| Version 4 (modified by , 5 years ago) ( diff ) |
|---|
Pfsense Initial Setup
The pfSense project is a free, open source tailored version of FreeBSD for use as a firewall and router with an easy-to-use web interface. There are two ways of installing pfSense.
- Full installation
- Embedded Installation
Here you are going to create a pfSense virtual machine using full installation method to install pfSense.
Setting up virtualbox
Downloading pfSense iso image
Creating PFSense VM
- Start virtualbox and Click on New button (at top-right) to create new virtual machine
- Enter name of the VM as: pfsense.instXY.ac.lk. You can get your domain and IP details from here
- Select OS Type: BSD
- Select Version: FreeBSD (64-bit)
- Then click on Continue button
- Set VM's memory size to 1GB and click on Continue button
- Set VM's hard disk option to Create a virtual hard disk now and then click on Continue
- Select disk type to VDI
- Select storage type to Fixed size and Continue
- Make sure virtual hard disk file name in following format
pfsense.instXY.ac.lk
- adjust the disk size to 10.0GB and click on Create to create the VM
Setting up Network Interface
- Select the VM from left panel on Virtual box, right click and open Settings
- Click on the Network title
- On Adapter 1 While Enable Network Adapter selected choose Attached to be Bride Adapter. This virtual interface will work as the WAN port of the firewall (Can be connect from out side).
- On Adapter 2 While Enable Network Adapter selected choose Attached to be Internal Network. Default name is intnet. keep it that way. This virtual interface will work as our LAN port (Can't connect from out side).
Setting up boot device and Booting
- Click on Storage title and select CD ROM icon under the Controller:IDE Click on CD ROM icon under the Attribute on the left side to select
- Choose Virtual Optical Disk File
- Locate the PFSense CD image file you downloaded earlier
- Right click on VM to make a Normal Start VM. You should now see a separate window with PFSense Installation screen
Pfsense Installation
Initial Installation
- When the pfSense starts booting, a prompt is displayed with some options and a countdown timer. At this prompt, press 1 to get install pfsense by default. If we don’t choose any option it will start to boot option 1 by default.
- Next, press I to install fresh copy of pfsense,
- On the next screen, it will ask you to Configure Console, just press Accept these settings to move forward for installation process.
- Choose Quick / Easy Install option to take make things easier. Once you are familiar with pfsense installation you can try Custom Install.
- The install will proceed, wiping the target disk and installing pfSense. Copying files may take some time to finish.
- After the files have been copied to the target disk, a choice is presented to select the Console Type. Standard Kernel defaults to the VGA console. Embedded Kernel defaults to serial console. Choose Standard Kernel
- Now the Installation is finished So it will ask to reboot. Choose Reboot and remember to remove the disc from vm so it will not fall back to the installation (Some times your vm might hang when you remove your disk. If this happens Right click your vm ( pfsense.instXY.ac.lk) on virtualbox manager window. Go to the close attribute and click on power off. It will shut down your vm. After it shuts down Right click your vm (pfsense.instXY.ac.lk) on virtualbox manager window and Click start. It will start your vm again.
First Bootup
note : If you reboot your vm manually you will be prompted straight to the pfSense configuration user interface. But do not worry it will not effect on your firewall
After rebooting, you will get the a screen with available interfaces to configure the network.
- The first option is presented as VLAN’s, simply here say No by pressing n and enter.
- There are two interface’s em0 and em1, pfSense will ask which interface to use as WAN and which interface to use as LAN. Press a and enter to auto configure the interfaces. please note that in this case pfSense is intelligent to assign correct virtual interfaces as WAN and LAN ports, Because only one interface can be connect from out side. Even if the interfaces are wrong you can assign them correctly later.
- It will ask for the confirmation and you can proceed with Y and press enter to continue to the
pfSense Console Configuration
pfSense console configuration interface has the basic configuration options in pfSense. You can select these options by typing there index number and pressing enter.
Assign WAN & LAN Interfaces
- Note that WAN and LAN Interfaces are assigned by PFSense itself. To change that press 1 and enter
- The first step is presented as VLAN’s, simply here say No by pressing n and enter.
- To select em0 as WAN interface type em0 and press enter
- To select em1 as LAN interface type em1 and press enter
- We do not need optional interfaces so press enter at the next step
- Do you want to proceed? press y to say yes and enter
Assign WAN IP addresses
- To change the interface IP address press 2 and enter
- WAN IP is set by DHCP by default. To change the WAN interface IP Address press 1 and enter.
