pfSense 2 Cookbook

Book description

This book is unique in its coverage of all the features of pfSense, empowering you to exploit the firewall's full potential. With clear instructions and detailed screenshots, it helps you configure even the most advanced features.

  • Harness the power of pfSense's core functionality
  • Get under the hood to see how pfSense performs load balancing and failover
  • Detailed examples of interfaces, firewall rules, NAT port-forwarding, VPN services, and much, much more!
  • Full of illustrations, diagrams, and tips for making the most of any pfSense implementation using clear step-by-step instructions for relevant and practical examples

In Detail

pfSense is an open source distribution of FreeBSD-based firewall that provides a platform for flexible and powerful routing and firewalling. The versatility of pfSense presents us with a wide array of configuration options, which makes determining requirements a little more difficult and a lot more important, compared to other offerings. Through this book you will see that pfSense offers numerous alternatives to fit any environment's security needs.

pfSense 2.0 Cookbook is the first and only book to explore all the features of pfSense, including those released in the latest 2.0 version. With the help of step-by-step instructions and detailed screenshots of the pfSense interface you will be able to configure every general and advanced feature from creating a firewall rule to configuring multi-WAN failover. Each recipe includes tips and offers advice on variations of the topic or references to other related recipes and additional information that can be found from other sources.

pfSense 2.0 Cookbook covers the gamut of available features and functionality. The first three chapters will take you from a non-existent system to a basic pfSense firewall. The next chapter focuses on configuring any number of the VPN services available, a very important and sought-after feature for anyone implementing a firewall. The following two chapters describe how to configure the most advanced features available in pfSense; features that may only be relevant to the most experienced network admins. Chapter 7 is dedicated to understanding and configuring the "grab-bag" of features that are available in pfSense, but are often stand-alone options and unrelated to each other. The first appendix explains how to use the status monitoring tools available for many of the features. The second appendix wraps up with helping you to decide how and where pfSense may be incorporated into your system and what type of hardware is required based on your throughput needs.

