The pfSense Store

Author Topic: pfSense --> Web Server  (Read 10826 times)

0 Members and 1 Guest are viewing this topic.

Offline flyride

  • Newbie
  • *
  • Posts: 5
    • View Profile
pfSense --> Web Server
« on: July 30, 2009, 10:32:04 pm »
Can anyone point me in the right direction for configuring a pfSense box ALIX.2D3 ( http://www.pcengines.ch/alix2d3.htm ) to act as a router/firewall for a LAMP server?

Basic info:
ONT (Optical Network Termination) with Fiber line split into 2 VLAN's on separate data ports:
    -PORT 1 / VLAN 1 into WAN on pfSense box #1 (Home network) - this will have a dynamic IP from ISP
    -PORT 2 / VLAN 2 into WAN on pfSense box #2 (CentOS web server running 15 websites) - this will have 2 static IP's from ISP for DNS for the server
           -LAN on pfSense box #1 out to 24 port switch (home network drops & wireless access point)
           -LAN on pfSense box #2 out to 8 port switch  (web server has dual nics plugged in here)
                    -OPT1 on both pfSense boxes will be unused at ths point, may configure a guest wifi network at some point

I think I have a pretty good handle on setting up the #1 box for my home network. Seems to work fine using default settings. Box #2 for the web server I have no idea where to start.  Maybe pfSense isn't even a good idea for this?  One of my big concerns was keeping my home network and web server separate, but I am hoping the VLAN's in the ONT have pretty much acheived that, combined with the pfSense boxes...?

Any opinions / suggestions would be greatly appreciated!

Offline Evgeny

  • Hero Member
  • *****
  • Posts: 1808
    • View Profile
Re: pfSense --> Web Server
« Reply #1 on: August 01, 2009, 11:19:57 pm »
pfSense is good idea for this.
what is your question?

Offline flyride

  • Newbie
  • *
  • Posts: 5
    • View Profile
Re: pfSense --> Web Server
« Reply #2 on: August 02, 2009, 07:16:33 am »
Is there any specific changes to the default configuration I should be making (for security, or other reasons), aside from creating firewall rules to allow HTTP / FTP traffic?

Offline Evgeny

  • Hero Member
  • *****
  • Posts: 1808
    • View Profile
Re: pfSense --> Web Server
« Reply #3 on: August 02, 2009, 12:50:48 pm »
You will need to create port-forwarding NAT to your web-server.
And you decide what to allow users connected to LAN.

Offline flyride

  • Newbie
  • *
  • Posts: 5
    • View Profile
Re: pfSense --> Web Server
« Reply #4 on: October 15, 2009, 10:11:31 pm »

What about using DirectAdmin for a cpanel?  (Basically server IP must be external IP for licensing, meaning NAT/LAN can't be used): http://help.directadmin.com/item.php?id=241

Is there a way around this?

Offline dotdash

  • Hero Member
  • *****
  • Posts: 1282
    • View Profile
Re: pfSense --> Web Server
« Reply #5 on: October 16, 2009, 11:37:36 am »
To just address the last question, if you need the server to have a static IP, you could create a DMZ bridged to WAN. Another solution is to make the firewall transparent. Search around, there is a lot of information on these options.

Offline flyride

  • Newbie
  • *
  • Posts: 5
    • View Profile
Re: pfSense --> Web Server
« Reply #6 on: October 16, 2009, 01:28:38 pm »
Thanks for the reply.  I will investigate.

Offline flyride

  • Newbie
  • *
  • Posts: 5
    • View Profile
Re: pfSense --> Web Server
« Reply #7 on: October 16, 2009, 07:13:49 pm »
To just address the last question, if you need the server to have a static IP, you could create a DMZ bridged to WAN. Another solution is to make the firewall transparent. Search around, there is a lot of information on these options.

Followed this guide:
http://202.143.130.99/files/transparent_firewall.pdf

Worked like a charm!  Thanks for pointing me in the right direction :)