Changes between Initial Version and Version 1 of Cnbp2019/Agenda/pfSenseServices

Mar 10, 2019, 4:03:59 PM (20 months ago)



  • Cnbp2019/Agenda/pfSenseServices

    v1 v1  
     1= Services =
     3== Auto Configuration backup ==
     5You can configure automatic configuration backups.
     6To enable go to Services > Auto Configuration Backup and enable ACB, you need to specify an encryption password as well.
     7To restore you can select any revision of the stored backups and select restore button.
     8When a configuration is saved, it is identified by a value called Device key which is derived from the SSH public key of the firewall. If you are restoring the configuration of another firewall, paste the Device key from that firewall into the Device ID field and click "Submit".
     10== DHCP Server ==
     12For LAN interfaces DHCP server option will be available. Therefore, for each interface you may enable DHCP server.
     13You can specify IP address range and new address pools.
     14Also WINS servers, DNS servers, Default gateway and even BootP.
     15pfSense DHCP server also gives ability in binding MAC addresses with static DHCP mappings.
     17== DHCPv6 Server & RA ==
     19You need to enable dhcpv6 on LAN interfaces.
     20Specify Range as 2401:dd00:20XY:1::1000 to 2401:dd00:20XY:1::2000 , Dns Server 2401:dd00:20XY:1::ffff and save.
     21IPv6 highly depends on router advertisements.
     22To enable router advertisements go to Services > DHCPv6 Server & RA > LAN > Router Advertisements
     23    • Router Mode: Router-Only
     24    • Router Priority: Normal
     25    • Subnets: 2401:dd00:20XY:1:: /64
     26    • DNS Configuration: Settings: Tick "Use same settings as DHCPv6 Server" and Save
     28== DNS Resolver ==
     30Many network admins block DNS traffic from clients to internet to safeguard the network from attackers. Therefore, you have to configure a local DNS resolver to do the resolving for your clients. In pfSense this can be accomplished by configuring its DNS Resolver.
     32Go to Services > DNS Resolver
     34General Settings
     35    • Enable
     36    • Network Interfaces: LAN
     37    • Outgoing Network Interfaces: WAN
     38    • DNSSEC: enabled
     40Also, if you have any local dns resolving, you can define them on Host Override part:
     42    • Host: mywebserver
     43    • Domain: myinstitute.lanka
     44    • IP address: 192.168.XY.1
     45    • Description: local domain for webserver
     46    • Save
     48Option Domain Overrides can be used to block or sink particular domain name
     50for example, if we use
     51    • Domain:
     52    • IP address 192.168.XY.1 (which is a dummy one)
     54Now you need your clients to use pfSense LAN interface IP's as its DNS server.
     55From your GUI vm, browse to ​http://mywebserver.myinstitute.lanka
     57== NTP ==
     59As DNS Resolver, another important service is NTP. If you don't have a separate NTP server in your network configure it on pfsense
     61Go to Services > NTP
     63Select LAN from Interface list and click Save.
     65This will enable NTP service to listen for queries from LAN and you can use this NTP service for any LAN device NTP configuration