Install Open Source Firewall pfSense

From Thomas-Krenn-Wiki
Jump to navigation Jump to search

pfSense is a software firewall solution based on FreeBSD. pfSense is installed on a dedicated server and requires at least two network interfaces to operate as a firewall. A user-friendly web interface is used to configure the firewall. Special FreeBSD know-how is therefore not required for managing the firewall. However, if you want to make any configuration changes directly via the command line, you should be accordingly familiar with FreeBSD.

pfSense offers a web interface for configuring firewall rules.

Features

The following website lists the features of pfSense in detail:

Hardware Compatibility

Since pfSense is based on FreeBSD, the same hardware compatibility requirements apply as with FreeBSD. The following table shows the version schedule of the two OSes:

Note: Thomas-Krenn tested each of the following systems with pfSense 2.2 resp. FreeBSD 10.1-RELEASE-p4.

Compatible Systems from Thomas-Krenn

The following servers were tested with a pfSense installation by the Thomas-Krenn team:

1U Intel Single-CPU RI1102H Server P9D-MV

 

1U Intel Single-CPU RI1102H Server X10SLH-F

 

Additional Network Cards

  • Add-on card Intel I210-T1 single port
    • See support onboard, i210
  • Add-on card Intel I350-T2 dual port

Hardware RAID Controllers

Note: The onboard RAID controller is not usable for RAIDs

Installation

You can also find helpful information about installing pfSense at:

The following installation methods are possible:

  1. Via Live CD with Installer
    • For this installation type, please use the Live CD with Installer, which can be downloaded from the pfSense website - pfSense Download Mirrors
    • It is recommended that you export the Live CD iso file via the IPMI-KVM console to the target system. You can boot from the virtual drive now. As an alternative, you can burn the Live CD to a disc and run it from a physical drive.
  2. Via Live CD with Installer on a USB stick
    • For this installation type, please use the Live CD with Installer (on USB Memstick), which can be downloaded from the pfSense website. Choose VGA as console – pfSense Download Mirrors
    • Create an USB stick if USB Memstick image will be used:

Note: All data on /dev/sdb will be overwritten. Replace /dev/sdb with the correct USB device if necessary!

$ gunzip pfSense-memstick-2.2-RELEASE-amd64.img.gz
$ sudo dd if=pfSense-memstick-2.2-RELEASE-amd64.img of=/dev/sdb bs=1M

Installation Dialogue

Debug Readouts for Add-on Cards

  • I210-T1 single port
# pciconf -lv
igb0@pci0:1:0:0:	class=0x020000 card=0x00028086 chip=0x15338086 rev=0x03 hdr=0x00
    class      = network
    subclass   = ethernet
# dmesg | grep igb0
igb0: <Intel(R) PRO/1000 Network Connection version - 2.4.0> mem 0xde200000-0xde2fffff,0xde300000-0xde303fff irq 16 at device 0.0 on pci1
  • Intel I350-T2 dual port
# dmesg |grep igb0
igb0: <Intel(R) PRO/1000 Network Connection version - 2.4.0> mem 0xde200000-0xde2fffff,0xde304000-0xde307fff irq 16 at device 0.0 on pci1
# dmesg | grep igb1
igb1: <Intel(R) PRO/1000 Network Connection version - 2.4.0> mem 0xde100000-0xde1fffff,0xde300000-0xde303fff irq 17 at device 0.1 on pci1
# pciconf -lv
igb0@pci0:1:0:0:	class=0x020000 card=0x00028086 chip=0x15218086 rev=0x01 hdr=0x00
    class      = network
    subclass   = ethernet
igb1@pci0:1:0:1:	class=0x020000 card=0x00028086 chip=0x15218086 rev=0x01 hdr=0x00
    class      = network
    subclass   = ethernet

References


Author: Georg Schönberger

Related articles

Creating a Bootable DOS USB Stick
Log4shell zero-day vulnerability
WireGuard Basics