DMZ nat settings



  • Hi all,

    Im new to the PFsense box. Im working with in sinds a few months for VPN connection with serveral networks. Thats the most experiance i have with the PFsense.

    Now im working on a project what i think is pretty simpel but i cant figure it out completely and i hoop i can get some help.
    The situation is as follow:

    I have an internet connection with 5 ip addresses given by my ISP. i set up the PFsense opn-20024-b behind my Modem.

    Modem 92.xx.xx.161
    pfsense wan: 92.xx.xx.165

    Behind the pfsense i have two servers with server 2008SBS standaard. 1 server is gonna be a reverse proxy with apache 2.0. The other server need to be an application server with Glassfish.

    The Reverse proxy server needs to be in a DMZ and the APPserver need to be in a different subnet.
    Eth0WAN 92.xx.xx.165
    eth1LAN 192.168.2.1
    ETH2DMZ 192.168.1.1

    APPserver 192.168.2.20 connected to eth1 lan
    Reversproxy 192.168.1.10 connected to eth2 DMZ
    both have DNS from ISP. So all is connected. Lan rule to allow al is on. So i have on both servers acces to internet.

    Now what my problem is:

    1- The Proxy server needs to only get request trew ports 80 and 443 in. and the Appserver only need to let data trew port 80 and 443 out to the internet.

    2 - The reverse proxy server need to be remote accessible by RDP

    3 - Both server need to communicate with each other (what ports?) The Appserver may not be accesable trew the internet, only the Proxy server.

    If been messing around with NAT forwarding and NAT Outbound. Is this the correct way and how can i test that the ports are open?

    I dont install the software. I only need to set up the network with correct firewall. Hope you guys can help!



  • As i read in the monowall handbook. PPTP server sounds like a good solution to remotely control the Reverse proxy server.

    This way you can use mstsc on a windows machine to connect to the 192.168.1.1 subnet.


Locked