PfSense is a router

pfSense

Firewall, router, proxy, VPN gateway

The firewall distribution pfSense is based on the FreeBSD operating system. OpenBSD contributes the packet filter pf. pfSense is derived from the firewall and router distribution m0n0wall. This article is based on the beta of pfSense 2.0.

pfSense has many interesting options for setting up routers, firewalls, proxies and VPN gateways. Important functions of pfSense are:

  • Multi-WAN, bundling of several connections, load balancing, fail over
  • Redundancy on the LAN side with Common Address Redundancy Protocol CARP
  • pfsync to synchronize the state tables of several firewalls
  • Transparent layer 2 firewall
  • Statefull firewall on layer 3
  • VPN with IPsec, OpenVPN and PPTP
  • Detection of operating systems (p0f) and filtering
  • Reporting and monitoring, RRD graphs
  • DynDNS support
  • Captive portal
  • Proxy and web filter with Squid and SquidGuard
  • Use as a wireless access point, WLAN
  • available as a VMware appliance

Functions such as AntiVirus, netIO, nmap, ntop and Snort can be retrofitted via packages. pfSense runs on PC hardware and embedded boards such as PC Engines Alix and Soekris net.

Installation of pfSense

pfSense can be used as a live CD or installed on a hard drive. This chapter describes the installation of pfSense on the hard disk of a PC system. First download the current ISO image from the pfSense homepage and burn it onto a CD.

After booting, you will see the FreeBSD start menu. With option 1 you start pfSense without any further parameters.


FreeBSD start menu

To install pfSense on a hard drive, start the installer with the "i" key.


With "i" you start the installation of pfSense

If necessary, you can now adjust the parameters for the console. But you can easily get through the installation with the defaults.


Customization of the console

For a standard installation of pfSense, select "Quick / Easy Install" in this menu. The installation can be adjusted using "Custom Install". For example, it is possible to install multiple versions of pfSense on one machine.


We select "Quick / Easy Install"

With the "Quick / Easy Install" option, the installer uses the first hard drive in the system to install pfSense. This hard disk will be completely overwritten.


The installation will overwrite the first hard drive without further warning.


The installation process for pfSense

Select the BSD kernel that fits your system here.


Selection of the kernel

After the installation, there will be a restart from the hard disk. If necessary, remove the pfSense CD from the drive.


The installation was successful

The initial setup takes place when the new firewall is started. pfSense shows the detected network interfaces. In this example an Intel card em0 and an AMD card pcn0. First, VLANs can be set up. pfSense can also be used for routing between VLANs. When using VLANs, a network card is sufficient to operate the firewall. We will set up the two network cards without a VLAN.


Setting up VLANs in pfSense

The interface to WAN, LAN and OPT1 can be assigned using the interface designations (em0, em1). If there are several cards of the same type, auto-detection is very useful. Disconnect all network cables from the cards. For detection, connect the selected card to a switch, PC or DSL modem. PfSense recognizes the interface on the link.


Assignment of the interface for WAN and LAN

One WAN and one LAN interface are sufficient for a standard configuration. We will deal with the possibilities of the optional interfaces (OPT) later.


WAN and LAN interfaces are assigned

PfSense starts after the interfaces have been assigned. The WAN interface tries to obtain an IP address via DHCP. This setting is ideal for use as a router at Kabel Deutschland. The WAN interface can later be converted to PPPoE for use as a DSL router.


PfSense text console after startup

The LAN interface is assigned the IP address 192.168.1.1 by default. You can access this IP from the LAN with a browser. The further configuration of pfSense can be done comfortably via the web interface.

All parts of the pfSense tutorial

Further information on pfSense