Dealing with pfSense
What a pleasure, especially with the new version 2.3!
For some of my clients I set the WAN double, we definetely needed it, and with the dual WAN there are steps that must be taken to enable the accessibility of services on pfSense, see dynamic ip or in case of failure of one of the connections. An example is the VPN connection.
In the client configuration it is always useful writing the DNS name of the VPN terminator and then use a type service dyndns or noip, or, if you have got a manageable domain available, you can use bind9.
With the version 2.3 added in the section Dynamic dns can use a RFC2136 standard client, so we can use bind9 with our dynamic area.
In this guide
we will see all the steps starting from the installation of pfSense. For my test I’m using a PC Card Engines APU1D4, AMD G T40E, 4 GB of RAM and 3 10/100/1000 network cards with 16GB of m-SATA SSD, all 64bit.
Download pfSense in memstick formed by this url: pfSense-memstick.
At this point, using the dd utility create the installer on USB stick.
$ gzip -dc pfSense-memstick-2.3-RELEASE-amd64.img.gz | sudo dd of=/dev/sdX bs=1M
ATTENTION! sdX must match the device of your USB stick, as sdb o sdc….
Once you have created the installer we use minicom to connect serial. In this example, having only 16GB of disk space, the partitioning has been created directly by the installer of pfSense.
Network Configurations
The installation have automatically set the ip 192.168.1.1 to the LAN interface and the WAN in dhcp. This guide assumes that you use the 2 public static ip provided by your provider, we set the first IP on the WAN interface.
IMPORTANT: the public ip does not match with the real ip, it is only an example chosen for their simplicity.
*** Welcome to pfSense 2.3-RELEASE-pfSense (amd64) on pfSense *** WAN (wan) -> re1 -> LAN (lan) -> re2 -> v4: 192.168.1.1/24 0) Logout (SSH only) 9) pfTop 1) Assign Interfaces 10) Filter Logs 2) Set interface(s) IP address 11) Restart webConfigurator 3) Reset webConfigurator password 12) pfSense Developer Shell 4) Reset to factory defaults 13) Update from console 5) Reboot system 14) Enable Secure Shell (sshd) 6) Halt system 15) Restore recent configuration 7) Ping host 16) Restart PHP-FPM 8) Shell Enter an option: 2 Available interfaces: 1 - WAN (re1 - dhcp, dhcp6) 2 - LAN (re2 - static) Enter the number of the interface you wish to configure: 1 Configure IPv4 address WAN interface via DHCP? (y/n) n Enter the new WAN IPv4 address. Press <ENTER> for none: > 1.1.1.2 Subnet masks are entered as bit counts (as in CIDR notation) in pfSense. e.g. 255.255.255.0 = 24 255.255.0.0 = 16 255.0.0.0 = 8 Enter the new WAN IPv4 subnet bit count (1 to 31): > 29 For a WAN, enter the new WAN IPv4 upstream gateway address. For a LAN, press (ENTER) for none: > 1.1.1.1 Configure IPv6 address WAN interface via DHCP6? (y/n) n Enter the new WAN IPv6 address. Press <ENTER> for none: > Do you want to revert to HTTP as the webConfigurator protocol? (y/n) n Please wait while the changes are saved to WAN... Reloading filter... Reloading routing configuration... DHCPD... The IPv4 WAN address has been set to 1.1.1.2/29 Press <ENTER> to continue.
At this point we can connect to the LAN, pfSense will assign a dynamic ip on the 192.168.1.x network from there we will be able to finalize the installation.
Using the default credentials can make your first login;
username = admin
password = pfsense
Initial Configuration
Now we miss only the setting to use the Balancer. To ask the LAN to use the Balancer we need to change the default rule that allows us to go out on the internet on our local network.
Firewall -> Rules -> LAN
Change the rule “Default allow LAN to any rule” press the “Advanced Display” button and change the gateway by entering the Balancer, save and apply.
At this point we can verify the operation simply alternating the physical separation of a WAN and the other checking on any of the sites that show your public ip es. www.whatismyip.com.
We will see later how to use the other Gateway Groups.
In the next part we will see how to configure Bind9 to accept changes in writing.
Enjoy!
- SSH Keys pair, how to generate it and use. - Aug 18,2019
- Let’s Encrypt on pfSense – webConfigurator - Apr 04,2017
- Isc Dhcpd Openldap on Ubuntu 16.04 - Oct 03,2016
Federico
Leave a Comment