1
18.1 Legacy Series / Web Server Port Forwarding
« on: July 04, 2018, 05:30:31 am »
First post, please go easy on me.
I've found myself in a situation that I really don't like and really don't want to do, but for a long list of reasons that aren't worth getting into, I find myself (practically) forced to run a public web server from my home. I've always considered this an extremely bad idea from a security standpoint - having personal computers and public servers on the same network, even if they are on different subnets. It just bothers me.
Nevertheless, I really need to do this thing, and I need to make it as secure as possible. I have a box with 2 NICs that I've been using as a firewall/router on pretty much the default OPNSense 18.1.11 configuration for some time now. Everything on my home network is on a Class C subnet with 192.168.1.x addresses. My master plan is to add a 3rd NIC and create a Class A 10.x subnet for my web server, but I'm not there yet. Right now I just need to get the port forwarding figured out and get everything functional, and then I'll go buy the extra NIC and set up the subnet and try to secure it. I need to figure out what I'm doing and get this thing working first.
So I have a box that I've set up with CentOS 7 to act as the server, and right now it's sitting at 192.168.1.199 on my network. I've set up the server and opened the ports on it, and I can access the test Apache web page from within the LAN by going to http://192.168.1.199. All good there, I know the server works.
Then I followed this post https://forum.opnsense.org/index.php?topic=6155.0 to the letter. My domain is set to redirect to my public IP address, but it looks like the packets are getting dropped somehow. It's not being rejected, just timing out. I've looked at the logs, but I'm not seeing anything that jumps out at me.
What's the best way to tell what's happening to those packets?
Also, if anyone has any bigger picture advice on how to do this, I'm open to advice.
I've found myself in a situation that I really don't like and really don't want to do, but for a long list of reasons that aren't worth getting into, I find myself (practically) forced to run a public web server from my home. I've always considered this an extremely bad idea from a security standpoint - having personal computers and public servers on the same network, even if they are on different subnets. It just bothers me.
Nevertheless, I really need to do this thing, and I need to make it as secure as possible. I have a box with 2 NICs that I've been using as a firewall/router on pretty much the default OPNSense 18.1.11 configuration for some time now. Everything on my home network is on a Class C subnet with 192.168.1.x addresses. My master plan is to add a 3rd NIC and create a Class A 10.x subnet for my web server, but I'm not there yet. Right now I just need to get the port forwarding figured out and get everything functional, and then I'll go buy the extra NIC and set up the subnet and try to secure it. I need to figure out what I'm doing and get this thing working first.
So I have a box that I've set up with CentOS 7 to act as the server, and right now it's sitting at 192.168.1.199 on my network. I've set up the server and opened the ports on it, and I can access the test Apache web page from within the LAN by going to http://192.168.1.199. All good there, I know the server works.
Then I followed this post https://forum.opnsense.org/index.php?topic=6155.0 to the letter. My domain is set to redirect to my public IP address, but it looks like the packets are getting dropped somehow. It's not being rejected, just timing out. I've looked at the logs, but I'm not seeing anything that jumps out at me.
What's the best way to tell what's happening to those packets?
Also, if anyone has any bigger picture advice on how to do this, I'm open to advice.