wiki:noc2018/agenda/PfsenseBasics

Version 1 (modified by admin, 6 years ago) ( diff )

--

Pfsense Initial Setup

The pfSense project is a free, open source tailored version of FreeBSD for use as a firewall and router with an easy-to-use web interface. There are two ways of installing pfSense.

  • Full installation
  • Embedded Installation

Here you are going to create a pfSense virtual machine using full installation method to install pfSense.

Setting up virtualbox

Downloading pfSense iso image

Creating PFSense VM

  • Start virtualbox and Click on New button (at top-right) to create new virtual machine
  • Enter name of the VM as: pfsense.'your domain'.ac.lk. You can get your domain from here

  • Select OS Type: BSD
  • Select Version: FreeBSD (64-bit)
  • Then click on Continue button
  • Set VM's memory size to 1GB and click on Continue button
  • Set VM's hard disk option to Create a virtual hard disk now and then click on Continue
  • Select disk type to VDI
  • Select storage type to Fixed size and Continue
  • Make sure virtual hard disk file name in following format

pfsense.'your domain'.ac.lk

  • adjust the disk size to 10.0GB and click on Create to create the VM

Setting up Network Interface

  • Select the VM from left panel on Virtual box, right click and open Settings
  • Click on the Network title
  • On Adapter 1 While Enable Network Adapter selected choose Attached to be Bride Adapter. This virtual interface will work as the WAN port of the firewall (Can be connect from out side).
  • On Adapter 2 While Enable Network Adapter selected choose Attached to be Internal Network. Default name is intent. keep it that way. This virtual interface will work as our LAN port (Can't connect from out side).

Setting up boot device and Booting

  • Click on Storage title and select CD ROM icon under the Controller:IDE Click on CD ROM icon under the Attribute on the left side to select
  • Choose Virtual Optical Disk File
  • Locate the PFSense CD image file you downloaded earlier
  • Right click on VM to make a Normal Start VM. You should now see a separate window with PFSense Installation screen

Pfsense Installation

Initial Installation

  • When the pfSense starts booting, a prompt is displayed with some options and a countdown timer. At this prompt, press 1 to get install pfsense by default. If we don’t choose any option it will start to boot option 1 by default.
  • Next, press I to install fresh copy of pfsense,
  • On the next screen, it will ask you to Configure Console, just press Accept these settings to move forward for installation process.
  • Choose Quick / Easy Install option to take make things easier. Once you are familiar with pfsense installation you can try Custom Install.
  • The install will proceed, wiping the target disk and installing pfSense. Copying files may take some time to finish.
  • After the files have been copied to the target disk, a choice is presented to select the Console Type. Standard Kernel defaults to the VGA console. Embedded Kernel defaults to serial console. Choose Standard Kernel
  • Now the Installation is finished So it will ask to reboot. Choose Reboot and remember to remove the disc from vm so it will not fall back to the installation (Some times your vm might hang when you remove your disk. If this happens Right click your vm ( pfsense.'your domain'.ws.learn.ac.lk) on virtualbox manager window. Go to the close attribute and click on power off. It will shut down your vm. After it shuts down Right click your vm (pfsense.'your domain'.ws.learn.ac.lk) on virtualbox manager window and Click start. It will start your vm again.

First Bootup

note : If you reboot your vm manually you will be prompted straight to the pfSense configuration user interface. But do not worry it will not effect on your firewall

After rebooting, you will get the a screen with available interfaces to configure the network.

  • The first option is presented as VLAN’s, simply here say No by pressing n and enter.
  • There are two interface’s em0 and em1, pfSense will ask which interface to use as WAN and which interface to use as LAN. Press a and enter to auto configure the interfaces. please note that in this case pfSense is intelligent to assign correct virtual interfaces as WAN and LAN ports, Because only one interface can be connect from out side. Even if the interfaces are wrong you can assign them correctly later.
  • It will ask for the confirmation and you can proceed with Y and press enter to continue to the

pfSense Console Configuration

pfSense console configuration interface has the basic configuration options in pfSense. You can select these options by typing there index number and pressing enter.

Assign WAN & LAN Interfaces

  • Note that WAN and LAN Interfaces are assigned by PFSense itself. To change that press 1 and enter
  • The first step is presented as VLAN’s, simply here say No by pressing n and enter.
  • To select em0 as WAN interface type em0 and press enter
  • To select em1 as LAN interface type em1 and press enter
  • We do not need optional interfaces so press enter at the next step
  • Do you want to proceed? press y to say yes and enter

Assign WAN IP addresses

  • To change the interface IP address press 2 and enter
  • WAN IP is set by DHCP by default. To change the WAN interface IP Address press 1 and enter.
  • We are going to have a static IP for WAN Interface. So press n and enter to avoid pfSense to configure the interface IP by DHCP.
  • Enter the WAN IP address assign to you and enter. Give subnet mask and gateway in the next steps. You can find your IP allocation from the IP table
  • We are going to have an IPv6 address by DHCP. Press y and enter to let pfSense get an IPv6 address
  • Press n and enter to disable http on WAN interface
  • You will be prompted back to main interface.

Assign LAN IP addresses

  • To change the interface IP address press 2 and enter
  • To change the WAN interface IP Address press 2 and enter.
  • Enter the LAN Ip address as 10.1.1.254. Enter subnet mas as 24. We are going to have this IP address as our LAN's gateway IP. Do not give any parameters to gateway on LAN. Just press enter.
  • We are not going to have an IPv6 address for LAN. So just Press enter.
  • To enable DHCP server on LAN press y and press enter
  • For this workshop our LAN DHCP range is 10.1.1.10 to 10.1.1.50. Give start and end IP addresses in next steps.
  • Press n and enter to disable http on WAN interface
  • You will be promted back to main interface.

You have now set up both WAN and LAN IP addresses.

Reset WEB Configurator password

This step is optional as This step will reveal you the default user name and password for the webconfigurator. Press 3 and enter.

Above the line 'Do you want to proceed' you will see the default username and password on the web access. Note down the default password and Press n

Note: See TracWiki for help on using the wiki.