PFSense – An Awesome Firewall – Part 1

As promised here is a quick write up on pfSense. In this first of a two piece article, I will do a quick overview of the product, the installation, and some final thoughts on the product.

To begin, I’ll do a quick overview. pfSense was started in 2004 as a split from the Monowall project (another popular firewall distro). Basically, in short, the fellas that started pfSense wanted a great firewall without the limitations of being a ram only/embedded solution (Monowall). Personally, I’ve used both products and find pfSense to be a much better platform overall (no offense to the Monowall project; it’s just a preference that I’m basing that on). If you want more history on the project, head over here. The project is based on two other products; pf and freebsd. If you’re reading this blog, you probably don’t need an introduction to either one of those products.

Now that we got that out of the way, let’s go over how simple the product is. I’ll do this, by doing a quick installation on a vmware virtual machine (I love vmware and virtualization in general; it’s nice to be able to do this stuff without having to get actual hardware other then a vm server). There are basically two ways to run pfSense; you can boot from the cd which will load a live image, completely functional and ready to go or you can boot from the cd and do the install of the OS to the drive. I’ll be doing the later since most of my installations require the ability to sustain a reboot/power outage and not lose the config. For this demo, I’ll be using pfSense 2.0, RC1.

My virtual machine build is very simple; just a single proc, 2gb of ram and a whopping 4gb drive (not too different from how I build them with hardware). Your mileage may vary depending on what packages you install, the logging you wish to keep, etc:

 

 

 

 

 

 

 

 

The installation of pfSense is very simple. Just download the image from any pfSense mirror, burn it and boot from it. The initial boot goes very quickly and loads some drives into ram and presents a boot menu to you:

After you press enter (for most, the option 1 will do fine to boot and get the install running) you’ll see some text scroll by and eventually be presented with the option to continue booting or do the install to the hard drive. For this demo, I’m doing the hard drive install:

 

 

 

 

 

 

 

 

 

Unless you have some really funky hardware, you can accept the defaults and move on:

Again, if you have really funky hardware or something custom you want to do, you can select from the other options in this install type menu but basically the quick/easy install is the way to go:

Read the warning because you are about to erase your hard drive (you’ve been warned):

And that’s it, you’re involvement for the installation is basically one more option for the processor count (multi or single) and then you finally get the last menu, reboot:

Go ahead and reboot and wait for the next set of configuration options. The next set of configuration is to simply get the box up and running to the point where you can login and do the configs from the web gui. The first question is about vlans. If you don’t need them and/or not going to use them (I rarely do), then go ahead and select no:

The next step is to configure your interfaces for their purpose. For example, I have two nics for this demo; one will be public (internet facing) and one will be private (lan facing). The interfaces are em0 and em1. I try to keep it simple, so em0 is the wan and em1 is the lan. You can auto detect them if you want but if you know what your interfaces are (usually it goes onboad = first interfaces, then by pci slot numerically) I would recommend saving yourself some time and labeling them yourself:

Confirm your decision:

And that’s it! You are now at the CUI menu.

For me, I have allowed the WAN to have dhcp (which would be typical in most home based ISP configs) and then my LAN I have assigned. The LAN ip is important because that is where you will access the web GUI. Once you have your LAN ip assigned, just open up your favorite web browser and go to the ip and you should see your pfsense landing page:

 

 

 

 

 

 

 

 

 

Login with the default login of admin/pfsense and you will get the landing page:

And with that I will bring this entry to an end. The next entry will cover some configurations I’ve done with pfsense, some features/functions I use and how I’ve used pfsense to date.

Overall, I am very pleased with this project. It’s been a great asset to me and the companies I’ve used it at and even though there are little curves here and there (what product/project doesn’t have curves), I have found that pfsense is an excellent product for projects of all sizes. I’ve used it for little SOHO offices and in DMZ environments for large companies looking to do pen testing. Give it a try and stay tune in for the next part in this series! Thanks for reading!

About Matthew

I'm the owner of impromptu-it, an IT engineer and enthusiast!
This entry was posted in security. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *