Is it possible to create pfSense and use it as a firewall for all my servers?

#1

Scaleway’s provided security groups do not really work for me; so, I want to setup my own firewall.

I have used pfSense in the past and I really like it. Is it possible to setup pfSense using Scaleway servers? My biggest concern is that both dedicated and virtual instances only support one network interface while pfSense requires two interfaces. Let’s consider that I was able to setup pfSense. Will I be able to move my servers to be in the pfSense network?

1 Like
#2

For pfSense or any kind of specialized linux/unix it’s easier to use a provider (as IE: https://www.vultr.com) who let’s you push your ISO (CDROM).

However : To have a similar firewall of pfSense at scaleway,
I succeed to install nethserver by installing it over CentOS.

If you want to do something similar I propose you to search for :

  • nethserver on centos 7
  • zentyal on debian
    and others similar possibilities.
#3

Thank you for the response. As I understand pfSense is not possible at this time due to not having custom ISO. I would be fine with using Zentyal.

However, there is one thing that I still don’t know how to setup. Usually in any firewall, I have two network interfaces – one for WAN and one for LAN. And in a normal firewall setup, I usually have multiple public static IPs. This way, I can route all the traffic using NAT.

Is it possible to achieve the same effect with Scaleway servers?

Currently, I have two servers and now I am trying to build my infrastructure by having one firewall/VPN server and 3 app servers. If I take a dedicated server and put some kind of virtualization on it, I know it is easy as cake to build. But how do I handle the same situation using scaleway provided private IPs assuming that I have setup a virtual switch and connected my firewall’s LAN interface to that switch (I honestly don’t know if it is possible but going to research it)? How will I assign firewall local network IPs to the servers?

EDIT: I want to mainly know that if I set gateway, DHCP, and DNS to my Zentyal/other firewall solution server, will it work or does Scaleway have some kind of a routing table that adds the private IPs and stop the servers from working properly?

#4

Personally
I use one public IP with one physical card which I define WAN
and the LAN is more a virtual network like Docker or LXC, VM or KVM Machine

Don’t forget the IP you receive from scaleway is already inside a LAN where potentially my machine could communicate / attack you’re machine which for me look like a WAN Wild Area Network with unknown or non trustable devices