Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying pfSense 2.x Cookbook
  • Table Of Contents Toc
pfSense 2.x Cookbook

pfSense 2.x Cookbook - Second Edition

By : David Zientara
5 (1)
Buy this Book
close
close
pfSense 2.x Cookbook

pfSense 2.x Cookbook

5 (1)
By: David Zientara
Buy this Book

Overview of this book

pfSense is an open source distribution of the FreeBSD-based firewall that provides a platform for ?exible and powerful routing and firewalling. The versatility of pfSense presents us with a wide array of configuration options, which makes determining requirements a little more difficult and a lot more important compared to other offerings. pfSense 2.x Cookbook – Second Edition starts by providing you with an understanding of how to complete the basic steps needed to render a pfSense firewall operational. It starts by showing you how to set up different forms of NAT entries and firewall rules and use aliases and scheduling in firewall rules. Moving on, you will learn how to implement a captive portal set up in different ways (no authentication, user manager authentication, and RADIUS authentication), as well as NTP and SNMP configuration. You will then learn how to set up a VPN tunnel with pfSense. The book then focuses on setting up traffic shaping with pfSense, using either the built-in traffic shaping wizard, custom ?oating rules, or Snort. Toward the end, you will set up multiple WAN interfaces, load balancing and failover groups, and a CARP failover group. You will also learn how to bridge interfaces, add static routing entries, and use dynamic routing protocols via third-party packages.
Table of Contents (13 chapters)
close
close
close
Preface
Icon
Preface
Icon
Who this book is for
Icon
What this book covers
Icon
To get the most out of this book
Icon
Sections
Icon
Get in touch
Lock Free Chapter
1
Initial Configuration
chevron up
Icon
Initial Configuration
Icon
Introduction
Icon
Applying basic settings to General Setup
Icon
Identifying and assigning interfaces
Icon
Configuring a WAN interface
Icon
Configuring a LAN interface
Icon
Configuring optional interfaces from the console
Icon
Enabling SSH access
Icon
Generating authorized RSA keys
Icon
Configuring SSH RSA key authentication
Icon
Accessing the SSH
Icon
Configuring VLANs
Icon
Assigning interfaces from the console
Icon
Configuring a WAN interface from the console
Icon
Configuring a LAN interface from the console
Icon
Configuring optional interfaces from the console
Icon
Configuring VLANs from the console
2
Essential Services
Icon
Essential Services
Icon
Introduction
Icon
Configuring the DHCP server
Icon
Configuring the DHCP6 server
Icon
Configuring static DHCP mappings
Icon
Configuring the DHCP relay
Icon
Specifying alternate DNS servers
Icon
Configuring the DNS resolver
Icon
Configuring a stand-alone DHCP/DNS server
Icon
Configuring dynamic DNS
Icon
Adding a wireless access point
3
Firewall and NAT
Icon
Firewall and NAT
Icon
Introduction
Icon
Creating and using aliases
Icon
Creating a firewall rule
Icon
Setting a firewall rule schedule
Icon
Creating a floating rule
Icon
Creating a NAT port forwarding entry
Icon
Creating an outbound NAT entry
Icon
Creating a 1:1 NAT entry
Icon
Creating an NPt entry
Icon
Enabling UPnP and NAT-PnP
4
Additional Services
Icon
Additional Services
Icon
Introduction
Icon
Creating a captive portal without authentication
Icon
Creating a captive portal with voucher authentication
Icon
Creating a captive portal with User Manager authentication
Icon
Creating a captive portal with RADIUS authentication
Icon
Configuring NTP
Icon
Configuring SNMP
5
Virtual Private Networking
Icon
Virtual Private Networking
Icon
Introduction
Icon
Configuring the IPsec OpenVPN server – peer-to-peer
Icon
Configuring the IPsec VPN service – client/server
Icon
Connecting to the IPsec VPN service
Icon
Configuring the OpenVPN service
Icon
Connecting to the OpenVPN service
Icon
Configuring the L2TP VPN service
6
Traffic Shaping
Icon
Traffic Shaping
Icon
Introduction
Icon
Configuring traffic shaping using the traffic-shaping wizard
Icon
Configuring traffic shaping using floating rules
Icon
Configuring traffic shaping using Snort
7
Redundancy, Load Balancing, and Failover
Icon
Redundancy, Load Balancing, and Failover
Icon
Introduction
Icon
Adding multiple WAN interfaces
Icon
Configuring server load balancing
Icon
Configuring a CARP failover group
8
Routing and Bridging
Icon
Routing and Bridging
Icon
Introduction
Icon
Bridging interfaces
Icon
Adding a static route
Icon
Configuring RIP using routed
Icon
Configuring BGP using FRR
Icon
Configuring OSPF using FRR
9
Services and Maintenance
Icon
Services and Maintenance
Icon
Introduction
Icon
Enabling Wake-on-LAN
Icon
Configuring PPPoE
Icon
Configuring external logging with a syslog server
Icon
Using ping
Icon
Using traceroute
Icon
Using netstat
Icon
Using pfTop
Icon
Using tcpdump
Icon
Using tcpflow
10
Backing Up and Restoring pfSense
Icon
Backing Up and Restoring pfSense
Icon
Introduction
Icon
Backing up pfSense
Icon
Restoring pfSense
Icon
Updating pfSense
11
Determining Hardware Requirements
Icon
Determining Hardware Requirements
Icon
Determining our deployment scenario
Icon
Determining our throughput requirements
Icon
Determining our interface requirements
Icon
Choosing a standard or embedded image
Icon
Choosing a form factor
Icon
Summary
12
Other Books You May Enjoy
Icon
Other Books You May Enjoy
Icon
Leave a review - let other readers know what you think

