Jump to content

pfSense Guide

Ssoele

I will write a guide on how to use and set up the different functions of pfSense.

(I am going to add more, please let me know what you want to see)


0. Hardware
 
You can run pfSense on a lot of devices, for ease of use, I'm doing these guides on an embedded device with a APU1D4 board with pfSense pre-installed (http://varia-store.com/Systems-with-Software/pfSense/pfSense-ready-19-system-with-APU1D4-1GHZ-Dual-Core-4GB-RAM::3159.html).
 
 
1. The Setup
 
1. On the first step, you just have to click 9e4761236a.png.

1783dae944.png


2. In the second step, you have to choose the hostname, domain and DNS servers of you pfSense.
  • This is the actual name of your pfSense, if you are not setting this up in a domain, you can put whatever you want in here.
  • If you are not setting this up in a domain, you can put whatever you want in here. network.local is an example you can pick.
  • Your primary and secondary DNS servers are the servers your pfSense send DNS request to. You can pick for example the Google Public DNS, 8.8.8.8 and 8.8.4.4
  • Your primary and secondary DNS servers are the servers your pfSense send DNS request to. You can pick for example the Google Public DNS, 8.8.8.8 and 8.8.4.4
  • This option lets you choose if you want your ISP to be able to overwrite these DNS servers.
  • If you have filled in everything, you can just click 9e4761236a.png
70a8374bc9.png


3. In this step you can set your time server and your time zone. I recommend leaving the Time server as it is and just selecting your time zone. After you've selected your time zone, click 9e4761236a.png.
da52de61ab.png


4. This step is a big one, normally you don't have to set up a lot here, unless it is required by your ISP. If you have a static IP from your ISP, you might have to set up the MAC address.
You might also have to set up the PPPoE configuration with the information you have from your ISP if you are using any xDSL kind of connection.
After you have filled in the information (if needed), click 9e4761236a.png.
8bcb4d0a33.png


5. In this step you can set up the IP address if your pfSense, as well as the subnet mask. Generally, keep the IP 192.168.1.1 and the subnet mask at 24, unless you know what you are doing. After then, click 9e4761236a.png.
78d79143af.png


6. Fill in the password that you want to use of your machine and click 9e4761236a.png.
6ac77e58ce.png


7. Just click 4c9d1840a9.png here.
5619d5a744.png


8. Wait a about a minute.
1b0099c2f4.png


9. New the basic setup is done, you can login by filling in your username (default admin) and password and clicking f5a3ee066b.png.
842db9cb87.png


10. If everything is correct, it should look something like this.
990c059884.png
Link to comment
Share on other sites

Link to post
Share on other sites

2. DHCP Server

The DHCP Server basically makes sure that clients are getting an IP address and the necessary information to use your network and be able to connect to the internet.

1. To access the setting for the DHCP Server, simply go in the menu to Services -> DHCP Server

ad5b18a95c.png

2. Once on the page, there are a few things to do

  • Make sure the DHCP server is enabled
  • Choose the start of the range of which clients will get an IP, if you are not sure what to put here, pick 192.168.1.128.
  • Choose the end of the range of which clients will get an IP, if you are not sure what to put here, pick 192.168.1.191.
  • Fill in the DNS server, most of the times that will be your pfSense itself.
  • Choose your Gateway, again, this is normally your pfSense.
  • If you want, you can put in a Domain name like network.local, but you are free to fill in anything you want.
  • You choose how long pfSense will reserve the IP address for the client, default this is 2 hours.
  • Click on e132ccb546.png.
34d7213708.png
6
Link to comment
Share on other sites

Link to post
Share on other sites

3. Static IP addresses

To add a static IP for a client (for example, if you are hosting gameservers or something simular), you can do this on 2 ways.

  • You can either set it up on the client itself, but this has as disadvantage that you can't just take it to another network, as it will not look for a new IP.
  • Or you can have the DHCP server give our a specific IP address to a client
I will show you how to do it the second way.

1. Go the the DHCP Server page located under Services > DHCP Server.

ad5b18a95c.png

2. Go the bottom of the page and click on 1fce6aff7b.png.

0d1aa66f50.png

3. You'll have to fill in a few things in on this page.

  • The MAC address of the machine that you want to give a static IP.
  • The IP that you want to give it, please not that it's best if this IP does NOT overlap with your DHCP range (see chapter 2).
  • Fill in the hostname of the machine, you can choose freely here.
  • Put in a description, so you can easily see what machine is what.
You can leave the other options empty unless you know what you are doing. To finish, click on e132ccb546.png.

e68bb31e9d.png

4. To see if everything is correct, just scroll down again. You can edit the setting or delete the record by clicking on 237428ca8d.png and 98a84a8972.png respectively.

f5d4b92e55.png
Link to comment
Share on other sites

Link to post
Share on other sites

4. DNS Forwarder

You can use pfSense also as a DNS Forwarder, this means that DNS requests can be send to pfSense and he will forward it to the correct DNS server. It can also add new lookups, for exaple if you have a Plex server and you want to be able to visit it by just typing in plex.network.local instead of the IP.

