Book Image

pfSense 2.x Cookbook - Second Edition

By : David Zientara
Book Image

pfSense 2.x Cookbook - Second Edition

By: David Zientara

Overview of this book

pfSense is an open source distribution of the FreeBSD-based firewall that provides a platform for ?exible and powerful routing and firewalling. The versatility of pfSense presents us with a wide array of configuration options, which makes determining requirements a little more difficult and a lot more important compared to other offerings. pfSense 2.x Cookbook – Second Edition starts by providing you with an understanding of how to complete the basic steps needed to render a pfSense firewall operational. It starts by showing you how to set up different forms of NAT entries and firewall rules and use aliases and scheduling in firewall rules. Moving on, you will learn how to implement a captive portal set up in different ways (no authentication, user manager authentication, and RADIUS authentication), as well as NTP and SNMP configuration. You will then learn how to set up a VPN tunnel with pfSense. The book then focuses on setting up traffic shaping with pfSense, using either the built-in traffic shaping wizard, custom ?oating rules, or Snort. Toward the end, you will set up multiple WAN interfaces, load balancing and failover groups, and a CARP failover group. You will also learn how to bridge interfaces, add static routing entries, and use dynamic routing protocols via third-party packages.
Table of Contents (18 chapters)
Title Page
Copyright and Credits
About Packt
Contributors
Preface
Index

Creating an outbound NAT entry


This recipe will describe how to create an outbound NAT entry.

Outbound NAT is responsible for taking outbound traffic from internal networks and translating internal addresses and ports into external ones. For example, assume that a node with an internal address of 172.16.1.2 requests a web page from a remote site. 172.16.1.2 is an internal address; thus, if it is left as the source IP address in our packet, the web server will not know where to send the web page. In fact, our packet won’t even reach the web server, as a properly configured router will block packets with private addresses from reaching the public internet. Outbound NAT solves this problem by performing two tasks:

  • Outbound NAT will strip the private, internal address from the packet and replace it with the WAN IP address. Since the WAN IP address is a public IP address, the remote web server will know where to send the web page.
  • Outbound NAT has an option to keep the same source port (static)...