software:pfsense
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
software:pfsense [2015/03/08 22:10] – [Squid Configuration] superwizard | software:pfsense [2017/12/22 18:26] – superwizard | ||
---|---|---|---|
Line 1: | Line 1: | ||
+ | ====== Firewall Rule Basics ====== | ||
+ | |||
+ | From: https:// | ||
+ | |||
+ | < | ||
+ | any - 0.0.0.0 to 255.255.255.255, | ||
+ | Single host or alias - Select this and enter one IP address (1.2.3.4, aa: | ||
+ | Network - Select this and enter a network and mask (10.99.0.0/ | ||
+ | LAN net - The subnet configured on the LAN interface under Interfaces > LAN. On pfSense 2.2+, this also includes IP alias networks on that interface. | ||
+ | LAN address - The IP address configured on the LAN interface under Interfaces > LAN | ||
+ | zzz Net / zzz address - Works the same as LAN above but for other interfaces (WAN, OPT1, OPT2, etc.) | ||
+ | PPTP clients - Automatically locate and use the addresses of PPTP clients | ||
+ | L2TP clients - Automatically locate and use the addresses of L2TP clients | ||
+ | This Firewall (self) - Any IP address assigned to any interface on this firewall (pfSense 2.2+) | ||
+ | </ | ||
+ | |||
+ | ====== Installing the Ubiquiti UniFi Controller Software on pfSense 2.2 ====== | ||
+ | |||
+ | From: http:// | ||
+ | |||
+ | < | ||
+ | Note: I am leaving this here for the reference and posterity, but for a variety of reasons, | ||
+ | I no longer recommend doing this. It is a neat hack, but tends to be a bit of a pain to live | ||
+ | with as you end up having to troubleshoot or reinstall it every time you update pfSense or | ||
+ | Unifi. When you can install it on a Raspberry Pi for less than $50, there' | ||
+ | to do this. | ||
+ | </ | ||
+ | |||
+ | |||
+ | ====== Automatically backup Pfsense configuration files ====== | ||
+ | |||
+ | From: https:// | ||
+ | |||
+ | < | ||
+ | The script is secure and will only connect via SSH using SSH key authentication instead of passwords. | ||
+ | We use pfMb on Mac and Linux but it should work on any *nix under bash. | ||
+ | </ | ||
+ | |||
+ | From: https:// | ||
+ | |||
+ | < | ||
+ | It is very lightweight and easy to use this tool. It requires the Microsoft .NET framework 2.0 to be | ||
+ | installed on the machine from which you are running it. Extract the executable in the ZIP and run it | ||
+ | without parameters to see the help text which explains the options you have to run it:</ | ||
+ | |||
+ | |||
+ | From: https:// | ||
+ | |||
+ | < | ||
+ | pfSense keeps its configuration in one convenient XML document. A backup of this document can be saved | ||
+ | by going to Diagnostics > Backup/ | ||
+ | Before downloading, | ||
+ | RRD data from the backup file. | ||
+ | Restoring a configuration is just as easy, click Browse, locate the backup configuration file, then click | ||
+ | Restore Configuration | ||
+ | </ | ||
+ | |||
+ | From: https:// | ||
+ | |||
+ | |||
+ | From: http:// | ||
+ | |||
+ | |||
+ | From: | ||
+ | ====== PFSENSE BEHIND A ROUTER ====== | ||
+ | |||
+ | From: http:// | ||
+ | |||
+ | |||
+ | < | ||
+ | Trouble shooting: | ||
+ | Can pfsense ping router – NO WAN config error | ||
+ | Can pfsense ping pfsense client – NO – LAN config error / Client firewall | ||
+ | Can pfsense client ping pfsense – NO – LAN config error / Client firewall | ||
+ | Can pfsense ping 8.8.8.8 – NO – ASDL/CABLE router config error | ||
+ | Can pfsense client ping router – NO – NAT error | ||
+ | Can pfsense client ping 8.8.8.8 – NO – NAT error / ADSL / CABLE config error | ||
+ | Can pfsense client ping 8.8.8.8 – YES – All good | ||
+ | Can pfsense client load a website – NO – DNS Error – Check everything above is OK | ||
+ | Can pfsense client load a website – YES – Everything is working | ||
+ | </ | ||
+ | |||
+ | ====== PFsense System Advanced Notification SMTP configuration ====== | ||
+ | |||
+ | From: https:// | ||
+ | |||
+ | |||
+ | < | ||
+ | Now - guess what ... Exchange does support plaintext-logins when configured correctly, | ||
+ | but only using the method " | ||
+ | Re: Cannot send mails using office365 smtp server | ||
+ | « Reply #14 on: November 22, 2014, 10:05:07 pm » | ||
+ | Got it working! Issue was STARTTLS (and save before Test). | ||
+ | Thanks! | ||
+ | </ | ||
+ | |||
+ | {{ : | ||
+ | |||