- We are going to have a static IP for WAN Interface. So press n and enter to avoid pfSense to configure the interface IP by DHCP.
- Enter the WAN IP address assign to you and enter. Give subnet mask and gateway in the next steps. You can find your IP allocation from the IP table
- We are going to have an IPv6 address by DHCP. Press y and enter to let pfSense get an IPv6 address
- Press n and enter to disable http on WAN interface
- You will be prompted back to main interface.
Assign LAN IP addresses
- To change the interface IP address press 2 and enter
- To change the WAN interface IP Address press 2 and enter.
- Enter the LAN Ip address as 10.XY.1.254. Enter subnet mask as 24. We are going to have this IP address as our LAN's gateway IP. Do not give any parameters to gateway on LAN. Just press enter.
- We are not going to have an IPv6 address for LAN. So just Press enter.
- To enable DHCP server on LAN press y and press enter
- For this workshop our LAN DHCP range is 10.XY.1.10 to 10.XY.1.50. Give start and end IP addresses in next steps.
- Press n and enter to disable http on WAN interface
- You will be promt back to main interface.
You have now set up both WAN and LAN IP addresses.
Reset WEB Configurator password
This step is optional as This step will reveal you the default user name and password for the webconfigurator. Press 3 and enter.
Above the line 'Do you want to proceed' you will see the default username and password on the web access. Note down the default password and Press n
WebUI and Basic Configurations
pfSense by default allows you to do the configuration through its web user interface. Initially, LAN segment hosts are allowed to login and therefore you need to have a device connected to its LAN. On our lab setup we will simulate the Local Area Network with two vm's GUI vm and a server vm.
Download the pre built GUI vm from here and the server vm from here.
Import them in to Oracle virtual box from File Import Appliance
While importing make sure to Tick Reinitialize the MAC address of all your network cards.
Our lab network will be,
LAN or WiFi of Your Host Machine - - > Bridge Port -- - >em0 -- pfsense
|
em1
|
Virtual Box 'intnet' - -> two other vm's
Please double check your vm network connections before powering on them. If all settings are satisfying, power on both Virtual Machines.
From your GUI vm browse to http://<pfSense-LAN-address>
Default admin / pass are admin / pfsense
The first visit to the WebGUI will be redirected to the setup wizard, which is also accessible at System > Setup Wizard. Proceed through the wizard as follows:
- Step 1: Next
- Step 2:
- Hostname pfsense.instXY.ac.lk
- Domain:
- Primary DNS Server: 192.248.1.161
- Secondary DNS Server: 192.248.1.161
- unset Overide DNS option
- Step 3:
- Time Server hostname: 192.248.1.161
- Timezone: Asia/Colombo
- Step 4: Next
- Step 5: Next
- Step 6: Change admin password to the class password given for the lab
- Step 7: Reload
- Finish
- Accept
After that you will be directed to the Dashboard.
Dashboard
The pfSense dashboard is the main page of the firewall, and it makes monitoring various aspects of the system easy. Returning to the dashboard can be accomplished by clicking the logo in the upper left, or by navigating to Status > Dashboard.
The Dashboard is composed of Widgets, each of which display information about a different area of the firewall including,
- Firewall Logs
- Gateways
- Interface Statistics
- RSS Feed
- Services Status
- System Information
- Thermal Sensors
- Traffic Graphs
- Wake on LAN
A widget can be added to the dashboard by clicking + at the top of the screen, then choosing the widget from the list. Once the widget appears, its placement may be changed by dragging its title bar to another location on the screen. The widget will snap into place in one of two columns, and can be reordered as desired.
Click Save Settings at the top of the screen after making any widget layout changes.
Some widgets will have their own settings, which may be accessed by pressing the wrench icon in their title bar. To save these settings use the Save button inside the widget, not the button at the top of the page.
General Setup
Some basic/common settings are available under System > General Setup. Some useful settings are,
- Hostname: The name by which this pfSense router is known. Should only include the portion before the first “.”.
- Domain: The domain name in which this pfSense is used. Together with the hostname, this will form the Fully Qualified Domain Name (FQDN) of the firewall.
- DNS Servers:
The gateway selection for DNS servers is primarily used for Using Multiple IPv4 WAN Connections.
- Time Zone:
- NTP Time Server:
- Language: The language to use for the GUI. Default is English
- Theme: Changes the look and feel of the pfSense GUI, but not the functionality
