Book Image

pfSense 2.x Cookbook - Second Edition

By : David Zientara
Book Image

pfSense 2.x Cookbook - Second Edition

By: David Zientara

Overview of this book

pfSense is an open source distribution of the FreeBSD-based firewall that provides a platform for ?exible and powerful routing and firewalling. The versatility of pfSense presents us with a wide array of configuration options, which makes determining requirements a little more difficult and a lot more important compared to other offerings. pfSense 2.x Cookbook – Second Edition starts by providing you with an understanding of how to complete the basic steps needed to render a pfSense firewall operational. It starts by showing you how to set up different forms of NAT entries and firewall rules and use aliases and scheduling in firewall rules. Moving on, you will learn how to implement a captive portal set up in different ways (no authentication, user manager authentication, and RADIUS authentication), as well as NTP and SNMP configuration. You will then learn how to set up a VPN tunnel with pfSense. The book then focuses on setting up traffic shaping with pfSense, using either the built-in traffic shaping wizard, custom ?oating rules, or Snort. Toward the end, you will set up multiple WAN interfaces, load balancing and failover groups, and a CARP failover group. You will also learn how to bridge interfaces, add static routing entries, and use dynamic routing protocols via third-party packages.

Related Content you might be interested in

Current Title:

Small book image
pfSense 2.x Cookbook - Second Edition
David Zientara
Dec, 2018 | 298 pages
Small book image
Network Security with pfSense
Manuj Aggarwal
Jul, 2018 | 152 pages
Small book image
OPNsense Beginner to Professional
Julio Cesar Bueno de Camargo
Jun, 2022 | 464 pages
Small book image
Mastering Palo Alto Networks
Tom Piens aka reaper
Jun, 2022 | 636 pages
Table of Contents (18 chapters)
Title Page
Title Page
Copyright and Credits
Copyright and Credits
About Packt
About Packt
Contributors
Contributors
Preface
Preface
Free Chapter
1
Initial Configuration
Initial Configuration
Introduction
Applying basic settings to General Setup
Identifying and assigning interfaces
Configuring a WAN interface
Configuring a LAN interface
Configuring optional interfaces from the console
Enabling SSH access
Generating authorized RSA keys
Configuring SSH RSA key authentication
Accessing the SSH
Configuring VLANs
Assigning interfaces from the console
Configuring a WAN interface from the console
Configuring a LAN interface from the console
Configuring optional interfaces from the console
Configuring VLANs from the console
2
Essential Services
Essential Services
Introduction
Configuring the DHCP server
Configuring the DHCP6 server
Configuring static DHCP mappings
Configuring the DHCP relay
Specifying alternate DNS servers
Configuring the DNS resolver
Configuring a stand-alone DHCP/DNS server
Configuring dynamic DNS
Adding a wireless access point
3
Firewall and NAT
Firewall and NAT
Introduction
Creating and using aliases
Creating a firewall rule
Setting a firewall rule schedule
Creating a floating rule
Creating a NAT port forwarding entry
Creating an outbound NAT entry
Creating a 1:1 NAT entry
Creating an NPt entry
Enabling UPnP and NAT-PnP
4
Additional Services
Additional Services
Introduction
Creating a captive portal without authentication
Creating a captive portal with voucher authentication
Creating a captive portal with User Manager authentication
Creating a captive portal with RADIUS authentication
Configuring NTP
Configuring SNMP
5
Virtual Private Networking
Virtual Private Networking
Introduction
Configuring the IPsec OpenVPN server – peer-to-peer
Configuring the IPsec VPN service – client/server
Connecting to the IPsec VPN service
Configuring the OpenVPN service
Connecting to the OpenVPN service
Configuring the L2TP VPN service
6
Traffic Shaping
Traffic Shaping
Introduction
Configuring traffic shaping using the traffic-shaping wizard
Configuring traffic shaping using floating rules
Configuring traffic shaping using Snort
7
Redundancy, Load Balancing, and Failover
Redundancy, Load Balancing, and Failover
Introduction
Adding multiple WAN interfaces
Configuring server load balancing
Configuring a CARP failover group
8
Routing and Bridging
Routing and Bridging
Introduction
Bridging interfaces
Adding a static route
Configuring RIP using routed
Configuring BGP using FRR
Configuring OSPF using FRR
9
Services and Maintenance
Services and Maintenance
Introduction
Enabling Wake-on-LAN
Configuring PPPoE
Configuring external logging with a syslog server
Using ping
Using traceroute
Using netstat
Using pfTop
Using tcpdump
Using tcpflow
Backing Up and Restoring pfSense
Backing Up and Restoring pfSense
Introduction
Backing up pfSense
Restoring pfSense
Updating pfSense
Determining Hardware Requirements
Determining Hardware Requirements
Determining our deployment scenario
Determining our throughput requirements
Determining our interface requirements
Choosing a standard or embedded image
Choosing a form factor
Summary
Other Books You May Enjoy
Other Books You May Enjoy
Leave a review - let other readers know what you think
Index
Index

