Sign In Start Free Trial

Book Overview & Buying
Table Of Contents

pfSense 2.x Cookbook - Second Edition

By : David Zientara

5 (1)

pfSense 2.x Cookbook

5 (1)

By: David Zientara

Overview of this book

pfSense is an open source distribution of the FreeBSD-based firewall that provides a platform for ?exible and powerful routing and firewalling. The versatility of pfSense presents us with a wide array of configuration options, which makes determining requirements a little more difficult and a lot more important compared to other offerings. pfSense 2.x Cookbook – Second Edition starts by providing you with an understanding of how to complete the basic steps needed to render a pfSense firewall operational. It starts by showing you how to set up different forms of NAT entries and firewall rules and use aliases and scheduling in firewall rules. Moving on, you will learn how to implement a captive portal set up in different ways (no authentication, user manager authentication, and RADIUS authentication), as well as NTP and SNMP configuration. You will then learn how to set up a VPN tunnel with pfSense. The book then focuses on setting up traffic shaping with pfSense, using either the built-in traffic shaping wizard, custom ?oating rules, or Snort. Toward the end, you will set up multiple WAN interfaces, load balancing and failover groups, and a CARP failover group. You will also learn how to bridge interfaces, add static routing entries, and use dynamic routing protocols via third-party packages.

Preface

Preface

Who this book is for

What this book covers

To get the most out of this book

Sections

Get in touch

Free Chapter

Initial Configuration

Initial Configuration

Introduction

Applying basic settings to General Setup

Identifying and assigning interfaces

Configuring a WAN interface

Configuring a LAN interface

Configuring optional interfaces from the console

Enabling SSH access

Generating authorized RSA keys

Configuring SSH RSA key authentication

Accessing the SSH

Configuring VLANs

Assigning interfaces from the console

Configuring a WAN interface from the console

Configuring a LAN interface from the console

Configuring optional interfaces from the console

Configuring VLANs from the console

Essential Services

Essential Services

Introduction

Configuring the DHCP server

Configuring the DHCP6 server

Configuring static DHCP mappings

Configuring the DHCP relay

Specifying alternate DNS servers

Configuring the DNS resolver

Configuring a stand-alone DHCP/DNS server

Configuring dynamic DNS

Adding a wireless access point

Firewall and NAT

Firewall and NAT

Introduction

Creating and using aliases

Creating a firewall rule

Setting a firewall rule schedule

Creating a floating rule

Creating a NAT port forwarding entry

Creating an outbound NAT entry

Creating a 1:1 NAT entry

Creating an NPt entry

Enabling UPnP and NAT-PnP

Additional Services

Additional Services

Introduction

Creating a captive portal without authentication

Creating a captive portal with voucher authentication

Creating a captive portal with User Manager authentication

Creating a captive portal with RADIUS authentication

Configuring NTP

Configuring SNMP

Virtual Private Networking

Virtual Private Networking

Introduction

Configuring the IPsec OpenVPN server – peer-to-peer

Configuring the IPsec VPN service – client/server

Connecting to the IPsec VPN service

Configuring the OpenVPN service

Connecting to the OpenVPN service

Configuring the L2TP VPN service

Traffic Shaping

Traffic Shaping

Introduction

Configuring traffic shaping using the traffic-shaping wizard

Configuring traffic shaping using floating rules

Configuring traffic shaping using Snort

Redundancy, Load Balancing, and Failover

Redundancy, Load Balancing, and Failover

Introduction

Adding multiple WAN interfaces

Configuring server load balancing

Configuring a CARP failover group

Routing and Bridging

Routing and Bridging

Introduction

Bridging interfaces

Adding a static route

Configuring RIP using routed

Configuring BGP using FRR

Configuring OSPF using FRR

Services and Maintenance

Services and Maintenance

Introduction

Enabling Wake-on-LAN

Configuring PPPoE

Configuring external logging with a syslog server

Using ping

Using traceroute

Using netstat

Using pfTop

Using tcpdump

Using tcpflow

Backing Up and Restoring pfSense

Backing Up and Restoring pfSense

Introduction

Backing up pfSense

Restoring pfSense

Updating pfSense

Determining Hardware Requirements

Determining Hardware Requirements

Determining our deployment scenario

Determining our throughput requirements

Determining our interface requirements

Choosing a standard or embedded image

Choosing a form factor

Summary

Other Books You May Enjoy

Other Books You May Enjoy

Leave a review - let other readers know what you think

Configuring optional interfaces from the console

This recipe describes how to configure optional interfaces from the console menu.

Getting ready

In order to complete this recipe, at least one optional interface must have previously been assigned to one of the available network interfaces.

How to do it...

On the console menu, type 2 and press Enter.
pfSense will prompt you for the number of the interface you want to configure. Type the appropriate number and press Enter.
pfSense will prompt you for the new LAN IPv4 address. Enter the new address and press Enter.
pfSense will prompt you for the subnet bit count (the CIDR). Enter the bit count and press Enter.
pfSense will prompt you for the new LAN IPv4 upstream gateway address. You don’t need to specify an upstream gateway, so just press Enter.
pfSense will prompt you for the new LAN IPv6 address. If you want to specify an IPv6 address, type it here; otherwise, just press Enter.
If you entered an IPv6 address, pfSense will prompt you for the subnet bit count (CIDR). Enter the bit count and press Enter.
If you entered an IPv6 address, pfSense will prompt you for the new LAN IPv6 upstream gateway address. You don’t need to specify an upstream gateway, so just press Enter.
pfSense will ask whether you want to enable the DHCP server on LAN. If you enter y, you will then be prompted for the start and end addresses of the IPv4 client address range. You can enter y and type the start and end addresses, or just enter n and set up DHCP later on (recommended).

If you entered an IPv6 address, pfSense will ask whether you want to enable the DHCP6 server on LAN. If you enter y, you will then be prompted for the start and end addresses of the IPv6 client address range. You can enter y and type the start and end addresses, or just enter n and set up DHCP6 later on (recommended).
pfSense will ask you if you want to revert to HTTP for the webConfigurator protocol. Unless you have a reason for not using HTTPS for the web GUI, type n and press Enter.
The configuration process is now complete. The settings will be saved and pfSense will reload them. Repeat the process for as many optional interfaces as you wish to configure.

How it works...

This recipe describes how to set up interfaces such as an interface for a DMZ.

See also

The Assigning interfaces from the console recipe
The Configuring a WAN interface from the console recipe
The Configuring a LAN interface from the console recipe
The Configuring VLANs from the console recipe
The Configuring optional interfaces recipe

CONTINUE READING

83

Tech Concepts

36

Programming languages

73

Tech Tools

Unlimited access to the largest independent learning library in tech of over 8,000 expert-authored tech books and videos.

Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.

50+ new titles added per month and exclusive early access to books as they are being written.

pfSense 2.x Cookbook

Search

Your notes and bookmarks