O'Reilly logo

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Mastering pfSense

Book Description

Master the art of managing, securing, and monitoring your network using the powerful pfSense 2.3

About This Book

  • You can always do more to secure your software – so extend and customize your pfSense firewall
  • Build a high availability security system that’s fault tolerant – and capable of blocking any threats
  • Put the principles of better security into practice – unlock a more stable and reliable firewall

Who This Book Is For

SysAdmins and security pros – get more from the world’s leading firewall with this book. You can always do more to secure your software, so start here.

What You Will Learn

  • Configure pfSense services such as DHCP, Dynamic DNS, captive portal, DNS, NTP and SNMP
  • Set up a managed switch to work with VLANs
  • Use pfSense to allow, block and deny traffic
  • Make use of the traffic shaper to lower and raise the priority of certain types of traffic
  • Set up and connect to a VPN tunnel with pfSense
  • Incorporate redundancy and high availability by utilizing load balancing and the Common Address Redundancy Protocol (CARP)
  • Explore diagnostic tools in pfSense to solve network problems

In Detail

pfSense has the same reliability and stability as even the most popular commercial firewall offerings on the market – but, like the very best open-source software, it doesn’t limit you. You’re in control – you can exploit and customize pfSense around your security needs.

If you’re familiar with pfSense you probably knew that already. This book builds on any knowledge you may already have, and provides you with a clear route to expand your skills and pfSense’s capabilities. You’ll learn how to customize and configure pfSense to construct a firewall that can protect you from any potential security threats. Find out how to set up a VPN, and build a high-availability system that provides redundancy and fault tolerance – essential when security and software performance are so interdependent.

With further guidance on how to use a diverse range of third-party packages – all of which will help you unlock more from pfSense, this book covers everything you need - and more – to get a high-quality, reliable firewall up and running for a fraction of the cost.

Style and approach

Practical and actionable, tackle some advanced functionalities of pfSense with minimum fuss. We know you don’t just want an instruction manual – you want to put the principles of better security into practice. That’s exactly why we produced this book.

Downloading the example code for this book. You can download the example code files for all Packt books you have purchased from your account at http://www.PacktPub.com. If you purchased this book elsewhere, you can visit http://www.PacktPub.com/support and register to have the code file.

