1
21.7 Legacy Series / [SOLVED] Valid setup for several virtual machines with a web server in a DMZ
« on: April 17, 2022, 05:39:04 pm »
Hello community,
I am using OPNsense 21.7.7 on a pcengines apu2d4.
I have an ESXi Server in the DMz with several virtual machines. On these virtual machines I run apache web server.
Each virtual machine has a private IPv4 and a public IPv6 address.
I have the following configuration to access these web servers.
- All virtual machines are in an alias WEB
NAT - WAN
- I have one Port forward for http / tcp / IPv6 port 80 / Redirect target IP: WEB
- I have one Port forward for http / tcp / IPv6 port 443 / Redirect target IP: WEB
RULES - WAN
- I have one rule for http / tcp / IPv6 port 80 / Destination: WEB
- I have one rule for http / tcp / IPv6 port 443 / Destination: WEB
I started with one web server and everything is fine.
When the 2nd web server comes in I observse some strange things with using certbot to get an ssl certificate. From the outside it seems that sometimes the 1st web server is answering.
On the DNS for my domain (at my domain provider) I have a default entry which has the 1st virtual machine as target.
Is this the correct setup for this usage?
If this is not the correct setup how can I configure my firewall to have several web servers on different systems with different IPs?
Best regards
--Christian
I am using OPNsense 21.7.7 on a pcengines apu2d4.
I have an ESXi Server in the DMz with several virtual machines. On these virtual machines I run apache web server.
Each virtual machine has a private IPv4 and a public IPv6 address.
I have the following configuration to access these web servers.
- All virtual machines are in an alias WEB
NAT - WAN
- I have one Port forward for http / tcp / IPv6 port 80 / Redirect target IP: WEB
- I have one Port forward for http / tcp / IPv6 port 443 / Redirect target IP: WEB
RULES - WAN
- I have one rule for http / tcp / IPv6 port 80 / Destination: WEB
- I have one rule for http / tcp / IPv6 port 443 / Destination: WEB
I started with one web server and everything is fine.
When the 2nd web server comes in I observse some strange things with using certbot to get an ssl certificate. From the outside it seems that sometimes the 1st web server is answering.
On the DNS for my domain (at my domain provider) I have a default entry which has the 1st virtual machine as target.
Is this the correct setup for this usage?
If this is not the correct setup how can I configure my firewall to have several web servers on different systems with different IPs?
Best regards
--Christian