software:pfsense
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
software:pfsense [2015/12/06 19:54] – superwizard | software:pfsense [2018/01/06 04:12] (current) – superwizard | ||
---|---|---|---|
Line 1: | Line 1: | ||
+ | ====== Scrape PFSense DHCP Leases Status Page and Export Results to JSON ====== | ||
+ | |||
+ | |||
+ | From: https:// | ||
+ | |||
+ | < | ||
+ | # This python (2.7) script provides a function to query the pfsense (v2.3) dhcp leases status page and | ||
+ | store the results for # ip, hostname, and mac as lists. A second function is also provided to export | ||
+ | the results in json to the file / | ||
+ | </ | ||
+ | |||
+ | ====== Firewall Rule Basics ====== | ||
+ | |||
+ | From: https:// | ||
+ | |||
+ | < | ||
+ | any - 0.0.0.0 to 255.255.255.255, | ||
+ | |||
+ | Single host or alias - Select this and enter one IP address (1.2.3.4, aa: | ||
+ | |||
+ | Network - Select this and enter a network and mask (10.99.0.0/ | ||
+ | |||
+ | LAN net - The subnet configured on the LAN interface under Interfaces > LAN. On pfSense 2.2+, this also includes IP alias networks on that interface. | ||
+ | |||
+ | LAN address - The IP address configured on the LAN interface under Interfaces > LAN | ||
+ | |||
+ | zzz Net / zzz address - Works the same as LAN above but for other interfaces (WAN, OPT1, OPT2, etc.) | ||
+ | |||
+ | PPTP clients - Automatically locate and use the addresses of PPTP clients | ||
+ | |||
+ | L2TP clients - Automatically locate and use the addresses of L2TP clients | ||
+ | |||
+ | This Firewall (self) - Any IP address assigned to any interface on this firewall (pfSense 2.2+) | ||
+ | </ | ||
+ | |||
+ | ====== Installing the Ubiquiti UniFi Controller Software on pfSense 2.2 ====== | ||
+ | |||
+ | From: http:// | ||
+ | |||
+ | < | ||
+ | Note: I am leaving this here for the reference and posterity, but for a variety of reasons, | ||
+ | I no longer recommend doing this. It is a neat hack, but tends to be a bit of a pain to live | ||
+ | with as you end up having to troubleshoot or reinstall it every time you update pfSense or | ||
+ | Unifi. When you can install it on a Raspberry Pi for less than $50, there' | ||
+ | to do this. | ||
+ | </ | ||
+ | |||
+ | |||
====== Automatically backup Pfsense configuration files ====== | ====== Automatically backup Pfsense configuration files ====== | ||
Line 4: | Line 52: | ||
< | < | ||
- | pfSense keeps its configuration in one convenient XML document. A backup | + | The script is secure and will only connect via SSH using SSH key authentication instead |
- | Before downloading, | + | We use pfMb on Mac and Linux but it should work on any *nix under bash. |
- | Restoring a configuration is just as easy, click Browse, locate the backup configuration file, then click Restore Configuration | + | |
</ | </ | ||
+ | |||
+ | From: https:// | ||
+ | |||
+ | < | ||
+ | It is very lightweight and easy to use this tool. It requires the Microsoft .NET framework 2.0 to be | ||
+ | installed on the machine from which you are running it. Extract the executable in the ZIP and run it | ||
+ | without parameters to see the help text which explains the options you have to run it:</ | ||
+ | |||
+ | |||
+ | From: https:// | ||
+ | |||
+ | < | ||
+ | pfSense keeps its configuration in one convenient XML document. A backup of this document can be saved | ||
+ | by going to Diagnostics > Backup/ | ||
+ | Before downloading, | ||
+ | RRD data from the backup file. | ||
+ | Restoring a configuration is just as easy, click Browse, locate the backup configuration file, then click | ||
+ | Restore Configuration | ||
+ | </ | ||
+ | |||
+ | From: https:// | ||
+ | |||
+ | |||
+ | From: http:// | ||
+ | From: | ||
====== PFSENSE BEHIND A ROUTER ====== | ====== PFSENSE BEHIND A ROUTER ====== | ||
Line 49: | Line 121: | ||
====== pfsense ipv6 with comcast ====== | ====== pfsense ipv6 with comcast ====== | ||
+ | |||
+ | From: http:// | ||
From: https:// | From: https:// | ||
Line 63: | Line 137: | ||
</ | </ | ||
+ | From: https:// | ||
+ | |||
+ | < | ||
+ | Comcast will let you request no more than a /60. 16 /64 subnets on a personal network should be | ||
+ | more than enough for most people. | ||
+ | |||
+ | Business class service may be able to request larger allocations, | ||
+ | anything from /64 to /60 only, depending on how many subnets you need (1 to 16, based on number of bits). | ||
+ | |||
+ | Because of pfSense' | ||
+ | IPv6 address for your router on your LAN. You set up "Track Interface", | ||
+ | you want to use (which will only be 0 if you request a /64, could be 0-F if you request a /60). The LAN | ||
+ | interface gets a SLAAC address based on the interface' | ||
+ | </ | ||
+ | |||
+ | {{ : | ||
+ | |||
+ | |||
+ | {{ : | ||
+ | |||
+ | {{ : | ||
+ | |||
+ | {{ : | ||
+ | |||
+ | {{ : | ||
====== CONFIGURING DHCP SERVER AND DYNAMIC DNS SERVICES ====== | ====== CONFIGURING DHCP SERVER AND DYNAMIC DNS SERVICES ====== | ||
Line 164: | Line 263: | ||
http:// | http:// | ||
====== Squid Configuration ====== | ====== Squid Configuration ====== | ||
- | |||
=== Cache management page === | === Cache management page === |
software/pfsense.txt · Last modified: 2018/01/06 04:12 by superwizard