Table of Contents

  1. Mastering pfSense
    1. Table of Contents
    2. Mastering pfSense
    3. Credits
    4. About the Author
    5. About the Reviewer
    6. www.PacktPub.com
      1. eBooks, discount offers, and more
        1. Why subscribe?
    7. Preface
      1. What this book covers
      2. What you need for this book
      3. Who this book is for
      4. Conventions
      5. Reader feedback
      6. Customer support
        1. Downloading the color images of this book
        2. Errata
        3. Piracy
        4. Questions
    8. 1. pfSense Essentials
      1. pfSense project overview
      2. Possible deployment scenarios
      3. Hardware requirements and sizing guidelines
        1. Minimum specifications
        2. Hardware sizing guidelines
          1. Using a laptop
      4. Introduction to VLANs and DNS
        1. Introduction to VLANs
        2. Introduction to DNS
      5. The best practices for installation and configuration
        1. Troubleshooting installation
      6. pfSense configuration
        1. Configuration from the console
        2. Configuration from the web GUI
          1. Configuring additional interfaces
          2. General setup options
          3. Advanced setup options
      7. Upgrading, backing up, and restoring pfSense
        1. Backing up and restoring pfSense
        2. Restoring a configuration with Pre-Flight Install
      8. Summary
    9. 2. Advanced pfSense Configuration
      1. DHCP
        1. DHCP configuration at the console
        2. DHCP configuration in the web GUI
        3. DHCPv6 configuration in the web GUI
        4. DHCP relay and DHCPv6 relay
        5. DHCP and DHCPv6 leases
      2. DNS
        1. DNS Resolver
        2. DNS Forwarder
      3. DDNS
        1. DDNS updating
        2. RFC 2136 updating
        3. Troubleshooting DDNS
      4. Captive portal
        1. Implementing captive portal
        2. Troubleshooting captive portal
      5. NTP
        1. NTP configuration
        2. NTP troubleshooting
      6. SNMP
        1. Configuring SNMP
        2. Troubleshooting SNMP
      7. Summary
    10. 3. Working with VLANs
      1. Basic VLAN concepts
        1. An example network
        2. Hardware, configuration, and security considerations
      2. VLAN configuration at the console
      3. VLAN configuration in the web GUI
      4. VLAN configuration at the switch
        1. VLAN configuration example one – TL-SG108E
        2. VLAN configuration example two – Cisco switches
          1. Static VLAN creation
          2. Dynamic Trunking Protocol
          3. VLAN Trunking Protocol
      5. Troubleshooting VLANs
        1. General troubleshooting tips
        2. Verifying switch configuration
        3. Verifying pfSense configuration
        4. Troubleshooting example
      6. Summary
    11. 4. pfSense as a Firewall
      1. An example network
      2. Firewall fundamentals
      3. Firewall best practices
        1. Best practices for ingress filtering
        2. Best practices for egress filtering
      4. Creating and editing firewall rules
        1. Floating rules
        2. An example rule
      5. Scheduling
        1. An example schedule
      6. NAT/port forwarding
        1. Inbound NAT (port forwarding)
        2. 1:1 NAT
        3. Outbound NAT
        4. Network Prefix Translation
        5. An example NAT rule
      7. Aliases
        1. An example alias
      8. Virtual IPs
        1. An example VIP
      9. Troubleshooting
      10. Summary
    12. 5. Traffic Shaping
      1. An example network
      2. Traffic shaping essentials
        1. Queuing policies
      3. Configuring traffic shaping in pfSense
        1. The Multiple LAN/WAN Configuration wizard
        2. The Dedicated Links wizard
        3. Advanced traffic shaping configuration
          1. Changes to queues
          2. Limiters
            1. An example limiter
          3. Layer 7 traffic shaping
          4. Changes to rules
            1. Example rule changes/rule creation
      4. Traffic shaping examples
        1. Example #1 – adding limiters
        2. Example #2 – prioritizing Skype
        3. Example #3 – penalizing P2P traffic
      5. Troubleshooting traffic shaping
      6. Summary
    13. 6. Virtual Private Networks
      1. VPN fundamentals
        1. IPsec
        2. L2TP
        3. OpenVPN
        4. Choosing a VPN protocol
      2. Configuring a VPN tunnel
        1. IPsec configuration
          1. IPsec peer/server configuration
          2. IPsec mobile client configuration
          3. Client configuration
            1. IPsec configuration using the ShrewSoft VPN Client
            2. IPsec configuration using vpnc
        2. L2TP configuration
        3. OpenVPN configuration
          1. OpenVPN server configuration
          2. Server configuration with the wizard
            1. LDAP configuration with the wizard
            2. RADIUS configuration with the wizard
          3. OpenVPN client configuration
          4. Client-specific overrides
          5. OpenVPN Client Export Utility
      3. Troubleshooting VPN connections
      4. Summary
    14. 7. Redundancy and High Availability
      1. An example network
      2. Basic concepts
      3. Load balancing configuration
        1. Gateway load balancing
          1. Load balancing outbound traffic with aliases
        2. Server load balancing
      4. CARP configuration
        1. CARP with firewall failover
        2. Multi-WAN with CARP
      5. An example configuration – load balancing and CARP
      6. Troubleshooting load balancing and CARP
      7. Summary
    15. 8. Routing and Bridging
      1. Basic concepts
        1. Bridging
        2. Routing
      2. Routing with pfSense
        1. Static routes
        2. Public IP addresses behind a firewall
        3. Dynamic routing
          1. RIP
          2. OpenBGPD
          3. Quagga OSPF
        4. Policy routing
      3. Bridging with pfSense
        1. Bridging interfaces
        2. Special issues
        3. Bridging example
      4. Troubleshooting routing and bridging
      5. Summary
    16. 9. Extending pfSense with Packages
      1. Basic considerations
      2. Installing packages
      3. Popular packages
        1. Squid
          1. Issues with Squid
          2. Squid as a reverse proxy server
        2. SquidGuard
        3. LightSquid
        4. pfBlockerNG
        5. ntopng
        6. Nmap
      4. Other packages
        1. Snort
        2. Suricata
        3. HAProxy
      5. Summary
    17. 10. Troubleshooting pfSense
      1. Troubleshooting basics
        1. Common networking problems
          1. Wrong subnet mask or gateway
          2. Wrong DNS configuration
          3. Duplicate IP addresses
          4. Network loops
          5. Routing issues
          6. Port configuration
          7. Black holes
          8. Physical issues
      2. pfSense troubleshooting tools
        1. System logs
        2. Dashboard
        3. Interfaces
        4. Services
        5. Monitoring
        6. Traffic graphs
        7. Firewall states
          1. States
          2. States summary
          3. pfTop
        8. tcpdump
        9. tcpflow
        10. ping, traceroute, and netstat
          1. ping
          2. traceroute
          3. netstat
      3. Troubleshooting scenarios
        1. User cannot connect to a website
        2. VLAN configuration problem
      4. Summary
    18. Index