Homelab versus Production environment

Hello all, longtime lurker and occasional poster here in the forums.

At home I have used pfSense for years. But I have no DC. So when it came time for my employer to upgrade it’s firewall, my boss purchased a 2100 max because of my recommendations. We have a Server 2016 that serves DHCP, DNS and the usual DC stuff. Yet in my home network, I allow pfSense to handle all of that.

Modem-> pfSense@ ->Server 2016@ → workstations.
So my questions are:
If I turn DHCP off on pfSense, how does the server get its IP address, or do I limit the scope of DHCP on pfSense.
We use pfBlockerNG currently so we can block ads and other NSFW stuff from the network. Can I forward the pfSense DNS to Server 2016?

The system currently works, however I know its wrong in the way I set it up.

Don’t you normally assign static IPs to AD controllers ? I would.

1 Like

I think it has an assigned IP.
I did not set the server up.

Always set the IP on a domain controller staticly. I believe the install program even gives you a warning, and the guide/documentation too.

Servers have always a static IP. You don’t want that your server is not reachable because of a IP change.

Check before you do something what IP the server haves.

All you are doing is shifting DNS on the endpoints to point to the DC’s IP’s and then you set your upstream DNS on the DC’s to point to firewall for DNS resolution. In this way you can use pfblockerng for all the endpoints if you wanted and all the DC functions will still work as intended. Just make sure to set your DC’s IP’s in you DHCP options.

You can also setup your DHCP on either your pfsense or DC’s. If you go down the DC route then there will need to be extra configuration on your switches with IP helper. Otherwise if you go the pfsense route then all you need is to configure your VLAN’s on your switch.

1 Like