Best router for a small hosting?

[LAwLz]

19 hours ago, pandacraft said:

i do not have a network diagram yet

but on server1 i have the public ip 185.117.**.*** rn

but when i hang the server behind pfsense i cant use that ip anymore becouse then i dont get internet acces but i need that to work again

I strongly recommend you hire a networking consultant to look at your network.

I'm sorry to say it but it sounds like you have very little knowledge about networking in general, and to let such a person design and configure a network that is going to host other peoples' stuff, is a recipe for disaster.

 

But if you really want to design your hosting company with tips you get from anonymous people on an Internet forum then I guess I'll help.

 

 

You can either put your firewall in transparent mode (called bridging in pfsense), which I do not recommend, or you can keep pfsense in routed mode and migrate your servers to a proper internal network that then gets NAT:ed when reaching or being reached from the Internet.

Depending on how many public IP addresses you got, you might want to use port forwarding instead.

 

 

Something like this, as an example. It depends on what your network looks like and how your ISP handles your public IP range.

[pandacraft]

why it isnt possible to set the public ip  direct into the server instead of first using internale one and translating it to a public one?

[LAwLz]

2 hours ago, pandacraft said:

why it isnt possible to set the public ip  direct into the server instead of first using internale one and translating it to a public one?

Because your pfSense firewall is in routed mode.

You can not have multiple interfaces belonging to the same network in a router. It would mess up the routing table and the router would not be able to know which interface to forward traffic on.

It's one of the fundamental things about how networking works, and why I recommend you hire a consultant to design your network.

 

Also, having all your servers directly assigned to a public IP is a bad idea. What if you want to start running some internal servers? Then you'd have to eat up your external IPs.

It puts design limitations on you for no reason (other than being able to skip NAT I guess).

[pandacraft]

18 minutes ago, LAwLz said:

Also, having all your servers directly assigned to a public IP is a bad idea. What if you want to start running some internal servers? Then you'd have to eat up your external IPs.

thats why we wanted to add a router to have internal ips etc rn we have everything on a public ip