pfSense is an open source routing and firewall software that is based on the FreeBSD distribution. The basic features including:
|pfSense Home Topology|
- Static/default/dynamic routing
- Stateful firewall
- Network Address Translation (NAT)
- Virtual Private Networks (VPN)
- Dynamic Host Configuration Protocol (DHCP)
- Domain Name System (DNS)
- Load balancing and so on.
With many supported add-on packages, other advanced features including:
- Snort (for Intrusion Detection and Prevention)
- FreeSWITCH (Voice over IP)
- Squid (Proxy)
- SquidGuard (URL Filtering/HTTPS inspection)
- Darkstat (Network Traffic Monitor)
Here is my home pfSense firewall topology and configuration with screenshots and YouTube videos.
1. Topology and Installation
pfSense Installation YouTube Video:
2. Configuration Screenshots
2.1 Log into pfSense and Dashboard shows
2.2 System – General Setup
2.3 System – Package Manager
I have following packages installed:
- Cron: The cron utility is used to manage commands on a schedule.
- Lightsquid: LightSquid is a high performance web proxy reporting tool. Includes proxy realtime statistics (SQStat). Requires Squid package.
- Open-VM-Tools: VMware Tools is a suite of utilities that enhances the performance of the virtual machine’s guest operating system.
- Squid:High performance web proxy cache (3.5 branch). It combines Squid as a proxy server with its capabilities of acting as a HTTP / HTTPS reverse proxy.
- squidGuard: High performance web proxy URL filter.
2.5 Firewall Rules
There are some NAT settings, but all are default.
2.6 Services – Cron
I have set up a daily restart task for my pfSense.
2.7 Services – Squid Proxy Server
2.8 SquidGuard Proxy Filter
2.9 Squid Proxy Reports
Notes: If in the status report, it only shows IP name, here is a solution I found online:
In an environment were pfSense is the only DNS server internally I have configured pfSense to look to itself first. This is what my config looks like.
- Disable DNS resolver
- Services | DNS Forwarder
check – Enable DNS forwarder
check – Register DHCP leases in DNS forwarder
check – Register DHCP static mappings in DNS forwarder
- System | General Setup | DNS Servers
1st DNS Server – 127.0.0.1
2nd DNS Server – 220.127.116.11
3rd DNS server – 18.104.22.168
4th DNS server – 22.214.171.124
uncheck – Allow DNS server list to be overridden by DHCP/PPP on WAN
Related YouTube Videos: