Differences

This shows you the differences between two versions of the page.

--- software:pfsense [2015/03/14 21:05] – [Virtual IP and arp proxy] superwizard
+++ software:pfsense [2018/01/02 20:32] – [pfsense ipv6 with comcast] superwizard
@@ Line 1: / Line 1: @@
+====== Firewall Rule Basics ======
+From: https://doc.pfsense.org/index.php/Firewall_Rule_Basics
+<code>
+any - 0.0.0.0 to 255.255.255.255, or all IPv6 addresses
+Single host or alias - Select this and enter one IP address (1.2.3.4, aa:bb:cc:dd::1) or type the name of an Alias that has already been configured (Firewall > Aliases)
+Network - Select this and enter a network and mask (10.99.0.0/16, aa:bb:cc:dd::0/64)
+LAN net - The subnet configured on the LAN interface under Interfaces > LAN. On pfSense 2.2+, this also includes IP alias networks on that interface.
+LAN address - The IP address configured on the LAN interface under Interfaces > LAN
+zzz Net / zzz address - Works the same as LAN above but for other interfaces (WAN, OPT1, OPT2, etc.)
+PPTP clients - Automatically locate and use the addresses of PPTP clients
+L2TP clients - Automatically locate and use the addresses of L2TP clients
+This Firewall (self) - Any IP address assigned to any interface on this firewall (pfSense 2.2+)
+</code>
+====== Installing the Ubiquiti UniFi Controller Software on pfSense 2.2 ======
+From: http://www.robpeck.com/2015/03/installing-the-ubiquiti-unifi-controller-software-on-pfsense-2.2/#.VqPwMlLMa6E
+<code>
+Note: I am leaving this here for the reference and posterity, but for a variety of reasons,
+I no longer recommend doing this. It is a neat hack, but tends to be a bit of a pain to live
+with as you end up having to troubleshoot or reinstall it every time you update pfSense or
+Unifi. When you can install it on a Raspberry Pi for less than $50, there's really no need
+to do this.
+</code>
+====== Automatically backup Pfsense configuration files ======
+From: https://www.outsideopen.com/pfmb/
+<code>
+The script is secure and will only connect via SSH using SSH key authentication instead of passwords.
+We use pfMb on Mac and Linux but it should work on any *nix under bash.
+</code>
+From: https://knowledge.zomers.eu/pfsense/Pages/How-to-automate-pfSense-backup.aspx
+<code>
+It is very lightweight and easy to use this tool. It requires the Microsoft .NET framework 2.0 to be
+installed on the machine from which you are running it. Extract the executable in the ZIP and run it
+without parameters to see the help text which explains the options you have to run it:</code>
+From: https://doc.pfsense.org/index.php/Configuration_Backup_and_Restore
+<code>
+pfSense keeps its configuration in one convenient XML document. A backup of this document can be saved
+by going to Diagnostics > Backup/Restore, and clicking Download Configuration.
+Before downloading, review the options available such as only backing up certain areas, or excluding the
+RRD data from the backup file.
+Restoring a configuration is just as easy, click Browse, locate the backup configuration file, then click
+Restore Configuration
+</code>
+From: https://www.proteansec.com/linux/pfsense-automatically-backup-configuration-files/
+From: http://www.gremwell.com/node/397
+From:
+====== PFSENSE BEHIND A ROUTER ======
+From: http://hakology.co.uk/2014/02/pfsense-behind-a-router/
+<code>
+Trouble shooting:
+Can pfsense ping router – NO WAN config error
+Can pfsense ping pfsense client – NO – LAN config error / Client firewall
+Can pfsense client ping pfsense – NO – LAN config error / Client firewall
+Can pfsense ping 8.8.8.8 – NO – ASDL/CABLE router config error
+Can pfsense client ping router – NO – NAT error
+Can pfsense client ping 8.8.8.8 – NO – NAT error / ADSL / CABLE config error
+Can pfsense client ping 8.8.8.8 – YES – All good
+Can pfsense client load a website – NO – DNS Error – Check everything above is OK
+Can pfsense client load a website – YES – Everything is working
+</code>
+====== PFsense System Advanced Notification SMTP configuration ======
+From: https://forum.pfsense.org/index.php?topic=72015.0
+<code>
+Now - guess what ... Exchange does support plaintext-logins when configured correctly,
+but only using the method "LOGIN" ...