Over 70 simple but incredibly effective recipes for taking control of pfSense

Table of contents

  1. pfSense 2 Cookbook
    1. Table of Contents
    2. pfSense 2 Cookbook
    3. Credits
    4. About the Author
    5. About the Reviewers
    6. www.PacktPub.com
          1. Support files, eBooks, discount offers and more
            1. Why Subscribe?
            2. Free Access for Packt account holders
            3. Instant Updates on New Packt Books
    7. Preface
      1. What this book covers
      2. What you need for this book
      3. Who this book is for
      4. Conventions
      5. Reader feedback
      6. Customer support
        1. Errata
        2. Piracy
        3. Questions
    8. 1. Initial Configuration
      1. Introduction
      2. Applying basic settings in General Setup
        1. Getting ready
        2. How to do it...
        3. See also
      3. Identifying and assigning interfaces
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. There's more...
        5. See also
      4. Configuring the WAN interface
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. There's more...
        5. See also
      5. Configuring the LAN interface
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. There's more...
        5. See also
      6. Configuring optional interfaces
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. There's more...
        5. See also
      7. Enabling the Secure Shell (SSH)
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. There's more...
        5. See also
      8. Generating authorized RSA keys
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. There's more...
        5. See also
      9. Configuring SSH RSA key authentication
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. There's more...
        5. See also
      10. Accessing the Secure Shell (SSH)
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. See also
    9. 2. Essential Services
      1. Introduction
      2. Configuring the DHCP server
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. There’s more...
          1. Deny Unknown Clients
          2. DNS Servers
          3. Gateway
          4. Domain Name
          5. Default Lease Time
          6. Maximum Lease Time
          7. Failover Peer IP
          8. Static ARP
          9. Dynamic DNS
          10. Additional BOOTP/DHCP Options
        5. See also
      3. Creating static DHCP mappings
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. There’s more...
        5. See also
      4. Configuring the DHCP relay
        1. Getting ready
        2. How to do it...
        3. How it works...
          1. Append Circuit ID and Agent ID to Requests
          2. Relay requests to the WAN DHCP server
        4. See also
      5. Specifying alternate DNS servers
        1. Getting ready
        2. How to do it...
        3. How it works...
          1. Using the DNS Forwarder
          2. Using your WAN DNS servers
        4. See also
      6. Configuring the DNS Forwarder
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. See also
      7. Configuring a standalone DHCP/DNS server
        1. How to do it...
        2. How it works...
          1. Register DHCP Leases in DNS Forwarder
        3. See also
      8. Configuring dynamic DNS
        1. Getting ready
        2. How to do it...
        3. How it works...
          1. Pre-configured service types (dynamic DNS providers)
          2. Specifying an alternative service using RFC 2136
    10. 3. General Configuration
      1. Introduction
      2. Creating an alias
        1. How to do it...
        2. How it works...
        3. There's more...
          1. Host alias
          2. Network alias
          3. Port alias
          4. OpenVPN Users alias
          5. URL alias
          6. URL Table alias
          7. Using an alias
          8. Editing an alias
          9. Deleting an alias:
          10. Bulk-importing aliases
        4. See also
      3. Creating a NAT port forward rule
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. There's more...
          1. Port redirection
        5. See also
      4. Creating a firewall rule
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. There's more...
          1. We rarely know the source port!
          2. Ordering firewall rules
          3. Duplicating a firewall rule
          4. Advanced features
        5. See also
      5. Creating a schedule
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. There's more...
          1. Selecting days or days of the week
        5. See also
      6. Remote desktop access, a complete example
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. There's more...
        5. See also
    11. 4. Virtual Private Networking
      1. Introduction
      2. Creating an IPsec VPN tunnel
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. See also
      3. Configuring the L2TP VPN service
        1. Getting ready
        2. How to do it...
        3. How it works...
          1. Connecting from a Windows 7 client
          2. See also
        4. Configuring the OpenVPN service
          1. How to do it...
          2. How it works...
            1. Encryption algorithms
            2. OpenVPN Client Export
          3. See also
        5. Configuring the PPTP VPN service
          1. How to do it...
          2. How it works...
            1. Connecting from a Windows 7 client
            2. Connecting from a Ubuntu 10.10 client
            3. Connect from an Apple Mac OSx Client
          3. See also
    12. 5. Advanced Configuration
      1. Introduction
      2. Creating a virtual IP
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. There's more...
          1. Configuring a CARP virtual IP address
          2. Configuring a Proxy ARP virtual IP address
          3. Configuring an IP alias virtual IP address
        5. See also
      3. Configuring a 1:1 NAT rule
        1. How to do it...
        2. How it works...
        3. There's more...
        4. See also
      4. Creating an outbound NAT rule
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. See also
      5. Creating a gateway
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. There's more...
          1. Gateway Groups
        5. See also
      6. Creating a static route
