gh

Back to docs Index

pfSense

tbd

• Pfsense: Enable 1:1 NAT to Acesses DMZ

gh.lan Overview youtube - ghlan Network Overview

• ghlearn document - gh.lan Overview

pfSense basics

1. Default install via “pfsense” USB install key
   • Using Dell (Intel SR1560SF)
   • Defalut install user: admin pw: pfsense
   • IF VM XCP-ng: Network Interfaces - Check - Disable hardware checksum offload
   • Note interface assignments and lable ports and cables
   • Walk through wizard
   • Turn off Block RFC1918 Private Addresses and bogon networks (so we can use LAN address ranges)
   • Decide what the LAN subnet should be (default is 192.168.1.1/24) 191.168.252.0/23
   • Set admin password - Should have 2 interfaces WAN and LAN - Add Traffic Graphs to Dashboard
2. DHCP Setup -> Services DHCP Server / LAN
   • Enbable DHCP Server
   • Range: 192.168.253.101 - 199 (Move new servers to MAC assignment)
   • View DHCP Static Mappings (at bottom)
   • Status -> DCHP Leaases View leases and move 101-199 to a static according to IP mappings
3. Add VLAN’s (skip this for now… will have to deal with router)
   • Interfaces -> Assignments -> VLANs
   • VLANs add
   • Parent Interface: lan VLAN Tag: 9 Description: ADM
   • Save - Interfaces -> Interfaces Assignments
   • Add (Select above VLAN) Save
   • Click on new interface
   • Check Enable Interface
   • Add Description: ADM
   • IPv4 Config Type: Static IPv4
   • Go down to Static IPv4 Config and the IP (192.168.9.1/24)
   • Uncheck reserve net blocking
   • Click SAVE
   • Click APPLY CHANGES - Services -> DHCP Server
   • Select ADM network
   • Enable DHCP Server
   • Range: 192.168.9.200-250
   • Save
4. Add Firewall Rules
   • Firewall -> Rules -> ADM
   • Add:
   • Action - Pass
   • Interface - ADM
   • Addresss Family - IPv4
   • Protocal - any
   • Source - any
   • Destination - any
   • Description: dmzall
   • Save - Add-TOP:
   • Action - Pass
   • Interface - ADM
   • Addresss Family - IPv4
   • Protocal - IPv4 ICMP - echoreq
   • Source - any
   • Destination - any
   • Description: ghWANallowPing
   • Save - Add-TOP: (not yet)
   • Action - Block
   • Interface - ADM
   • Addresss Family - IPv4
   • Protocal - any
   • Source - any
   • Destination - LAN
   • Description: BLOCK to LAN
   • Save - Add-TOP… block all other networks you want blocked
5. Add VLAN tags to Switches / vlans

Equipment Docs

• HPE C7000 Ciscos WS-CBS-3020GSG2
• Dell Intel SR1560SF

Notes

• Tutorial - pfsense install: Lawrence
  • interface assignments
  • re-assign interface
  • Uncheck Block Networks
  • run perf test
  • open 443 to remote admin
  • create firewall rules for a crapnetwork subnet
  • create UPnP for crapnetwork subnet
  • traffic shape crapnetwork subnet
• Tutorial - pfsense on XCP-ng: Lawrence tutorial
  • Check network performace tutorial

    iperf3 -c 192.168.9.1
    iperf3 -c 192.168.9.1 -P 100 -t 20
    

  • Add XCP-ng tools tutorial
• Tutorial - Virtualization Lab Network Setup / Demo using XCP-NG, UniFi, pfsense and Xen Orchestra
• Tutorial - pfSense VLAN and Guest Network Setup
• Tutorial - tbd
• Tutorial - tbd
• Tutorial - tbd