pfSense Research - micahgrinnell/CC-Capstone-Project GitHub Wiki
PSA: This page's content and layout is temporary
About
pfSense is an open-source routing and firewall software based on FreeBSD. Conveniently, it is also free to download for anybody, all one needs is a USB drive with at least 1 GB. It is most commonly configured and customized using it's easily accessible web interface. A list of available services and features can be found here.
I have some experience in pfSense from courses I took during my second and third year at Champlain College. It is extremely easy to use and understand, and on top of this, there is extensive documentation available. Playing around with pfSense has proven to be exciting because it's so accessible to even the least experienced user.
This page will be a collection of everything related to pfSense and my project. The sections will go as follows:
- Startup & Configuration
- A preliminary guide on how to install the software onto the Protectli device
- Initial configuration and customization
- Implementation Testing
- Live notes and findings from my experimentation with the software in the test environment
- Configuration necessary for my personal environment and services
- Scripts, Ansible, and Other Documentation
- Collection of scripts and ansible playbooks I've written to assist with configuration
- Other config files or notes I think should be included
Again, this is an evolving page so everything seen here is subject to change.
Startup & Configuration
In this section will be rough notes of the actions I completed upon startup. These notes will eventually be turned into an easier to digest guide
Upon initial boot, pfSense was already installed so I decided to make it the first software for testing. In the future information for pfSense installation will be added. Below, I will list my first steps for the first configurations:
- Reset to factory defaults
- em0 was assigned a DHCP address of 10.0.0.34/24
- Change the root password
- Enter shell with option 8)
- Type:
passwd - Enter a new password
- Connected PC to Protectli LAN
- Navigate to 192.168.1.1 and log in with the default credentials
- User: admin
- Pass: pfsense
- Complete the installation wizard and use defaults except for:
- Change hostname to fw-pfSense
- Set DNS servers to Google DNS (8.8.8.8)
- Unchecked "Block RFC1918 Private Networks"
- Changed web admin password
- Reboot device
- Web GUI upon completion:
- Enable Secure Shell (sshd)
- Login to the device via SSH for better accessibility
- pfSense management menu accessed via SSH:
- Set WAN interface IP address
- Change address with option 2)
- Type
1for WAN - Type
nfor Configure IPv4 address WAN interface via DHCP - Enter the address (10.0.0.200)
- Enter the subnet mask (24)
- Since I am configuring the WAN interface I have to set an upstream gateway (10.0.0.1)
- Type
nfor Configure IPv6 address WAN interface via DHCPv6 - Enter no new IPv6 address
- Do not revert to HTTP
- Set NAT forwarding Rule
- Login to web GUI
- Firewall > NAT
- Hybrid Outbound Nat > Save
- Click add new mapping
- Interface: WAN
- Protocol: any
- Source: Network | 192.168.1.0/24
- Destination: any
- Address: Interface Address
- Click Static Port
- Description: "LAN to WAN NAT"
- Save
- Update system
- My version of pfSense was 2.3.3 and the current version is now at 2.4 so some updates were required
- Prior NAT rule is required to connect to necessary update repositories
- Back to web GUI
- System > Update > Update Settings
- Set version to 2.3.X (NOT developer)
- Save and reboot for good measure
- In pfSense menu select option 13)
- Proceed with upgrade
- Update again
- My system only updated to 2.3.5 the first time so I had to update again
- Set Branch version to 2.4.4
- Complete update and reboot
- Save and upload config.xml to Github