+ | < | ||
+ | Office365 SMTP Configuration for PFsense to relay mail to notification e-mail address. Note for testing always reenter the password. | ||
+ | </ | ||
+ | |||
+ | ====== pfsense ipv6 with comcast ====== | ||
+ | |||
+ | From: https:// | ||
+ | |||
+ | [[systems: | ||
+ | |||
+ | < | ||
+ | go to Status: Interfaces page. | ||
+ | Under your WAN interface section, you should see an IPv6 address (in addition to link local), | ||
+ | a subnet mask ipv6 of 64, and a gateway ipv6. | ||
+ | Note the ISP DNS Servers section should contain ipv6 addresses. Record one of those for later testing. | ||
+ | Under the LAN interface section, you should see an IPv6 address (in addition to link local), and a | ||
+ | subnet mask ipv6 of 64 | ||
+ | </ | ||
+ | |||
+ | |||
+ | ====== CONFIGURING DHCP SERVER AND DYNAMIC DNS SERVICES ====== | ||
+ | |||
+ | Configure PFSENSE to serve DNS names for Local Lan | ||
+ | |||
+ | < | ||
+ | If the DNS Forwarder is enabled, every DNS request from every interface will be processed by pfSense. | ||
+ | Individual host records are checked first, and if a match is found, the associated IP address is | ||
+ | immediately returned. | ||
+ | |||
+ | By enabling the Register DHCP Static Mappings option, you won’t have to worry about creating DNS records | ||
+ | for those devices. This is my preferred method of using pfSense as a DNS server. As long as we create a | ||
+ | static mapping for every device on our network, their hostnames will resolve automatically. | ||
+ | |||
+ | Using this method, we’ll only have to add explicit hostname records for devices that specify their own | ||
+ | IP address (that is, devices that don’t use DHCP), which should be few and far between. | ||
+ | |||
+ | Register DHCP Leases in DNS Forwarder | ||
+ | If the Register DHCP Leases in DNS Forwarder option is enabled, pfSense will automatically register any | ||
+ | devices that specify a hostname when submitting a DNS request. The downside, of course, is that not all | ||
+ | devices submit a hostname and even when they do, it is sometimes cryptic. I prefer to only register | ||
+ | important devices using DHCP static mappings, and all other (unimportant/ | ||
+ | using their IP addresses. | ||
+ | </ | ||
+ | |||
+ | |||
+ | ====== How To Create And Configure VLANs In pfSense ====== | ||
+ | |||
+ | From: https:// | ||
+ | |||
+ | < | ||
+ | In this post I will describe how to create and configure VLANs in pfSense. Once configured, you’ll be | ||
+ | able to route (or prevent routing) traffic between each VLAN, and each VLAN will be able to share the | ||
+ | same Internet connection. To help explain the steps involved, we’ll create two static VLANs on a 24-port | ||
+ | switch and trunk those VLANs from the switch to the LAN interface on pfSense, where we will assign each | ||
+ | VLAN a unique /24 private IP subnet. | ||
+ | </ | ||
+ | |||
====== Virtual IP and arp proxy ====== | ====== Virtual IP and arp proxy ====== | ||
Line 10: | Line 165: | ||
several different applications and virtual appliances on a server with only one logical IP address. | several different applications and virtual appliances on a server with only one logical IP address. | ||
</ | </ | ||
- | |||
====== Filter Log Format for pfSense 2.2 ====== | ====== Filter Log Format for pfSense 2.2 ====== | ||
Line 63: | Line 217: | ||
http:// | http:// | ||
====== Squid Configuration ====== | ====== Squid Configuration ====== | ||
- | |||
=== Cache management page === | === Cache management page === | ||
+ | < | ||
cache_mem 580 MB | cache_mem 580 MB | ||
maximum_object_size_in_memory 64 KB | maximum_object_size_in_memory 64 KB | ||
Line 78: | Line 232: | ||
cache_swap_high 95 | cache_swap_high 95 | ||
cache allow all | cache allow all | ||
+ | </ | ||
Line 135: | Line 290: | ||
+ | === Filtering HTTPS / SSL Traffic on pfSense === | ||
+ | |||
+ | From: https:// | ||
+ | |||
+ | < | ||
+ | This article will tell you how to install and configure Squid proxy capable of filtering | ||
+ | encrypted HTTPS connections using Diladele Web Safety ICAP content filtering server running | ||
+ | on pfSense | ||
+ | </ | ||
====== Traffic Shaper in pfSense 2.0 ====== | ====== Traffic Shaper in pfSense 2.0 ====== | ||
software/pfsense.txt · Last modified: 2018/01/06 04:12 by superwizard