+Re: Cannot send mails using office365 smtp server
+« Reply #14 on: November 22, 2014, 10:05:07 pm »
+Got it working! Issue was STARTTLS (and save before Test).
+Thanks!
+</code>
+{{ :software:pfsensenotificationconfigurationforoffice365-2015-08-29_14_29_41-system_advanced_notifications.png?300 |Office365 Configuration}}
+<code>
+Office365 SMTP Configuration for PFsense to relay mail to notification e-mail address. Note for testing always reenter the password.
+</code>
+====== pfsense ipv6 with comcast ======
+From: http://undergroundmod.com/2016/08/25/pfsense-ipv6-with-comcast/
+From: https://r.wundrd.net/article/pfsense-ipv6-comcast/
+[[systems:ipv6#pfsense ipv6 with comcast]]
+<code>
+go to Status: Interfaces page.
+Under your WAN interface section, you should see an IPv6 address (in addition to link local),
+a subnet mask ipv6 of 64, and a gateway ipv6.
+Note the ISP DNS Servers section should contain ipv6 addresses. Record one of those for later testing.
+Under the LAN interface section, you should see an IPv6 address (in addition to link local), and a
+subnet mask ipv6 of 64
+</code>
+From: https://forum.pfsense.org/index.php?topic=83576.0
+<code>
+Comcast will let you request no more than a /60. 16 /64 subnets on a personal network should be
+more than enough for most people.
+Business class service may be able to request larger allocations, but consumer service can request
+anything from /64 to /60 only, depending on how many subnets you need (1 to 16, based on number of bits).
+Because of pfSense's IPv6 implementation with DHCPv6 on the WAN, there is no way to set up a static
+IPv6 address for your router on your LAN. You set up "Track Interface", "WAN", then select which subnet
+you want to use (which will only be 0 if you request a /64, could be 0-F if you request a /60). The LAN
+interface gets a SLAAC address based on the interface's MAC address.
+</code>
+====== CONFIGURING DHCP SERVER AND DYNAMIC DNS SERVICES ======
+Configure PFSENSE to serve DNS names for Local Lan
+<code>
+If the DNS Forwarder is enabled, every DNS request from every interface will be processed by pfSense.
+Individual host records are checked first, and if a match is found, the associated IP address is
+immediately returned.
+By enabling the Register DHCP Static Mappings option, you won’t have to worry about creating DNS records
+for those devices. This is my preferred method of using pfSense as a DNS server. As long as we create a
+static mapping for every device on our network, their hostnames will resolve automatically.
+Using this method, we’ll only have to add explicit hostname records for devices that specify their own
+IP address (that is, devices that don’t use DHCP), which should be few and far between.
+Register DHCP Leases in DNS Forwarder
+If the Register DHCP Leases in DNS Forwarder option is enabled, pfSense will automatically register any
+devices that specify a hostname when submitting a DNS request. The downside, of course, is that not all
+devices submit a hostname and even when they do, it is sometimes cryptic. I prefer to only register
+important devices using DHCP static mappings, and all other (unimportant/unknown) devices can be referenced
+using their IP addresses.
+</code>
 ====== How To Create And Configure VLANs In pfSense ======
@@ Line 10: / Line 178: @@
 VLAN a unique /24 private IP subnet.
 </code>
 ====== Virtual IP and arp proxy ======
@@ Line 75: / Line 242: @@
 http://www.onlineconversion.com/unix_time.htm
 ====== Squid Configuration ======
 === Cache management page ===