I haven't played with VLANs in about ten years, but I think I need one. I have a VLAN capable switch.
My pfsense box has two eth ports, WAN and LAN. The kids are hounding me to set up a minecraft server they can invite their friends to play on, which is fine, because I can monitor it and make sure nothing inappropriate is going on, vs a public server.
Rather than open a port on the firewall to my main home network, I figured I can probably use a VLAN to set up a DMZ network on the LAN interface – is this correct thinking? Hang the minecraft server off a specific port on the switch, configure a VLAN on the switch and pfsense, and make a virtual DMZ that can be accessed internally from the LAN, and externally from the WAN, while protecting the other systems on the main LAN.
I am going down the right path here?
That should work reasonably well, although I would personally figure out what ports Minecraft needs and forward those as necessary from the DMZ VLan.
Then you'll just need rules to allow traffic to and from the main VLan as necessary for the games.
Good luck and let us know how it goes :)
Just curious if you got this working? I'm thinking about setting up something similar. Was looking at using a d-link DGS-1100-08 manged switch… anyone have experience with them?
Minecraft server only needs one inbound port forwarded. Defaults to tcp/25565 I think.