Question about routing
Question about routing
You recently reviewed your initial message again. If you're aiming for separate networks at home, consider using VLANs. Assign your website to one VLAN and the rest to another. Maybe @mynameisjuan can provide feedback on that idea. I plan to treat this website as having minimal traffic, since it's the only way the ISP wouldn't suspect a web server running from your home. Most residential ISPs prohibit this approach.
Attempting to coordinate information is causing confusion. 1. For a simple route from PFsense to USG, assign a fixed subnet on the PFsense interface pointing to the USG and repeat on the USG WAN interface. Routing will happen through connected interfaces, which is standard. This may cause double NAT problems, but if PFsense fails, internal settings remain intact. 2. It’s better to connect directly to either PFsense or USG. I prefer PFsense since I dislike Ubiquiti, but your choice is yours. Behind the USG there are switches with internal DHCP. The real issue stems from DDoS attacks overwhelming firewalls that can’t manage the traffic, so routers with L3/4 filtering are more resilient in professional environments—this mainly matters at scale, not for home setups.
Agreed on that point. Simply link the web server to PF Sense, configure the subnet, set up zones, block traffic between web and internal zones, and it’s sufficient. This should be considered.
I anticipate minimal traffic. My main objectives are to eventually switch from web hosting to internal hosting for the site, which would allow things like running a Minecraft server, a personal web server, and some family tasks. I also want to mention that I’m currently using openVPN on the pfSense. My aim is to adopt a "Defense in Depth" approach. I’m considering removing pfSense from the equation because it’s been costly, and instead installing openVPN on the web server (I found some guides but was unsure about changing). It would be enjoyable to experiment, but the project feels increasingly complex.