1. Go the the DNS Forwarder page located under Services > DNS Forwarder.

cb6aa24e8d.png

2. On this page we can see all the settings that we can set for our DNS Forwarder. To make sure the service is running, you should see 2345f80a54.png in the right top corner. If you see fb6ade0595.png, simply click f1a8f91cef.png and it should start.

With the settings, we fill in the following thing

  • Make sure this checkbox is ticked, otherwise, the DNS Forwarder will not work.
  • This checkbox makes it possible for normal clients on your network to get their own DNS address (eg. your laptop with name Laptop will get laptop.network.local).
  • This checkbox will make sure that static mapping (see chapter 3) will also get their DNS address.
  • Here we select on what interface the DNS packages are send, I recommend leaving this on All
  • And at last, click on e132ccb546.png
a73cb72f71.png

3. You can also add extra DNS names to your DNS Forwarder (eg. You have a Plex server and you want to be able to just go to plex.network.local instead of the IP). Go to the bottom of the page. and click on 1fce6aff7b.png

e7a1f83f55.png

4.

  • Fill in the host name
  • Fill in the domain
  • Select the IP of the machine that you want it linked to.
  • Write a proper description.
  • And at last, click on e132ccb546.png
dff8e61fd5.png

5. To finish, simply click on 1f6c22f2a8.png

959619f40f.png
Link to comment
Share on other sites

Link to post
Share on other sites

5. NAT (Port Forwarding)

You can of course also forward ports with pfSense, in this example I will forward the external port 80 to the internal port 32400 on IP 192.168.1.21, This is hand as I only have to soft to my external domain (without port) and will get to my Plex Web interface.

1. Go the the NAT page located under Firewall > NAT.

4e8a21bba1.png

2. Here we can see all the NAT rules that we have already made. To add a new rule, simply click 1fce6aff7b.png.

7afa7a6d70.png

3.

  • Choose the protocol, most of the times this will be either TCP or UDP, you can select either of those, or both.
  • Choose the port range that clients will be able to connect to, if you want a single port, just put in the same number in both fields. If you want to use any of the ones in the list, feel free to select it.
  • Fill in the IP of the server/machine on your internal network. I will be doing my Plex Server which is located on 192.168.1.21.
  • Fill in the receiving port on your server/machine, most of the times this will be the same as the destination port, but this can be different, for example, Plex only runs on port 32400. If you have selected a range before, the number that you will have to fill in is the start of the range.
  • Fill in a logical description, so you know what rule does what.
  • And at last, click on e132ccb546.png.
b5eb9e4009.png

4. To finish, simply click on 1f6c22f2a8.png

7d8d75d12c.png
Link to comment
Share on other sites

Link to post
Share on other sites

6. Dynamic DNS

Dynamic DNS is very handy when you are not getting a static IP from your ISP, this way you can always use the same domain (eg. ssoele.ddns.net) to reach your home, the domain automatically updates when your IP changes.

1. Go the the Dynamic DNS Client page located under Services > Dynamic DNS Client.

e14c2ab94d.png

2. Here we can see all the Dynamic DNS Clients that we have already made. To add a new one, simply click 1fce6aff7b.png.

0970358e68.png

3.

  • Select the service that you are using, I'm going to use No-IP, as a already had an account there.
  • Put in your hostname, this is the full domain name that you made at the No-IP website.
  • Fill in your username.
  • And your password
  • And at last, click on e132ccb546.png.
dff3b0b443.png

4. Back at the overview, you can check if it updates correctly.

1b50054de4.png
Link to comment
Share on other sites

Link to post
Share on other sites

for hardware also recommend this

http://www.pcengines.ch/apu.htm

 

there is a big thread on the pfsesne about it with benches etc

Pcengines will release a version with the newer jaguar soc later  currently its bobcat

If your grave doesn't say "rest in peace" on it You are automatically drafted into the skeleton war.

Link to comment
Share on other sites

Link to post
Share on other sites

for hardware also recommend this

http://www.pcengines.ch/apu.htm

 

there is a big thread on the pfsesne about it with benches etc

Pcengines will release a version with the newer jaguar soc later  currently its bobcat

 

That is exactly the board that I recommend in the hardware chapter.

