PfSense –> Web Server



  • Can anyone point me in the right direction for configuring a pfSense box ALIX.2D3 ( http://www.pcengines.ch/alix2d3.htm ) to act as a router/firewall for a LAMP server?

    Basic info:
    ONT (Optical Network Termination) with Fiber line split into 2 VLAN's on separate data ports:
        -PORT 1 / VLAN 1 into WAN on pfSense box #1 (Home network) - this will have a dynamic IP from ISP
        -PORT 2 / VLAN 2 into WAN on pfSense box #2 (CentOS web server running 15 websites) - this will have 2 static IP's from ISP for DNS for the server
              -LAN on pfSense box #1 out to 24 port switch (home network drops & wireless access point)
              -LAN on pfSense box #2 out to 8 port switch  (web server has dual nics plugged in here)
                        -OPT1 on both pfSense boxes will be unused at ths point, may configure a guest wifi network at some point

    I think I have a pretty good handle on setting up the #1 box for my home network. Seems to work fine using default settings. Box #2 for the web server I have no idea where to start.  Maybe pfSense isn't even a good idea for this?  One of my big concerns was keeping my home network and web server separate, but I am hoping the VLAN's in the ONT have pretty much acheived that, combined with the pfSense boxes…?

    Any opinions / suggestions would be greatly appreciated!



  • pfSense is good idea for this.
    what is your question?



  • Is there any specific changes to the default configuration I should be making (for security, or other reasons), aside from creating firewall rules to allow HTTP / FTP traffic?



  • You will need to create port-forwarding NAT to your web-server.
    And you decide what to allow users connected to LAN.



  • What about using DirectAdmin for a cpanel?  (Basically server IP must be external IP for licensing, meaning NAT/LAN can't be used): http://help.directadmin.com/item.php?id=241

    Is there a way around this?



  • To just address the last question, if you need the server to have a static IP, you could create a DMZ bridged to WAN. Another solution is to make the firewall transparent. Search around, there is a lot of information on these options.



  • Thanks for the reply.  I will investigate.



  • @dotdash:

    To just address the last question, if you need the server to have a static IP, you could create a DMZ bridged to WAN. Another solution is to make the firewall transparent. Search around, there is a lot of information on these options.

    Followed this guide:
    http://202.143.130.99/files/transparent_firewall.pdf

    Worked like a charm!  Thanks for pointing me in the right direction :)


Log in to reply