Configuring VLANs from the console

This recipe describes how to add a VLAN from the console menu.

Getting ready

In order to complete this recipe,there must be at least one interface that was not previously assigned.

Note

Do not use the console if you don’t want to have to reassign all the interfaces (for example, WAN, LAN, and any optional interfaces), because the only way to create VLANs from the console is to use theAssign Interfacesoption.

How to do it...

  1. From the console menu, type1and pressEnter.
  2. pfSense will ask if VLANs should be created now. Typeyand pressEnter.
  3. pfSense will next warn you that if you proceed, all existing VLANs will be cleared. Typeyand pressEnter:
  1. pfSense will list all the VLAN-capable interfaces. Although, technically, you can make a previously-assigned interface into the parent interface of a VLAN, it is not recommended. Type the name of one of the unassigned interfaces (for example, eth0, eth1, em0, or em1) and pressEnter.
  2. pfSense will next prompt you for the VLAN tag. Type the VLAN tag and pressEnter.
  3. Repeat steps 4 and 5 for as many VLANs as you wish to create.When you are done, pressEnter.
  4. pfSense will prompt you for the name of the WAN interface; type in the name and pressEnter.
  5. pfSense will prompt you for the name of the LAN interface; type in the name and press Enter.
  6. pfSense will prompt you for the name of the Optional 1 interface. You can create a VLAN by using the name of the VLAN interface(s) assigned in steps 4 and 5. The name of the interface will have two numbers separated by a period. The first number will be the device number of the interface; the second number (after the period) will be the VLAN tag. Thus if the device name is em, and em2 is the parent interface of a VLAN tagof 3, the interface name will be em2.3. Type the interface name and pressEnter.
  7. When you are done assigning interfaces, pressEnter.
  8. pfSense will ask you whether you want to proceed. Type y and pressEnter. Take note of the name of the newly created VLAN (for example, OPT1).
  9. You now have assigned a VLAN, but the VLAN doesn’t have an IP address. To set the VLAN’s IP address, type2and press Enter.
  10. Find the newly created VLAN in the list of interfaces and type the appropriate number and pressEnter.
  11. pfSense will prompt you for the VLAN’s IPv4 address. Type in the address and pressEnter.
  12. pfSense will prompt you for the subnet bit count (CIDR) of the address. Type in the bit count and pressEnter.
  13. pfSense will prompt you for theIPv4upstream gateway address. Since you don't need one, pressEnter.
  14. PfSense will prompt you for the VLAN’s IPv6 address. You can type in an IPv6 address or just pressEnter.
  15. If you entered an IPv6 address, pfSense will prompt you for the subnet bit count (CIDR). Enter the bit count and pressEnter.If you didn’t enter an IPv6 address, skip to step 20.
  1. If you entered an IPv6 address,pfSense will prompt you for theIPv6upstream gateway address. Since you don't need one, pressEnter.
  2. pfSense will ask you whether you want to enable the DHCP server on the VLAN. Type y if you want to enable the DHCP server, and then type the range of available addresses. Otherwise, type n and pressEnter.
  3. If you entered an IPv6 address pfSense will ask you whether you want to enable the DHCP6 server on the VLAN. Type y if you want to enable the DHCP6 server, and then type the range of available addresses. Otherwise, typenand pressEnter.
  4. pfSense will ask you whether you want to revert to HTTP for the webConfigurator protocol. Unless you have a reason for not using HTTPS for the web GUI, typenand pressEnter.
  5. pfSense will save the changes, and reload them. VLAN configuration is now complete.

How it works...

This recipe describeshow to set up VLANs from the console. The process is somewhat cumbersome, but if you need to create a VLAN and don't have access to the web GUI, it can be done.

See also

  • TheConfiguring VLANsrecipe

Previous Section
End of Chapter 1
Next Chapter