User Tools

Site Tools


software:pfsense

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
Last revisionBoth sides next revision
software:pfsense [2015/03/17 23:00] – [How To Create And Configure VLANs In pfSense] superwizardsoftware:pfsense [2018/01/02 20:44] – [pfsense ipv6 with comcast] superwizard
Line 1: Line 1:
 +====== Firewall Rule Basics ======
 +
 +From: https://doc.pfsense.org/index.php/Firewall_Rule_Basics
 +
 +<code>
 +any - 0.0.0.0 to 255.255.255.255, or all IPv6 addresses
 +
 +Single host or alias - Select this and enter one IP address (1.2.3.4, aa:bb:cc:dd::1) or type the name of an Alias that has already been configured (Firewall > Aliases)
 +
 +Network - Select this and enter a network and mask (10.99.0.0/16, aa:bb:cc:dd::0/64)
 +
 +LAN net - The subnet configured on the LAN interface under Interfaces > LAN. On pfSense 2.2+, this also includes IP alias networks on that interface.
 +
 +LAN address - The IP address configured on the LAN interface under Interfaces > LAN
 +
 +zzz Net / zzz address - Works the same as LAN above but for other interfaces (WAN, OPT1, OPT2, etc.)
 +
 +PPTP clients - Automatically locate and use the addresses of PPTP clients
 +
 +L2TP clients - Automatically locate and use the addresses of L2TP clients
 +
 +This Firewall (self) - Any IP address assigned to any interface on this firewall (pfSense 2.2+)
 +</code>
 +
 +====== Installing the Ubiquiti UniFi Controller Software on pfSense 2.2 ======
 +
 +From: http://www.robpeck.com/2015/03/installing-the-ubiquiti-unifi-controller-software-on-pfsense-2.2/#.VqPwMlLMa6E
 +
 +<code>
 +Note: I am leaving this here for the reference and posterity, but for a variety of reasons, 
 +I no longer recommend doing this. It is a neat hack, but tends to be a bit of a pain to live 
 +with as you end up having to troubleshoot or reinstall it every time you update pfSense or 
 +Unifi. When you can install it on a Raspberry Pi for less than $50, there's really no need 
 +to do this.
 +</code>
 +
 +
 +====== Automatically backup Pfsense configuration files ======
 +
 +From: https://www.outsideopen.com/pfmb/
 +
 +<code>
 +The script is secure and will only connect via SSH using SSH key authentication instead of passwords.  
 +We use pfMb on Mac and Linux but it should work on any *nix under bash.
 +</code>
 +
 +From: https://knowledge.zomers.eu/pfsense/Pages/How-to-automate-pfSense-backup.aspx
 +
 +<code>
 +It is very lightweight and easy to use this tool. It requires the Microsoft .NET framework 2.0 to be 
 +installed on the machine from which you are running it. Extract the executable in the ZIP and run it 
 +without parameters to see the help text which explains the options you have to run it:</code>
 +
 +
 +From: https://doc.pfsense.org/index.php/Configuration_Backup_and_Restore
 +
 +<code>
 +pfSense keeps its configuration in one convenient XML document. A backup of this document can be saved 
 +by going to Diagnostics > Backup/Restore, and clicking Download Configuration.
 +Before downloading, review the options available such as only backing up certain areas, or excluding the 
 +RRD data from the backup file.
 +Restoring a configuration is just as easy, click Browse, locate the backup configuration file, then click 
 +Restore Configuration
 +</code>
 +
 +From: https://www.proteansec.com/linux/pfsense-automatically-backup-configuration-files/
 +
 +
 +From: http://www.gremwell.com/node/397
 +
 +
 +From: 
 +====== PFSENSE BEHIND A ROUTER ======
 +
 +From: http://hakology.co.uk/2014/02/pfsense-behind-a-router/
 +
 +
 +<code>
 +Trouble shooting:
 +Can pfsense ping router – NO WAN config error