Link to comment
Share on other sites

Link to post
Share on other sites

That is exactly the board that I recommend in the hardware chapter.

oh i thought it was something else because of the high price

u could get it around  150 euro with an enclosure depending where you are in EU or buy it directly from PCengines for around less

If your grave doesn't say "rest in peace" on it You are automatically drafted into the skeleton war.

Link to comment
Share on other sites

Link to post
Share on other sites

oh i thought it was something else because of the high price

u could get it around  150 euro with an enclosure depending where you are in EU or buy it directly from PCengines for around 110 - 130 euro

They start at around 200 EUR at Varia Store with pfSense pre-installed. I'm using a more expensive model, because it is rack mountable, so easy for me to store it.
Link to comment
Share on other sites

Link to post
Share on other sites

Should be interesting how my old Deskpro EN with a 733MHz PIII will do with this. :D

Main rig on profile

VAULT - File Server

Spoiler

Intel Core i5 11400 w/ Shadow Rock LP, 2x16GB SP GAMING 3200MHz CL16, ASUS PRIME Z590-A, 2x LSI 9211-8i, Fractal Define 7, 256GB Team MP33, 3x 6TB WD Red Pro (general storage), 3x 1TB Seagate Barracuda (dumping ground), 3x 8TB WD White-Label (Plex) (all 3 arrays in their respective Windows Parity storage spaces), Corsair RM750x, Windows 11 Education

Sleeper HP Pavilion A6137C

Spoiler

Intel Core i7 6700K @ 4.4GHz, 4x8GB G.SKILL Ares 1800MHz CL10, ASUS Z170M-E D3, 128GB Team MP33, 1TB Seagate Barracuda, 320GB Samsung Spinpoint (for video capture), MSI GTX 970 100ME, EVGA 650G1, Windows 10 Pro

Mac Mini (Late 2020)

Spoiler

Apple M1, 8GB RAM, 256GB, macOS Sonoma

Consoles: Softmodded 1.4 Xbox w/ 500GB HDD, Xbox 360 Elite 120GB Falcon, XB1X w/2TB MX500, Xbox Series X, PS1 1001, PS2 Slim 70000 w/ FreeMcBoot, PS4 Pro 7015B 1TB (retired), PS5 Digital, Nintendo Switch OLED, Nintendo Wii RVL-001 (black)

Link to comment
Share on other sites

Link to post
Share on other sites

The power cost is probably going to make it a bad choise for hardware. Would most likely be cheaper in the long run to build a J1800/J1900 build.

Link to comment
Share on other sites

Link to post
Share on other sites

The power cost is probably going to make it a bad choise for hardware. Would most likely be cheaper in the long run to build a J1800/J1900 build.

 

The systems based on the APU1C and APU1D4 only consume about 10W, that's about the same as a higher-end router.

Link to comment
Share on other sites

Link to post
Share on other sites

The systems based on the APU1C and APU1D4 only consume about 10W, that's about the same as a higher-end router.

I was thinking about tmcclelland455 :P

Link to comment
Share on other sites

Link to post
Share on other sites

  • 1 month later...

NOOOOOOOOOOOOOOOOOOOOOOO

 

pfSense is BAD!!!!!

How its a all in one router and firewall package if you have something better why not suggest it as a alternative.

Link to comment
Share on other sites

Link to post
Share on other sites

How its a all in one router and firewall package if you have something better why not suggest it as a alternative.

its a inside joke with some forum members, i have had huge unexplainable problems with pfsense.

 

I now use monowall on which pfsense is based

Respect the Code of Conduct!

>> Feel free to join the unofficial LTT teamspeak 3 server TS3.schnitzel.team <<

>>LTT 10TB+ Topic<< | >>FlexRAID Tutorial<<>>LTT Speed wave<< | >>LTT Communies and Servers<<

Link to comment
Share on other sites

Link to post
Share on other sites

  • 9 months later...

Do you think I can run this in Proxmox?

Desktop: i5 4670k, Z97-K, 16GB, MSI GTX 770, Evga 850G2, TT T31

Freenas Server: i3 4170, X10-SLL-F-O, Crucial 16GB UDIMM, 4x4TB WD Red, Evga 550GS, Fractal 804

Peripheral: K60, HyperX Cloud

Mobile: Nexus 6P 

Link to comment
Share on other sites

Link to post
Share on other sites

Most likely yes, but what do you want to accomplish?

Comb it with a brick

Link to comment
Share on other sites

Link to post
Share on other sites

NOOOOOOOOOOOOOOOOOOOOOOO

 

pfSense is BAD!!!!!

well... it isn't that bad for what it costs.

Link to comment
Share on other sites

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×