Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Advice Needed Regarding pfSense with DMZ interface and Public IPs

    Scheduled Pinned Locked Moved General pfSense Questions
    4 Posts 2 Posters 1.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K
      kiekar
      last edited by

      Hello,

      Through my ISP provider I have block of IPs which I want to use for my DMZ interface (web server, mail server, ftp server). I’m currently got version 2.1.5 pfSense installed where pfSense is setup as PPPOE using my username and password to get access to the internet through the LAN interface which is working and my ADSL modem router set in Bridge mode. The LAN interface is set at the default subnet 192.168.1.1.

      Is it preferable to have the ADSL modem set with the PPPOE credentials and have the WAN interface of pfSense setup using the static IP configuration option using the first Public IP as the gateway and next Public IP as the IP address or my current setup where the first public IP is set at the DMZ NIC; not sure if this will work.

      Was also reading about 1:1 NAT where the Public IPs are pointing to the private IPs on the machine
      216.xxx.xx.xx -> 172.16.0.2

      Are there any good tutorials regarding DMZ setup with Public IPs.

      Any help would be much appreciated.

      Karl

      1 Reply Last reply Reply Quote 0
      • KOMK
        KOM
        last edited by

        I can't answer your PPPoE questions, but I use a range of public IPs that I map to DMZ'd servers.  Use Firewall - Virtual IPs to have pfSense handle your public IP addresses.  Then create a port-forward for each service via Firewall - NAT - Port Forward that maps one of the Virtual IPs to an LAN IP address and port.  Create firewall rules so that anything in DMZ only has access to WAN, not LAN.  ALso add a rule so that DMZ doesn't have access to any pfSense admin interfaces, like blocking access to ports 80/443 on DMZ Address.

        1 Reply Last reply Reply Quote 0
        • K
          kiekar
          last edited by

          Use Firewall - Virtual IPs to have pfSense handle your public IP addresses.

          Yes I'm aware of the Virtual IPs I'm just not sure how to setup the Public IPs and Private IPs.

          Example if I have my web server NIC is set at 172.16.0.2 would the DMZ NIC on the pfSense box need to have it's IP set at the same subnet 172.16.0.1 as its gateway. I'm coming from windows server and ISA 2006 environment. I'm just having a hard time grasping pfSense.

          1 Reply Last reply Reply Quote 0
          • KOMK
            KOM
            last edited by

            pfSense is no different than any other router at the network level.  If your DMZ subnet is 172.16.0.0/24 then your other servers should also be in that same subnet.  Then you can use firewall rules to cordon off the DMZ from other network segments.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.