wiki:noc2018/agenda/PfsenseServices

Version 6 (modified by admin, 5 years ago) ( diff )

--

Services

Auto Configuration backup

You can configure automatic configuration backups.

To enable go to Services > Auto Configuration Backup and enable ACB, you need to specify an encryption password as well.

To restore you can select any revision of the stored backups and select restore button.

When a configuration is saved, it is identified by a value called Device key which is derived from the SSH public key of the firewall. If you are restoring the configuration of another firewall, paste the Device key from that firewall into the Device ID field and click "Submit".

DHCP Server

For LAN interfaces DHCP server option will be available. Therefore, for each interface you may enable DHCP server.

You can specify IP address range and new address pools.

Also WINS servers, DNS servers, Default gateway and even BootP.

pfSense DHCP server also gives ability in binding MAC addresses with static DHCP mappings.

DHCPv6 Server & RA

You need to enable dhcpv6 on LAN interfaces.

Specify Range as 2401:dd00:2009:WXYZ::1000 to 2401:dd00:2009:WXYZ::2000 , Dns Server 2401:dd00:2009:WXYZ::ffff and save.

IPv6 highly depends on router advertisements.

To enable router advertisements go to Services > DHCPv6 Server & RA > LAN > Router Advertisements

  • Router Mode: Router-Only
  • Router Priority: Normal
  • Subnets: 2401:dd00:2009:WXYZ:: /64
  • DNS Configuration: Settings: Tick "Use same settings as DHCPv6 Server" and Save

DNS Resolver

Many network admins block DNS traffic from clients to internet to safeguard the network from attackers. Therefore, you have to configure a local DNS resolver to do the resolving for your clients. In pfSense this can be accomplished by configuring its DNS Resolver.

Go to Services > DNS Resolver

General Settings

  • Enable
  • Network Interfaces: LAN
  • Outgoing Network Interfaces: WAN
  • DNSSEC: enabled

Also, if you have any local dns resolving, you can define them on Host Override part:

  • Host: mywebserver
  • Domain: myinstitute.lanka
  • IP address: 10.XY.1.1
  • Description: local domain for webserver
  • Save

Option Domain Overrides can be used to block or sink particular domain name

for example, if we use

  • Domain: facebook.com
  • IP address 192.168.1.1 (which is a dummy one)

Now you need your clients to use pfSense LAN interface IP's as its DNS server.

From your GUI vm, browse to http://mybrowser.myinstitute.lanka

NTP

As DNS Resolver, another important service is NTP. If you don't have a separate NTP server in your network configure it on pfsense

Go to Services > NTP

Select LAN from Interface list and click Save.

This will enable NTP service to listen for queries from LAN and you can use this NTP service for any LAN device NTP configuration

Note: See TracWiki for help on using the wiki.