Configuring optional interfaces from the console

This recipe describes how to configure optional interfaces (for example, a DMZ network) to pfSense.

Getting ready

The optional network you will create in this network will be a DMZ, which is short for the DeMilitarized Zone. The idea of a DMZ is to have a network where some traffic is allowed to pass and some traffic is not. Typically, traffic in the DMZ is allowed to pass to and from the internet but not to other internal networks. Traffic is allowed to pass from internal networks to the DMZ. Thus, the flow of traffic looks like this:

Internet <<>> DMZ << Internal networks

Unsafe internet traffic, for example, is allowed to enter a web server in the DMZ. LAN traffic is allowed to enter the DMZ as well, for example, if someone on the LAN wants to access the web server as well. However, the key lies in the fact that no DMZ traffic is allowed to access the internal networks.

To configure a DMZ, you will need at least one spare interface, and you will have to have added it using the procedure outlined in the Identifying and assigning interfaces recipe. We will assume that you have added at least one such interface (named OPT1).

How to do it...

  1. Navigate to Interfaces | OPT1.
  2. Check the Enable Interface checkbox:
  1. Set Description to DMZ.
  2. Set IPv4 Configuration Type to Static IPv4.
  3. Enter an IPv4 Address and the CIDR. In our case, we will use 192.168.2.1 and select 24 from the CIDR dropdown list.
  4. Leave IPv4 Upstream gateway set to None.
  5. Leave the Block private networks and Block bogon networks checkboxes unchecked (they should be unchecked by default).
  6. When you are done making changes, click on the Save button. When the page reloads, click on the Apply Changes button.

How it works...

Your DMZ network will now allow external (WAN) access. Your LAN network will now be able to access the DMZ, but the DMZ will not be able to access the LAN.

There's more...

You can now attach a switch to your DMZ port to allow you to attach multiple nodes to your DMZ network. If you have been following the recipes in this chapter in order, your network will now look like this:

See also

  • The Identifying and assigning interfaces recipe
  • The Configuring a WAN interface recipe
  • The Configuring a LAN interface recipe
CONTINUE READING
83
Tech Concepts
36
Programming languages
73
Tech Tools
Icon Unlimited access to the largest independent learning library in tech of over 8,000 expert-authored tech books and videos.
Icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Icon 50+ new titles added per month and exclusive early access to books as they are being written.
pfSense 2.x Cookbook
End of Section 1
Next Section
notes
bookmark Notes and Bookmarks search Search in title playlist Add to playlist font-size Font size

Change the font size

margin-width Margin width

Change margin width

day-mode Day/Sepia/Night Modes

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Confirmation

Modal Close icon
claim successful
Order Page Read Now

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY

Submit Your Feedback

Modal Close icon
Modal Close icon
Modal Close icon