I'm a semi-newb on getting firewalls setup but I wonder if this is possible.
Currently we have the following
Internet Connection --> [PFSense*] --> Network (10.150.1.x)
* Ports 80/443 open and NATed to appropriate web servers, nothing else open.
What I want to do is
Internet Connection --> [PFSense*] --> DMZ Web (10.150.2.x) --> [PFSense**] --> Network (10.150.1.x)
* Ports 80/443 open and NATed to appropriate web servers, nothing else open.
** Ports 7070/1433 open both ways, windows file share open but can only be done from BEHIND the 2nd firewall.
I don't want to be able to hit anything but 7070/1433 on their appropriate servers (NAT?) The windows file shares that need to be pulled from the DMZ are on the same machine as the 7070 port.
How would I set the firewall rules up for this? Am I even making sense?
Currently we have the following
Internet Connection --> [PFSense*] --> Network (10.150.1.x)
* Ports 80/443 open and NATed to appropriate web servers, nothing else open.
What I want to do is
Internet Connection --> [PFSense*] --> DMZ Web (10.150.2.x) --> [PFSense**] --> Network (10.150.1.x)
* Ports 80/443 open and NATed to appropriate web servers, nothing else open.
** Ports 7070/1433 open both ways, windows file share open but can only be done from BEHIND the 2nd firewall.
I don't want to be able to hit anything but 7070/1433 on their appropriate servers (NAT?) The windows file shares that need to be pulled from the DMZ are on the same machine as the 7070 port.
How would I set the firewall rules up for this? Am I even making sense?