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. See also
      7. Configuring traffic-shaping (QoS, Quality of Service)
        1. Getting ready
        2. How to do it...
        3. How it works...
      8. Bridging interfaces
        1. How to do it...
        2. How it works...
        3. There's more...
        4. See also
      9. Creating a virtual LAN
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. See also
      10. Creating a captive portal
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. There's more...
    13. 6. Redundancy, Load Balancing, and Failover
      1. Introduction
      2. Configuring multiple WAN interfaces
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. There's more...
        5. See also
      3. Configuring multi-WAN load balancing
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. There's more...
        5. See also
      4. Configuring multi-WAN failover
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. There's more...
        5. See also
      5. Configuring a web server load balancer
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. There's more
        5. See also
      6. Configuring a web server failover
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. See also
      7. Configuring CARP firewall failover
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. See also
    14. 7. Services and Maintenance
      1. Introduction
      2. Enabling OLSR
        1. How to do it...
        2. How it works...
        3. There's more...
      3. Enabling PPPoE
        1. How to do it...
        2. How it works...
      4. Enabling RIP
        1. How to do it...
        2. How it works...
      5. Enabling SNMP
        1. How to do it...
        2. How it works...
        3. There's more...
        4. See also
      6. Enabling UPnP and NAT-PMP
        1. How to do it...
        2. How it works...
        3. There's more...
          1. Security warning
        4. See also
      7. Enabling OpenNTPD
        1. How to do it...
        2. How it works...
        3. See also
      8. Enabling Wake On LAN (WOL)
        1. How to do it...
        2. How it works...
        3. There's more...
          1. Wake All
        4. See also
      9. Enabling external logging (syslog server)
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. There's more...
        5. See also
      10. Using ping
        1. How to do it...
        2. How it works...
        3. See also
      11. Using traceroute
        1. How to do it...
        2. How it works...
        3. See also
      12. Backing up the configuration file
        1. Getting ready...
        2. How to do it...
        3. How it works...
        4. There's more...
          1. Backup areas
        5. See also
      13. Restoring the configuration file
        1. Getting ready...
        2. How to do it...
        3. How it works...
        4. There's more...
          1. Restore areas
        5. See also
      14. Configuring automatic configuration file backup
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. There's more...
        5. See also
      15. Updating pfSense firmware
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. There's more...
          1. Upgrade in progress
          2. System Dashboard shortcut
        5. See also
    15. A. Monitoring and Logging
      1. Introduction
      2. Customizing the Status Dashboard
        1. How to do it...
        2. How it works...
        3. There's more...
      3. Monitoring current traffic
        1. How to do it...
        2. How it works...
        3. See also
      4. Configuring SMTP e-mail notifications
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. There's more...
      5. Viewing system logs
        1. How to do it...
        2. How it works...
        3. There's more...
          1. Firewall log: Normal View
          2. Firewall log: Dynamic View
          3. Firewall log: Summary View
        4. See also
      6. Configuring an external syslog server
        1. Getting ready
        2. How to do it...
        3. How it works...
          1. Running a syslog service in Linux/Mac OS
          2. Running a syslog service in Windows
        4. See also
      7. Viewing RRD graphs
        1. How to do it...
        2. How it works...
          1. System
          2. Traffic
          3. Packets
          4. Quality
          5. VPN
          6. Custom
        3. See also
      8. Viewing DHCP leases
        1. How to do it...
        2. How it works...
          1. Adding a static DHCP mapping
          2. Sending a wake on LAN mapping
        3. See also
      9. Managing services
        1. How to do it...
        2. How it works...
        3. See also
      10. Monitoring the packet filter with pfInfo
        1. How to do it...
        2. How it works...
        3. See also
      11. Monitoring traffic with pfTop
        1. How to do it...
        2. How it works...
        3. See also
      12. Monitoring system activity
        1. How to do it...
        2. How it works...
        3. See also
    16. B. Determining our Hardware Requirements
      1. Introduction
      2. Determining our deployment scenario
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. There’s more...
      3. Determining our throughput requirements
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. There’s more...
          1. List of available packages
        5. See also
      4. Determining our interface requirements
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. There’s more...
          1. pfSense 2.0: Minimum interface requirements
      5. Choosing a standard or embedded Image
        1. Getting ready
        2. How to do it...
        3. How it works...
        4. There’s more...
        5. See also
      6. Choosing a Form Factor
        1. Getting ready
        2. How to do it…
        3. How it works...
        4. There’s more...
          1. Installing the embedded platform on a desktop/server/laptop
          2. Installing the standard platform on an appliance
        5. See also
    17. Index

Product information

  • Title: pfSense 2 Cookbook
  • Author(s): Matt Williamson
  • Release date: March 2011
  • Publisher(s): Packt Publishing
  • ISBN: 9781849514866