authorizing a redirection of my internet router from port 80.

All of them are working fine. This network is called 'web-service' and is accessible from a domain name over the net.

I have since acquired a pfsense router to protect precisely this 'service-web' network.

My question is whether I should protect my 'service-web' network with pfsense?
If so, should I put my 'service-web' machines on the WAN or the LAN?

Thanks a lot.

Arnaud09

@Arnaud09 said in ISP access provider router which allows port 80 redirect on an apache web server which is online on the web.:

should I put my 'service-web' machines on the WAN or the LAN?

I believe both are possible. Would it have a tutorial from this forum?

Thanks

bingo600

@Arnaud09

Will you still have the ISP router with portforwarding active ?
Or will the pfSense take over the Public ip address (and the router function)

Arnaud09

@bingo600 said in ISP access provider router which allows port 80 redirect on an apache web server which is online on the web.:

@Arnaud09

Will you still have the ISP router with portforwarding active ?
Or will the pfSense take over the Public ip address (and the router function)

I have the ISP router with portforwarding active.

Thank you for your reply

bingo600

@Arnaud09

Assumption:
You portforward those 3 services, each to their own isp inside lan ip ?

Then i would put the pfSense wan on your isp routers inside lan on (fixed) ip addr xxx ... Don't use DHCP , and remember to set default gw on the pfsense to your routers inside ip address.

And "portforward" the wanted ports on your isp router, to the routers inside lan on ip addr xxx (the pfSense wan ip).

Now matching (portforwarded) traffic will hit the pfSense Wan interface.

Then you need to do the same portforwarding once more on the pfSense , to portforward the interesting stuff on the WAN to the LAN.

Now you can control access to the pfSense LAN (that would be your service lan) , by putting access rules on your pfSense wan interface (preventing unwanted packages from entering the WAN .. And thereby access the Lan.

Be sure that your ISP router inside lan , and your pfSense inside lan does not have the same ip range or it will never work.

I might have given multiple VIP's a try .. Haven't used those yet.
But that might not be easy for a "Non experienced person"

If you are able to add routes to your ISP Router , things might become a lot easier.

/Bingo