Pfsense: Difference between revisions

Introduction

Pfsense on Pear is designed to keep the virtual networks separate from the physical NIC. It is has an interface on each of the virtual networks and the WAN interface on the same network as the physical NIC. The install does not have any plugins.

Interfaces

There several LAN networks including Production, Infra, VPNnet and terminals for the virtual machines to use. There is also another LAN called mgt that is reserved for management.

Production

The production network is reserved for the main production VMs, mainly Webhosts and hosts that support them. Juniper has also been moved to production as it will be hosting jellyfin and n8n.

Infra

Infra or infrastructure is used for the LAN services such as the nameserver and the monitoring hosts.

VPNnet and Terminals

MGT

This management network is highly restricted and reserved purely to do management functions, particularly for the management of the web GUI of pfsense which means that it is not possible to manage Pfsense from any remote computer, all Pfsense management must be done from the console while logged on to Pear. Also any other management should be done from the mgt network. To make this possible the VM host Lemon has been created with firefox and passwordless ssh to most relevant hosts. Keepass has also been installed to keep track of all passwords used on Pear.