Book Image

Mastering pfSense - Second Edition

By : David Zientara
Book Image

Mastering pfSense - Second Edition

By: David Zientara

Overview of this book

pfSense has the same reliability and stability as even the most popular commercial firewall offerings on the market – but, like the very best open-source software, it doesn’t limit you. You’re in control – you can exploit and customize pfSense around your security needs. Mastering pfSense - Second Edition, covers features that have long been part of pfSense such as captive portal, VLANs, traffic shaping, VPNs, load balancing, Common Address Redundancy Protocol (CARP), multi-WAN, and routing. It also covers features that have been added with the release of 2.4, such as support for ZFS partitions and OpenVPN 2.4. This book takes into account the fact that, in order to support increased cryptographic loads, pfSense version 2.5 will require a CPU that supports AES-NI. The second edition of this book places more of an emphasis on the practical side of utilizing pfSense than the previous edition, and, as a result, more examples are provided which show in step-by-step fashion how to implement many features.

Related Content you might be interested in

Current Title:

Small book image
Mastering pfSense - Second Edition
David Zientara
May, 2018 | 450 pages
Small book image
Network Security with pfSense
Manuj Aggarwal
Jul, 2018 | 152 pages
Small book image
OPNsense Beginner to Professional
Julio Cesar Bueno de Camargo
Jun, 2022 | 464 pages
Small book image
CompTIA Network+ Certification Guide
Glen D Singh | Rishi Latchmepersad
Dec, 2018 | 422 pages
Table of Contents (15 chapters)
Preface
Preface
Who this book is for
What this book covers
To get the most out of this book
Get in touch
Free Chapter
1
Revisiting pfSense Basics
Revisiting pfSense Basics
Technical requirements
pfSense project overview
Possible deployment scenarios
Hardware requirements and sizing guidelines
Hardware sizing guidelines
The best practices for installation and configuration
pfSense configuration
Summary
Questions
Further reading
2
Advanced pfSense Configuration
Advanced pfSense Configuration
Technical requirements
SSH login
DHCP
DNS
DDNS
Captive portal
NTP
SNMP
Summary
Questions
3
VLANs
VLANs
Technical requirements
Basic VLAN concepts
VLAN configuration at the console
VLAN configuration in the web GUI
Configuration at the switch
Troubleshooting VLANs
Summary
Questions
4
Using pfSense as a Firewall
Using pfSense as a Firewall
Technical requirements
An example network
Firewall fundamentals
Firewall best practices
Creating and editing firewall rules
Scheduling
Aliases
Virtual IPs
Troubleshooting firewall rules
Summary
Questions
5
Network Address Translation
Network Address Translation
Technical requirements
NAT essentials
Outbound NAT
1:1 NAT
Port forwarding
Network Prefix Translation
Troubleshooting
Summary
Questions
6
Traffic Shaping
Traffic Shaping
Technical requirements
Traffic shaping essentials
Configuring traffic shaping in pfSense
Advanced traffic shaping configuration
Traffic shaping examples
Using Snort for traffic shaping
Troubleshooting traffic shaping
Summary
Questions
Further reading
7
Virtual Private Networks
Virtual Private Networks
Technical requirements
VPN fundamentals
Configuring a VPN tunnel
Troubleshooting
Summary
Questions
8
Redundancy and High Availability
Redundancy and High Availability
Technical requirements
Basic concepts
Server load balancing
CARP configuration
An example of both load balancing and CARP
Troubleshooting
Summary
Questions
Further reading
9
Multiple WANs
Multiple WANs
Technical requirements
Basic concepts
Multi-WAN configuration
Example – multi-WAN and CARP
Troubleshooting
Summary
Questions
10
Routing and Bridging
Routing and Bridging
Technical requirements
Basic concepts
Routing
Bridging
Troubleshooting
Summary
Questions
11
Extending pfSense with Packages
Extending pfSense with Packages
Technical requirements
Basic considerations
Installing packages
Important packages
Other packages
Summary
Questions
Further reading
12
Diagnostics and Troubleshooting
Diagnostics and Troubleshooting
Technical requirements
Troubleshooting basics
pfSense troubleshooting tools
Troubleshooting scenarios
Summary
Questions
13
Assessments
Assessments
Chapter 1 – Revisiting pfSense Basics
Chapter 2 – Advanced pfSense Configuration
Chapter 3 – VLANs
Chapter 4 – Using pfSense as a Firewall
Chapter 5 – Network Address Translation
Chapter 6 – Traffic Shaping
Chapter 7 – Virtual Private Networks
Chapter 8 – Redundancy and High Availability
Chapter 9 – Multiple WANs
Chapter 10 – Routing and Bridging
Chapter 11 – Extending pfSense with Packages
Chapter 12 – Diagnostics and Troubleshooting
14
Another Book You May Enjoy
Another Book You May Enjoy
Leave a review - let other readers know what you think

Network Prefix Translation

Network Prefix Translation (NPt) allows us to map an internal IPv6 prefix to an external IPv6 prefix. Normally, we try to avoid using NAT when we use IPv6, but there are some cases where being able to translate IPv6 prefixes is helpful:

  • It provides a means of implementing multihoming (connecting a host or network to multiple networks) on small networks. Another method is DHCPv6.
  • It potentially makes routing more efficient, as it makes addresses on edge networks independent of addresses on upstream networks, and the upstream networks can then work only with the contiguous ISP-allocated addresses, which will make route summarization easier (and our routing tables much smaller).

NPt functions similarly to 1:1 NAT for IPv4 addresses, only in this case, we are translating prefixes, not complete addresses. We can also use NPt to translate addresses between...

Previous Section
End of Section 7
Next Section