 +Can pfsense ping pfsense client – NO – LAN config error / Client firewall
 +Can pfsense client ping pfsense – NO – LAN config error / Client firewall
 +Can pfsense ping 8.8.8.8 – NO – ASDL/CABLE router config error
 +Can pfsense client ping router – NO – NAT error
 +Can pfsense client ping 8.8.8.8 – NO – NAT error / ADSL / CABLE config error
 +Can pfsense client ping 8.8.8.8 – YES – All good
 +Can pfsense client load a website – NO – DNS Error – Check everything above is OK
 +Can pfsense client load a website – YES – Everything is working
 +</code>
 +
 +====== PFsense System Advanced Notification SMTP configuration ======
 +
 +From: https://forum.pfsense.org/index.php?topic=72015.0
 +
 +
 +<code>
 +Now - guess what ... Exchange does support plaintext-logins when configured correctly, 
 +but only using the method "LOGIN" ...
 +Re: Cannot send mails using office365 smtp server
 +« Reply #14 on: November 22, 2014, 10:05:07 pm »
 +Got it working! Issue was STARTTLS (and save before Test).
 +Thanks!
 +</code>
 +
 +{{ :software:pfsensenotificationconfigurationforoffice365-2015-08-29_14_29_41-system_advanced_notifications.png?300 |Office365 Configuration}}
 +
 +<code>
 +Office365 SMTP Configuration for PFsense to relay mail to notification e-mail address. Note for testing always reenter the password.
 +</code>
 + 
 +====== pfsense ipv6 with comcast ======
 +
 +From: http://undergroundmod.com/2016/08/25/pfsense-ipv6-with-comcast/
 +
 +From: https://r.wundrd.net/article/pfsense-ipv6-comcast/
 +
 +[[systems:ipv6#pfsense ipv6 with comcast]]
 +
 +<code>
 +go to Status: Interfaces page.
 +Under your WAN interface section, you should see an IPv6 address (in addition to link local), 
 +a subnet mask ipv6 of 64, and a gateway ipv6.
 +Note the ISP DNS Servers section should contain ipv6 addresses. Record one of those for later testing.
 +Under the LAN interface section, you should see an IPv6 address (in addition to link local), and a 
 +subnet mask ipv6 of 64
 +</code>
 +
 +From: https://forum.pfsense.org/index.php?topic=83576.0
 +
 +
 +<code>
 +Comcast will let you request no more than a /60. 16 /64 subnets on a personal network should be 
 +more than enough for most people.
 +
 +Business class service may be able to request larger allocations, but consumer service can request 
 +anything from /64 to /60 only, depending on how many subnets you need (1 to 16, based on number of bits).
 +
 +Because of pfSense's IPv6 implementation with DHCPv6 on the WAN, there is no way to set up a static 
 +IPv6 address for your router on your LAN. You set up "Track Interface", "WAN", then select which subnet 
 +you want to use (which will only be 0 if you request a /64, could be 0-F if you request a /60). The LAN 
 +interface gets a SLAAC address based on the interface's MAC address.
 +</code>
 +
 +{{ :software:2018-01-02_15_33_50-_diagnostics_edit_file.png?direct&600 |}}
 +
 +
 +{{ :software:2018-01-02_15_36_37-_interfaces_wan.png?direct&600 |}}
 +
 +{{ :software:2018-01-02_15_38_34-_interfaces_lan-general.png?direct&600 |}}
 +
 +{{ :software:2018-01-02_15_39_25-_interfaces_lan-track.png?direct&600 |}}
 +
 +{{ :software:2018-01-02_15_43_02-_services_dhcpv6_server_ra_lan_dhcpv6_server.png?direct&600 |}}
 ====== CONFIGURING DHCP SERVER AND DYNAMIC DNS SERVICES ====== ====== CONFIGURING DHCP SERVER AND DYNAMIC DNS SERVICES ======
  
Line 99: Line 252:
 http://www.onlineconversion.com/unix_time.htm http://www.onlineconversion.com/unix_time.htm
 ====== Squid Configuration ====== ====== Squid Configuration ======
- 
  
 === Cache management page === === Cache management page ===
software/pfsense.txt · Last modified: 2018/01/06 04:12 by superwizard