My first question in this community. Sorry for the basic question, answers are in several posts but I need to put them all together.
I have bought a Google domain, and using cloudfare as the DNS Provider. I have created a A record in cloudfare that points to the IP address given by my ISP provider. So far so good.
What I'm expecting now is :
- All internet HTTPS connections to be sent to the firewall PFSense. PFSense has 2 network cards : one for WAN (DHCP enable) and another one for LAN (static IP)
- PFSense to be the default DHCP server and no longer use the ISP DHCP functionality
- PFSense will reject all connections that are not coming from Cloudfare servers or are not HTTPS requests
- PFSense will forward the HTTPS requests to the reverse proxy Traefik
- Traefik finally will forward the request to the right service (sub-domain).
- Moreover, I'd like to set Pihole as the dynamic DNS in PFSense to benefit from its advertisment filtering functionnality.
Please note that all these machines are VMs managed by proxmox. All are fixed IP address
But now I want to make sure that the following steps are correct to build what I want:
1- Should I need to open 443 port (NAT) in the ISP router and forward it to PFSense IP address ? My ISP Router as a "DMZ" functionality that basically forward all request to the device(s) that are listed in this DMZ. So I guess that on top of NAT, I need to add PFSense to this DMZ ?
2- How set the redirection in PFSense of all 443 HTTPS requests to he Traefik reverse proxy ? What kind of rule to apply ? Do I need to open port 443 on PFSense server also on WAN and LAN interfaces ? THis port is not clear in the docs or posts.
3- How the devices in my home network will discover the PFSense DHCP if I disable the DHCP server functionality in my ISP Router ?
Sorry if these questions are very basic, but this is quite difficult to put all information together when you are not a network guy. Thks