MOCs
- Overview
- Tips and Tricks
- Installation and Initial Setup
- Web Interface Basics
- Configuring Interfaces
- Setting Up DHCP
- Configuring NAT
- Firewall Rules
- VPN Setup
- Package Management
- Traffic Shaping
- Monitoring and Logs
- Backup and Restore
Overview
pfSense is a free, open source firewall and router platform that is highly configurable and feature-rich. It is based on FreeBSD and can be installed on both physical computers and virtual machines to make a dedicated firewall/router for a network.
Documentation
Tips and Tricks
- Aliases: Use Firewall > Aliases to simplify rule management by grouping hosts, networks, or ports.
- Schedules: Define schedules under Firewall > Schedules to automatically enable or disable rules based on time.
- System Tunables: Under System > Advanced > System Tunables, various kernel and networking parameters can be tweaked for optimization or specific requirements.
Installation and Initial Setup
- Download: Obtain the installation media from pfSense’s official website.
- Installation: Boot from the installation media and follow the on-screen prompts. Default settings are suitable for most situations.
- Accessing Web Interface: After installation, access the pfSense web interface by navigating to the IP address assigned during setup using a web browser.
Web Interface Basics
- Dashboard: Provides a quick overview of system status, interfaces, and services.
- System: Where general system settings are configured, including updates, user management, and backups.
- Interfaces: For configuring LAN, WAN, and optional interfaces.
Configuring Interfaces
- Navigate to Interfaces > Assignments to configure network interfaces.
- Each interface can be configured with specific IP addresses, DHCP settings, and other options.
Setting Up DHCP
- DHCP Server: Configure via Services > DHCP Server. Allows setting the range of IP addresses to be handed out to clients, along with other network information.
- DHCP Relay: Found under Services > DHCP Relay, used to forward DHCP requests across different networks.
Configuring NAT
- Port Forwarding: Allows external hosts to access services on the internal network. Configure under Firewall > NAT > Port Forward.
- Outbound NAT: Controls how outbound traffic is translated. Configured in Firewall > NAT > Outbound.
Firewall Rules
- Managing Rules: Navigate to Firewall > Rules. Here you can add, modify, or delete rules that control traffic flow through the pfSense system.
- Order of Rules: The order of firewall rules matters; rules are processed top to bottom.
VPN Setup
- OpenVPN and IPsec: pfSense supports multiple VPN technologies including OpenVPN and IPsec. Configure these under VPN > OpenVPN or VPN > IPsec.
- Setting Up VPNs: Involves creating server and client configurations, setting up authentication, and configuring firewall rules to allow VPN traffic.
Package Management
- Installing Packages: Navigate to System > Package Manager. Here, you can install, remove, and manage additional packages that extend pfSense’s functionality.
Traffic Shaping
- Traffic Shaper: Found under Firewall > Traffic Shaper. Allows for the creation of rules to control bandwidth and prioritize traffic.
Monitoring and Logs
- System Logs: Accessible via Status > System Logs. Provides logs for system events, firewall actions, and other services.
- Real-Time Monitoring: Tools like Status > Traffic Graph offer real-time monitoring of system and network performance.
Backup and Restore
- Backup: Configuration can be backed up under Diagnostics > Backup & Restore. It’s crucial to regularly backup your configuration.
- Restore: Use the same page to restore a previously saved configuration.