Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Question about how I should proceed with pfSense firewall.

    Scheduled Pinned Locked Moved General pfSense Questions
    6 Posts 2 Posters 785 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • O
      okarin001
      last edited by

      Hey, I have had some plans on upgrading my network with pfsense firewall and make one of my servers accessible from internet. Currently my network configuration is as follows:
      internet -> zyxel router (bridged) -> pfsense firewall (intel nuc) -> managed switch (zyxel gs1200-8)
      I have virtual machine host (debian with virtual box)
      virtual machines inside host:
      *debian-vpn (private use, paid vpn)
      *debian-nas (used for backups)
      *windows server 2019 (emby media server)
      I have currently all inbound traffic blocked and network to host comes via single ethernet cable, all virtual machine adapters are bridged.

      I would like to open ports 80,443 for emby media server, I was planning DMZ.

      How would I proceed with this? Also I have attached USB drive to the host and pass it trough to emby server, will this be a problem with DMZ? (as I would like to leave host to LAN and emby to DMZ, I was thinking if there would be any security related issues)

      I hope I explained the situation clearly. Thanks for answers.

      1 Reply Last reply Reply Quote 0
      • stephenw10S
        stephenw10 Netgate Administrator
        last edited by

        A DMZ is always a good idea for anything that is open to the internet. That should be possible with what you have. Just create a VLAN for it in pfSense, add that VLAN in the switch so it's trunked to the VM hypervisor. Pass that through VBox to a new virtual network and put whatever VMs you want on that.

        Steve

        O 1 Reply Last reply Reply Quote 1
        • O
          okarin001 @stephenw10
          last edited by

          @stephenw10 Thanks for the reply! I was thinking how I am currently using file transfers between the server and other PCs.

          So as an example I have run these inside Server:

          *pscp to download files to server

          *robocopy to backup files to NAS

          I have not yet made DMZ or opened ports to firewall, I was just wondering how should I proceed.

          1 Reply Last reply Reply Quote 0
          • stephenw10S
            stephenw10 Netgate Administrator
            last edited by

            I would expect both of those work fine between VLANs (subnets).

            Try creating a DMZ and put a new VM in it as a test.

            Steve

            O 1 Reply Last reply Reply Quote 1
            • O
              okarin001 @stephenw10
              last edited by

              @stephenw10 Thanks, I am still learning networking and I was wondering how I should configure this. Forgive me.

              VLAN 1 is default and DMZ is VLAN 10. My plan is use :

              Port 1: Uplink from firewall
              Port 2 to 7 LAN devices
              Port 8: Hypervisor with couple VMs LAN and that one DMZ machine.

              I put picure here from Switch WebGUI.

              Screenshot_1.png

              1 Reply Last reply Reply Quote 0
              • stephenw10S
                stephenw10 Netgate Administrator
                last edited by

                VLAN10 only needs to have ports 1 and 8 as members if you don't need to have DMZ hosts anywhere except as VMs. Otherwise that will work for the switch config.
                The VBox config is probably going to be more complex. I'm not sure I've ever tried it, I moved away from VBox a while back.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.