pfSense Configuration: A Scrounger’s Guide (Part Three)

pfSense configuration

The General Information page in the pfSense setup wizard.

In the last article, we covered selection and installation of hardware for our new pfSense system, as well as the installation and initial pfSense configuration. In this article, we will continue with pfSense configuration.

At this point, I connected the WAN interface to the cable modem. On the LAN side, I decided to connect the LAN interface to an Asus RT-N12 router running in WAP (wireless access point) mode. pfSense would act as a DHCP server and would be responsible for routing, while the RT-N12’s job would be to enable wireless devices to connect to the network.

pfSense Configuration: The Setup Wizard

Now I could complete pfSense configuration by accessing the web configurator via the pfSense box’s LAN IP address (in this case, 192.168.2.1). I typed the address into a web browser tab, specified the default admin password (pfsense), and began. When accessing the web GUI for the first time, you will be presented with a wizard which will guide you through the initial configuration.

The first pfSense configuration screen (after clicking on the first “Next” button) is the “General Information” settings. Here, you can specify a hostname and domain name. You can also specify the primary and secondary DNS servers; you can use your ISP’s DNS servers or other DNS servers. The last setting on this page is the “Allow DNS servers to be overridden by DHCP/PPP on WAN”, which causes pfSense to use the DNS servers specified by your ISP rather than the ones you specify here. You can usually leave this checked, but if you have a setup that requires pfSense to use a specific DNS server, then you want to make sure it is not checked. I could not think of any reason it would be a problem, so I left it checked.


On the next screen, you can enter the time server hostname and the timezone. I left the time server hostname set to the default, and set the timezone to US/Eastern, and clicked on “Next“. The next screen allows you to set the admin password. You will want to change the password from the default, so here we enter a new password (twice).

pfSense configuration

The pfSense dashboard.

That brings us to the end of the setup wizard. Clicking on “Next” will bring up the pfSense dashboard for the first time. As you can see, we now have a system running the current (as of this writing) version of pfSense on an Intel Pentium III. My current network activity doesn’t come close to taxing the system. Moreover, I have plenty of disk space, so if I want to install additional packages like Squid, SquidGuard or nmap, I should be able to do so.

By now, all I needed to do to have a more or less functional pfSense system was to add NAT entries for ports I need to have forwarded. Fortunately, pfSense makes it easy to set up port forwarding (if you leave “Filter rule association” set to the default of “Add associated filter rule”, each NAT entry you add will have a corresponding rule). It took about ten minutes to add my NAT entries (I only had six), and I was done.

In this series, we have demonstrated that the process of repurposing an obsolete computer into an epic pfSense firewall is not that difficult or even time-consuming. Hopefully, if you have been considering undertaking such a project, this will inspire you to do so.

What’s next? First, I want to install some additional packages, such as Squid and SquidGuard. In addition, I still have pfSense on a Neoware thin client, so I am considering setting up a CARP (Common Address Redundancy Protocol) redundancy group in which the Neoware box would act as a backup firewall. This would prevent me from setting up a DMZ on the OPT1 interface, however, since CARP requires a dedicated SYNC interface on each system. This seems like a worthwhile project, however, and if I undertake it, I will be sure to blog about it.


External Links:

Installing pfSense at doc.pfsense.org

Be Sociable, Share!

Speak Your Mind

*

© 2013 David Zientara. All rights reserved. Privacy Policy