mirror of
https://github.com/LCTT/TranslateProject.git
synced 2024-12-26 21:30:55 +08:00
266 lines
11 KiB
Markdown
266 lines
11 KiB
Markdown
How to Setup Pfsense Firewall and Basic Configuration
|
|
================================================================================
|
|
In this article our focus is Pfsense setup, basic configuration and overview of features available in the security distribution of FreeBSD. In this tutorial we will run network wizard for basic setting of firewall and detailed overview of services. After the [installation process][1] following snapshot shows the IP addresses of WAN/LAN and different options for the management of Pfsense firewall.
|
|
|
|
|
|
|
|
After setup , following window appear which shows the url for configuration of Pfsense.
|
|
|
|
|
|
|
|
Open above given URL in the browser and login with username **admin** and password **pfsense**
|
|
|
|
|
|
|
|
After successful login, following wizard appears for the basic setting of Pfsense firewall. However setup wizard option can be bypassed and user can run it from the **System** menu from the web interface.
|
|
|
|
Click on the **Next** button to start basic configuration process on Pfsense firewall.
|
|
|
|
|
|
|
|
Setting hostname, domain and DNS addresses is shown in the following figure.
|
|
|
|
|
|
|
|
Setting time zone is shown in the below given snapshot.
|
|
|
|
|
|
|
|
Next window shows setting for the WAN interface. By defaults Pfsense firewall block bogus and private networks.
|
|
|
|
|
|
|
|
Setting LAN IP address which is used to access the Pfsense web interface for further configuration.
|
|
|
|
|
|
|
|
By default password for web interface is "pfsense". Enter new password for admin user on the following window to access the web interface for further configuration.
|
|
|
|
|
|
|
|
Click on the "reload" button which is shown below. It applies the setting and redirect firewall user to main dashboard of Pfsense.
|
|
|
|
 and status of ethernet/wireless interfaces etc.
|
|
|
|
|
|
|
|
### Menu detail ###
|
|
|
|
PFsense consist of System, interfaces, firewall,services,vpn,status,diagnostics and help menus.
|
|
|
|
|
|
|
|
### System Menu ###
|
|
|
|
Sub menus of **System** is given below.
|
|
|
|
|
|
|
|
In the **Advanced** sub menu user can perform following operations.
|
|
|
|
1. Configuration of web interface
|
|
1. Firewall/Nat setting
|
|
1. Networking setting
|
|
1. System tuneables setting
|
|
1. Notification setting
|
|
|
|
|
|
|
|
In the **Cert manager** sub menu, firewall administrator generates certificates for CA and users.
|
|
|
|
|
|
|
|
In the **Firmware** sub menu, user can update Pfsense firmware manually/automatically. User can take full backup of Pfsense configurations.
|
|
|
|
|
|
|
|
In the **General Setup** sub menu, user can change basic setting such as hostname and domain etc.
|
|
|
|
|
|
|
|
As menu title indicates, user can enable/disable high availability feature from this sub menu.
|
|
|
|
|
|
|
|
Packages sub menu provides package manager facility in the web interface for Pfsense .
|
|
|
|
|
|
|
|
User can perform gateway and route management using **Routing** sub menu.
|
|
|
|
|
|
|
|
**Setup Wizard** sub menu opens following window which start basic configuration of Pfsense.
|
|
|
|
|
|
|
|
Management of user can be done from the **User manager** sub menu.
|
|
|
|
|
|
|
|
### Interfaces Menu ###
|
|
|
|
This menu is used for the assignment of interfaces (LAN/WAN), VLAN setting,wireless and GRE configuration etc.
|
|
|
|
|
|
|
|
### Firewall Menu ###
|
|
|
|
Firewall is the main and core part of Pfsense distribution and it provides following features.
|
|
|
|
|
|
|
|
**Aliases**
|
|
|
|
Aliases are defined for real hosts, networks or ports and they can be used to minimize the number of changes.
|
|
|
|
|
|
|
|
**NAT (Network Address Translation)**
|
|
|
|
NAT binds a specific internal address to a specific external address. Incoming traffic from the Internet to the specified IP will be directed toward the associated internal IP.
|
|
|
|
|
|
|
|
**Firewall Rules**
|
|
|
|
Firewall rules control what traffic is allowed to enter an interface on the firewall. After traffic is passed on the interface, it enters an entry in the state table is created.
|
|
|
|
|
|
|
|
**Schedules**
|
|
|
|
Firewall rules can be scheduled so that they are only active at certain times of day or on certain specific days or days of the week.
|
|
|
|
|
|
|
|
**Traffic Shaper**
|
|
|
|
Traffic shaping is the control of computer network traffic in order to optimize performance and lower latency.
|
|
|
|
|
|
|
|
**Virtual IPs**
|
|
|
|
Virtual IPs add knowledge of additional IP addresses to the firewall that are different from the firewall's real interface addresses.
|
|
|
|
|
|
|
|
### Services Menu ###
|
|
|
|
Services menu shows services which are provided by the Pfsense distribution along firewall.
|
|
|
|
|
|
|
|
New program/software installed for some specific service is also shown in this menu such as snort. By default following services are listed in services menu.
|
|
|
|
**Captive portal**
|
|
|
|
The captive portal functionality in Pfsense allows securing a network by requiring a username and password entered on a portal page.
|
|
|
|
|
|
|
|
**DHCP Relay**
|
|
|
|
The DHCP Relay daemon will relay DHCP requests between broadcast domains for IPv4 DHCP.
|
|
|
|
|
|
|
|
**DHCP Server**
|
|
|
|
User can run DHCP service on the firewall for the network devices.
|
|
|
|
|
|
|
|
**DNS Forwarder/Resolver/Dynamic DNS**
|
|
|
|
DNS different services can be configured on the Pfsense firewall.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
**IGMP Proxy**
|
|
|
|
User can configure IGMP on the Pfsense firewall from services menu.
|
|
|
|
|
|
|
|
**Load Balancer**
|
|
|
|
Load Balancing is one of the important feature which is also supported by the Pfsense firewall.
|
|
|
|
|
|
|
|
**SNMP (Simple Network Management Protocol)**
|
|
|
|
Pfsense supports all versions of snmp for remote management of firewall.
|
|
|
|
|
|
|
|
**Wake on Lan**
|
|
|
|
Using this feature packet sent to a workstation on a locally connected network which will power on a workstation.
|
|
|
|
|
|
|
|
### VPN Menu ###
|
|
|
|
It is one of the most important feature of Pfsense. Its supports following types of vpn configuration.
|
|
|
|
**VPN IPsec**
|
|
|
|
IPsec is a standard for providing security to IP protocols via encryption and/or authentication.
|
|
|
|
|
|
|
|
**L2TP IPsec**
|
|
|
|
L2TP/IPsec is a common VPN type that wraps L2TP, an insecure tunneling protocol, inside a secure channel built using transport mode IPsec.
|
|
|
|
|
|
|
|
**OpenVPN**
|
|
|
|
OpenVPN is an Open Source VPN server and client that is supported on pfSense.
|
|
|
|
|
|
|
|
**Status Menu**
|
|
|
|
It shows the status of services provided by Pfsense such as dhcp server, ipsec and load balancer etc.
|
|
|
|
|
|
|
|
**Diagnostic Menu**
|
|
|
|
This menu helps administrator/user for the rectification of Pfsense issues or problems.
|
|
|
|
|
|
|
|
**Help Menu**
|
|
|
|
This menu provides links for different useful resources such as FreeBSD handbook,developer wiki, paid support and pfsense book.
|
|
|
|
|
|
|
|
### Conclusion ###
|
|
|
|
In this article our focus was on the basic configuration and features set of Pfsense distribution. It is based on FreeBSD distribution and widely used due to security and stability features. In our future articles on Pfsense, our focus will be on the basic firewall rules setting, snort (IDS/IPS) and IPSEC VPN configuration.
|
|
|
|
--------------------------------------------------------------------------------
|
|
|
|
via: http://linoxide.com/firewall/pfsense-setup-basic-configuration/
|
|
|
|
作者:[nido][a]
|
|
译者:[译者ID](https://github.com/译者ID)
|
|
校对:[校对者ID](https://github.com/校对者ID)
|
|
|
|
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
|
|
|
|
[a]:http://linoxide.com/author/naveeda/
|
|
[1]:http://linoxide.com/firewall/install-pfsense-firewall/ |