Skip to main content

Edge Networking with pfSense

The front door: NAT for the private subnet, HAProxy as a reverse proxy, and TLS termination with a wildcard certificate.

The front door

Everything that's reachable from the outside world passes through one VM: a pfSense firewall/rout...

NAT: how private VMs reach the world

The VMs live on a private range that isn't routable on the internet. They still need to fetch pac...

HAProxy: one door, many rooms

All the web services share a single public IP, so something has to look at each incoming request ...

TLS terminates here, once

There is exactly one place in the whole lab that deals with certificates: HAProxy on pfSense. It ...

A gotcha that cost an afternoon

A war story, because the lessons that stick are the ones that bit you. A backend's address was ch...
Back to top