Saturday, April 16, 2016

pfSense Firewall Part 3: "Installation"


Mark Furneaux continues his YouTube pfSense series, this is the part 3 "Installation" portion. I am able to note that Mark's video shows the interface of pfSense version 2.3, which is what you will be using if you install pfSense now anyway. Older versions resemble the appearance and features in the basic pfSense installation he shows that you wouldn't be lost there either.

I won't need to annotate Mark's excellent overview of the pfSense installation process much. As he reports, the "link auto-detect" function doesn't typically work well to determine which network interface is which network port on your host system. Just note or diagram what network interface has which MAC address (if you have adapters with dual or "quad" (4) NIC ports, the MAC addresses will be subsequent in the series). I use a label maker to physically mark the system for which port is what ('WAN', LAN', etc.) for troubleshooting or working with cabling later.

For where I work, we use the "PPPoE" method for the Internet uplink on the WAN interface (and my modem is in "bridged" mode purely to link the DSL connection to Ethernet for the firewall). There are fields for the username and password, just like I would have on my DSL modem if I was not using pfSense. If you are with a cable Internet provider, you may need to enter the MAC address of your cable modem (check with your ISP, and they may need to help you to bridge your modem). I "spoof" (change the MAC address that would be reported) my MAC address using that field, but only to what my modem would report if it was not bridged.

Another area I should address with a bridged modem (whether cable or DSL) is that ALL other features of the modem are not functional with it in bridge mode. Wireless connection? That's no longer running because you want all Internet access to go through your firewall (its raison d'ĂȘtre). You will probably need to connect wireless (if you are using it currently, especially with devices that do not have wired connections or that wireless connection methods make easier) like Mark describes in the second part previously, preferably as separate Wireless Access Points (WAPs).

I also want to note that Mark changes from the default HTTPS web interface access to HTTP at the end of the video to avoid certificate warnings. This has the potential for someone to electronically siphon the username and password you are using for your pfSense firewall if you access the web interface from outside your network (remotely viewing the firewall configuration or information it provides). Keep it set to HTTPS access (even accessing it internally), later I can cover certificate installation and setting the pfSense firewall for outside access by you.



No comments:

Post a Comment