Book Image

pfSense 2.x Cookbook - Second Edition

By : David Zientara
Book Image

pfSense 2.x Cookbook - Second Edition

By: David Zientara

Overview of this book

pfSense is an open source distribution of the FreeBSD-based firewall that provides a platform for ?exible and powerful routing and firewalling. The versatility of pfSense presents us with a wide array of configuration options, which makes determining requirements a little more difficult and a lot more important compared to other offerings. pfSense 2.x Cookbook – Second Edition starts by providing you with an understanding of how to complete the basic steps needed to render a pfSense firewall operational. It starts by showing you how to set up different forms of NAT entries and firewall rules and use aliases and scheduling in firewall rules. Moving on, you will learn how to implement a captive portal set up in different ways (no authentication, user manager authentication, and RADIUS authentication), as well as NTP and SNMP configuration. You will then learn how to set up a VPN tunnel with pfSense. The book then focuses on setting up traffic shaping with pfSense, using either the built-in traffic shaping wizard, custom ?oating rules, or Snort. Toward the end, you will set up multiple WAN interfaces, load balancing and failover groups, and a CARP failover group. You will also learn how to bridge interfaces, add static routing entries, and use dynamic routing protocols via third-party packages.
Table of Contents (13 chapters)

What this book covers

Chapter 1, Initial Configuration, covers pfSense firewall configuration from the point of initial installation, and covers much of what most users will need to configure, such as setting up WAN, LAN, and optional interfaces; enabling SSH access and generating RSA keys; and adding VLANs.

Chapter 2, Essential Services, includes the services that crucial to virtually every pfSense deployment – namely, DHCP, DHCP6, DNS, and dynamic DNS. This chapter also covers how to configure pfSense for use as a wireless access point.

Chapter 3, Firewall and NAT, covers the basics of creating firewall rules (standard and floating), as well as how to leverage aliases and scheduling to impose rules on a flexible basis. Different forms of Network Address Translation (NAT) are covered, along with two specialized forms of NAT designed to make online gaming easier: UPnP and NAT-PnP.

Chapter 4, Additional Services, is a new chapter covering services that are less commonly enabled but still useful for many home and SOHO deployments. Captive portals are covered, including all forms of authentication currently supported by pfSense, including RADIUS authentication. The chapter also covers the Network Time Protocol (NTP) and the Simple Network Management Protocol (SNMP).

Chapter 5, Virtual Private Networking, shows how to set up pfSense to act as the endpoint of a VPN tunnel, both as a peer-to-peer entity with another firewall at the opposite end of the connection, and as a client-server entity with a mobile client at the other end. Recipes are provided covering the three protocols supported by the current version of pfSense: IPsec, OpenVPN, and L2TP.

Chapter 6, Traffic Shaping, is another new chapter. This chapter demonstrates how to leverage the capabilities of pfSense to achieve a certain Quality of Service (QoS), using both the traffic shaper wizard and floating rules for policy-based routing. Deep packet inspection, however, is not possible using the built-in traffic shaper. To make this possible, we need the third-party package known as Snort, and this chapter covers the installation and configuration of Snort.

Chapter 7, Redundancy, Load Balancing, and Failover, covers the essential ways in which pfSense provides for load balancing and failover. Namely, it covers multiple WAN setups (which enable us to aggregate bandwidth and/or provide failover capabilities when we have multiple internet connections), load balancing using pfSense's built-in server load balancing capabilities, and the Common Address Redundancy Protocol (CARP), which allows us to have a completely redundant firewall on standby.

Chapter 8, Routing and Bridging, covers cases that many pfSense deployments may rarely encounter, if ever. This chapter demonstrates how to bridge interfaces, how to add a static route, and the dynamic routing protocols of the Routing Information Protocol (RIP), Border Gateway Protocol (BGP), and Open Shortest Path First (OSPF).

Chapter 9, Services and Maintenance, covers a number of services and utilities, most of which are useful for diagnostics and troubleshooting. Wake-on LAN (WOL), Point-to-Point over Ethernet (PPPoE), and enabling Syslog are covered, as well as command-line utilities such as ping and traceroute.

Appendix A, Backing Up and Restoring pfSense, provides a brief guide to backing up pfSense, restoring pfSense from either the web GUI or SSH/command line interface, and the various options for updating pfSense.

Appendix B, Determining Hardware Requirements, is a brief primer showing how to choose the best pfSense configuration after you determine your firewall requirements. You will even learn how and where to deploy pfSense to fit your environment's security needs.