software:pfsense
Differences
This shows you the differences between two versions of the page.
| Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
| software:pfsense [2015/12/06 20:52] – superwizard | software:pfsense [2018/01/06 04:12] (current) – superwizard | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| + | ====== Scrape PFSense DHCP Leases Status Page and Export Results to JSON ====== | ||
| + | |||
| + | |||
| + | From: https:// | ||
| + | |||
| + | < | ||
| + | # This python (2.7) script provides a function to query the pfsense (v2.3) dhcp leases status page and | ||
| + | store the results for # ip, hostname, and mac as lists. A second function is also provided to export | ||
| + | the results in json to the file / | ||
| + | </ | ||
| + | |||
| + | ====== Firewall Rule Basics ====== | ||
| + | |||
| + | From: https:// | ||
| + | |||
| + | < | ||
| + | any - 0.0.0.0 to 255.255.255.255, | ||
| + | |||
| + | Single host or alias - Select this and enter one IP address (1.2.3.4, aa: | ||
| + | |||
| + | Network - Select this and enter a network and mask (10.99.0.0/ | ||
| + | |||
| + | LAN net - The subnet configured on the LAN interface under Interfaces > LAN. On pfSense 2.2+, this also includes IP alias networks on that interface. | ||
| + | |||
| + | LAN address - The IP address configured on the LAN interface under Interfaces > LAN | ||
| + | |||
| + | zzz Net / zzz address - Works the same as LAN above but for other interfaces (WAN, OPT1, OPT2, etc.) | ||
| + | |||
| + | PPTP clients - Automatically locate and use the addresses of PPTP clients | ||
| + | |||
| + | L2TP clients - Automatically locate and use the addresses of L2TP clients | ||
| + | |||
| + | This Firewall (self) - Any IP address assigned to any interface on this firewall (pfSense 2.2+) | ||
| + | </ | ||
| + | |||
| + | ====== Installing the Ubiquiti UniFi Controller Software on pfSense 2.2 ====== | ||
| + | |||
| + | From: http:// | ||
| + | |||
| + | < | ||
| + | Note: I am leaving this here for the reference and posterity, but for a variety of reasons, | ||
| + | I no longer recommend doing this. It is a neat hack, but tends to be a bit of a pain to live | ||
| + | with as you end up having to troubleshoot or reinstall it every time you update pfSense or | ||
| + | Unifi. When you can install it on a Raspberry Pi for less than $50, there' | ||
| + | to do this. | ||
| + | </ | ||
| + | |||
| + | |||
| ====== Automatically backup Pfsense configuration files ====== | ====== Automatically backup Pfsense configuration files ====== | ||
| Line 6: | Line 54: | ||
| The script is secure and will only connect via SSH using SSH key authentication instead of passwords. | The script is secure and will only connect via SSH using SSH key authentication instead of passwords. | ||
| We use pfMb on Mac and Linux but it should work on any *nix under bash. | We use pfMb on Mac and Linux but it should work on any *nix under bash. | ||
| + | </ | ||
| + | |||
| + | From: https:// | ||
| + | |||
| + | < | ||
| + | It is very lightweight and easy to use this tool. It requires the Microsoft .NET framework 2.0 to be | ||
| + | installed on the machine from which you are running it. Extract the executable in the ZIP and run it | ||
| + | without parameters to see the help text which explains the options you have to run it:</ | ||
| + | |||
| + | |||
| + | From: https:// | ||
| + | |||
| + | < | ||
| pfSense keeps its configuration in one convenient XML document. A backup of this document can be saved | pfSense keeps its configuration in one convenient XML document. A backup of this document can be saved | ||
| by going to Diagnostics > Backup/ | by going to Diagnostics > Backup/ | ||
| Line 13: | Line 74: | ||
| Restore Configuration | Restore Configuration | ||
| </ | </ | ||
| + | |||
| + | From: https:// | ||
| + | |||
| + | |||
| + | From: http:// | ||
| + | From: | ||
| ====== PFSENSE BEHIND A ROUTER ====== | ====== PFSENSE BEHIND A ROUTER ====== | ||
| Line 54: | Line 121: | ||
| ====== pfsense ipv6 with comcast ====== | ====== pfsense ipv6 with comcast ====== | ||
| + | |||
| + | From: http:// | ||
| From: https:// | From: https:// | ||
| Line 68: | Line 137: | ||
| </ | </ | ||
| + | From: https:// | ||
| + | |||
| + | < | ||
| + | Comcast will let you request no more than a /60. 16 /64 subnets on a personal network should be | ||
| + | more than enough for most people. | ||
| + | |||
| + | Business class service may be able to request larger allocations, | ||
| + | anything from /64 to /60 only, depending on how many subnets you need (1 to 16, based on number of bits). | ||
| + | |||
| + | Because of pfSense' | ||
| + | IPv6 address for your router on your LAN. You set up "Track Interface", | ||
| + | you want to use (which will only be 0 if you request a /64, could be 0-F if you request a /60). The LAN | ||
| + | interface gets a SLAAC address based on the interface' | ||
| + | </ | ||
| + | |||
| + | {{ : | ||
| + | |||
| + | |||
| + | {{ : | ||
| + | |||
| + | {{ : | ||
| + | |||
| + | {{ : | ||
| + | |||
| + | {{ : | ||
| ====== CONFIGURING DHCP SERVER AND DYNAMIC DNS SERVICES ====== | ====== CONFIGURING DHCP SERVER AND DYNAMIC DNS SERVICES ====== | ||
| Line 169: | Line 263: | ||
| http:// | http:// | ||
| ====== Squid Configuration ====== | ====== Squid Configuration ====== | ||
| - | |||
| === Cache management page === | === Cache management page === | ||
software/pfsense.1449435130.txt.gz · Last modified: 2015/12/06 20:52 by superwizard