Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Sympathetic soul needed by noob for general network setup

    Scheduled Pinned Locked Moved General pfSense Questions
    2 Posts 2 Posters 2.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • ?
      Guest
      last edited by

      Hi all!

      Good thing there's not much to learn in this business.

      I know that if I am to avail myself of this marvelously inexpensive and almost-instantly replaceable router, there are going to be things to learn. But I don't even know which parts to learn, and which don't apply to me.

      I am setting up a very small application hosting business out of my home. I will have 5 static IP's, 1 or 2 web servers, a DB server, a file server for my home network, and several "trusted" and "untrusted" workstations around the house.

      I need help with basic setup. VLans? Bridged segments? Subnets? … what do I need? How best to "isolate" machines and still have the connections I need?

      I'm not a complete noob. I cut my teeth on a C64 and learned Ada on a HP9000 in school circa 1990. But I have spent my professional life in the windoze world because that's where all my clients live. I know how to use DHCP or how to hardwire everything, but I'm afraid my routing knowledge doesn't presently get much beyond that. (I'm a web developer)

      At the moment, by the way, I can see the pfSense box from my DB server, and the pfSense box can see the world, but I can't see the world from the DB server. All this is (temporarily) hanging off my home router. I have tried disabling the "Block private networks" option on the WAN interface. (do I need to reboot anything for that?)

      This is probably a discussion which is better taken to email. The specifics of my situation and the beginner level of the problem may not belong here.

      Any takers?

      Thanks,
      Mike

      1 Reply Last reply Reply Quote 0
      • H
        hoba
        last edited by

        You probably should start with deciding how many zones you need. A typical setup to start with would be 3 nics in your pfSense (WAN,LAN,DMZ). Depending on usage a 4th nic for "home use" might make sense that is only able to connect to the internet but to none of the other subnets. Put the servers that should be available from the internet to the DMZ. The other trusted machines go to you LAN subnet. Untrusted machines go to the "home use". You can setup DHCP individually for each internal subnet at services>dhcp.

        Now create the additional IPs you have at your WAN connection using firewall>Virtual IPs. You can use them then for portforwards to your servers.

        Create firewallrules between the different subnets with appropriate rights at firewall>rules (like pass LAN-> DMZ; block DMZ -> LAN;…). Setting up aliases for ports/hosts can keep the amount of rules low and makes reading/changing firewallrules later easier.

        You also should enable nat reflection at system>advanced as it usually makes using a DMZ from other subnets easier.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.