Linux Format

Firewalls pfSense

Afnan Rehman shows how easy it is to build your own router and firewall system with this open source software.

-

Afnan Rehman demonstrat­es that building your own router and firewall system has never been this easy.

Have you ever wanted to build your own router without going through the hassles of creating your own iptables and network rules from scratch (the way we have to on page 84)? It’s possible to get the functional­ity and performanc­e you’re looking for without putting in as much work. The solution is pfSense, the open source network firewall/router software distro based on the FreeBSD OS. pfSense is used in many different applicatio­ns from home routers to business solutions and is well regarded in the community for its reliabilit­y and versatilit­y.

Assuming you have the hardware for it, which is quite modest by any standards, pfSense can be installed on any computer and managed from a web interface on a separate client device on the same network. All you need is any processor better than a Pentium 2, 256MB or more RAM, and at least 1GB of disk space, as well as at least two Ethernet ports, one for WAN and the other for LAN.

Once your hardware is ready to go, head over to the pfSense download page at www.pfsense.org/download and select your architectu­re. If you’re using any fairly modern computer, you’ll likely be best served choosing the AMD64 architectu­re. Cick the download button and select the latest stable version to download. Once you have the file, we recommend installing via a USB hard disk, although a CD would work just as well, provided your router PC has access to an optical disk drive. You can burn the installer to the disk if using a CD or write the image to the USB drive using a tool such as Rufus from Windows, or the dd command to write from a Mac OS X or Linux computer.

Once the write is complete, you are ready to install pfSense on your router. Plug in your chosen installati­on media and boot from it using the boot menu on your router PC. You will be greeted with a text-only screen showing several setup options with a countdown timer. Press ‘I’ on your keyboard to initiate the installer. Once you are in the installer, you will be given some options for tasks that can be performed by this software. For most people, it is fine to choose the “Quick/Easy Install” option, which will assume that the first located disk is the intended installati­on target. If you only have one hard disk installed in the router system, this will pose no issues. However, if there are multiple storage devices, we recommend using the “Custom Install” option to ensure that pfSense is installed to the correct disk. Next, the installer will ask if you are happy to proceed with the changes. There is no going back so if there is any data currently on the target disk be sure it is not something you will miss. Once you have given the OK to the installer, it will proceed to wipe the disk and install pfSense, which will take some time. This would be the perfect time for a tea break.

Once the installati­on is complete, the installer will ask you to choose between a standard kernel and an embedded

kernel. Unless you really know what you are doing, we recommend going with the standard kernel, allowing for a VGA console. Next you will be asked to reboot.

Once you’ve rebooted, you will once again get the boot timer and you will get a screen showing the available interfaces to configure a network. For your router, you will see a number of interfaces correspond­ing to the number of Ethernet ports available to your system. Recall from earlier that you will need at least two.

Questions, questions

The first question you will be asked is if you wish to set up VLANs. VLANs are Virtual Local Area Networks, and most home users do not use them. They can be beneficial in cases where you wish to separate broadcast domains, or isolate traffic for security reasons. This is typically used in large office spaces and the like. For now, unless you know you need this, press ‘N’ to refuse setup of VLANs.

The two default interfaces are em0 and em1. We typically like to assign em0 as the WAN (which is incoming traffic from the internet) and em1 as the LAN interface (going out to your local network of devices). Type those into their respective areas when prompted. You will also be prompted to enter an optional interface name, which is not necessary so you can skip that by pressing the Enter key. The software will then ask you to confirm the settings for the LAN and WAN interfaces. Make sure they are correct then press ‘Y’ to proceed. The operating system will then assign the interfaces and display their IP addresses along with several options and a prompt to choose an option. The IP address of the WAN will usually be assigned through DHCP from your internet service provider. The LAN IP address will default to 192.168.1.1. This can be changed by selecting option 2 to set the IP address of each interface. If you wish to use DHCP for the clients on your local network, you can also set an acceptable range of IP addresses using option 2 as well. Select the second option from the main menu and then select the LAN interface.

Under the option that asks for the new LAN IPv4 bit count, enter a number correspond­ing to the subnet mask you wish to use using the table above the prompt. For most home users, this will be 24. Then when asked if you want to enable the DHCP server on LAN, type ‘Y’ and enter the start and end addresses for the client address range you wish to set. Ensure this range encompasse­s all devices that need an IP address on your network, and allow some room for growth.

Once you are done setting this up, you will be given a link to access the web configurat­or from a client device on the same network. Use this link to log into the web configurat­or. At this point, you will most likely not need to access the console directly from the router, and can access everything needed through the web configurat­or.

On your client computer, the web address should enter you to a login screen. By default, the username and password are “admin” and “pfsense”, respective­ly. Once you log in for the first time a setup window will guide you through the initial configurat­ion of pfSense, including entry of a domain and hostname, DNS servers, time zones, and all of that. You will also get an opportunit­y to configure WAN and LAN interfaces and after doing so, will be prompted to change the admin username and password. We strongly recommend you take this opportunit­y to set a strong password to avoid your network being compromise­d.

Once you complete the setup, the system will reload, applying your changes and rebooting the system. Once the reload process is finished you will be met with a congratula­tory message and access to the pfSense web configurat­or GUI dashboard. From this GUI you can pursue the addition of various advanced settings such as MAC filtering, VPN setup, and firewall settings which you can customise to your liking.

Congratula­tions! You’ve set up your very own pfSense router, which should now be up and running for everyday use around your home network. Feel free to jump from here to more complex things such as adding advanced configurat­ion to your pfSense system, or even building your own router from scratch. The possibilit­ies are endless!

?? ?? You see? Easy.
You see? Easy.
?? ?? Once you install pfSense and reboot the computer, ensuring that you removed the installati­on media, the software will boot to a menu showing network interfaces and options for them.
Once you install pfSense and reboot the computer, ensuring that you removed the installati­on media, the software will boot to a menu showing network interfaces and options for them.
?? ?? During initial installati­on, you will be taken through a relatively simple menu system. Simply follow the prompts and installati­on should proceed smoothly.
During initial installati­on, you will be taken through a relatively simple menu system. Simply follow the prompts and installati­on should proceed smoothly.

Newspapers in English

Newspapers from Australia