Log In
Or create an account ->
Imperial Library
Home
About
News
Upload
Forum
Help
Login/SignUp
Index
Title Page
Copyright and Credits
Learn pfSense 2.4
Packt Upsell
Why subscribe?
PacktPub.com
Contributors
About the author
About the reviewer
Packt is searching for authors like you
Preface
Who this book is for
What this book covers
To get the most out of this book
Conventions used
Get in touch
Reviews
Getting Started with pfSense
Technical requirements
The pfSense project
What pfSense can do
The pfSense community
Objectives of this book
Summary
Questions
Further reading
Installing pfSense
Technical requirements
Networking fundamentals
The seven-layer OSI model
LANs, WANs, and MANs
Client-server and peer-to-peer networking
Layers 1 and 2 — topology and data link protocols
Layers 3 and 4 — network and transport
IP addressing
Typical pfSense deployment scenarios
Hardware requirements and sizing guidelines
Minimum requirements
Hardware sizing guidelines
Budget-priced options
Using an old desktop system
Using a thin client
Using an old laptop
Installing pfSense
Step-by-step installation guide
Initial pfSense configuration
Configuration from the console
Configuration from the web GUI
Advanced WAN configuration
Additional setup options
SSH login
Summary
Questions
Further reading
Configuring pfSense
Technical requirements
IPv4 and IPv6 addressing
Additional setup options
SSH login
Adding interfaces
Configuration of LAN-type interfaces
WAN configuration
Adding a DHCP server
DHCP configuration at the console
DHCP configuration in the web GUI
DHCP static configuration
DHCPv6 configuration in the web GUI
DHCP and DHCPv6 relay
DHCP and DHCPv6 leases
VLAN configuration
VLAN configuration at the console
VLAN configuration in the web GUI
QinQ and link aggregation
Remaining considerations
Summary
Questions
Further reading
Captive Portal
Technical requirements
Captive portal basics
Captive portal best practices
Enabling a captive portal
Authentication options
Local User Manager/Vouchers
Local user manager
Voucher authentication
RADIUS authentication
Additional captive portal options
Captive portal examples
Example #1 – no authentication
Example #2 – authentication with vouchers
Example #3 – RADIUS authentication
Step 1 – RADIUS installation and configuration
Step 2 – captive portal prerequisites
Step 3 – captive portal configuration
Troubleshooting captive portals
Summary
Questions
Further reading
Additional pfSense Services
Technical requirements
Introduction to DNS
Configuring DNS
DNS Resolver
DNS Forwarder
DNS firewall rules
DDNS
Updating DDNS
RFC 2136 updating
Checking IP services
Troubleshooting DDNS
NTP
Configuring NTP
Troubleshooting NTP
SNMP
Troubleshooting SNMP
Summary
Questions
Further reading
Firewall and NAT
Technical requirements
Firewall fundamentals
Firewall best practices
Best practices for ingress filtering
Best practices for egress filtering
Creating firewall rules
Floating rules
Example rules
Example #1 – rule to block a website
Example #2 – universal allow any rule
Example #3 – rule to prevent SYN flood attacks
Scheduling
Example – blocking a website only during certain hours
Aliases and virtual IPs
Aliases
Example – creating an alias and making a block rule based on the alias
Virtual IPs
NAT
Port-forwarding
Example – DCC port-forwarding
Outbound NAT
1:1 NAT
Troubleshooting
Summary
Questions
Further reading
Traffic Shaping
Technical requirements
Traffic shaping fundamentals
Queuing disciplines
Priority queuing
Class-based queuing
Hierarchical Fair Service Curve – HFSC
Configuring traffic shaping
The Multiple Lan/Wan configuration wizard
The Dedicated Links wizard
Advanced traffic shaping configuration
Changes to queues
Limiters
Manual rule configuration
Example #1 – modifying the penalty box
Example #2 – prioritizing EchoLink
Using Snort for traffic shaping
Installing and configuring Snort
Troubleshooting
Summary
Questions
Further reading
Virtual Private Networks
Technical requirements
VPN fundamentals
IPsec
L2TP
OpenVPN
Choosing a VPN protocol
VPN hardware
Configuring a VPN tunnel
IPsec configuration
IPsec peer/server congfiguration
IPsec mobile client configuration
Pre-shared keys
Advanced settings
Example 1 – Site-to-site IPsec configuration
Example 2 – IPsec tunnel for mobile remote access
L2TP
OpenVPN
OpenVPN server configuration
OpenVPN client configuration
Server configuration with the wizard
OpenVPN Client Export Utility
Troubleshooting VPNs
Summary
Questions
Further reading
Multiple WANs
Technical requirements
Multi-WAN fundamentals
Service-level agreement
Policy-based routing
Failover and load balancing
When is a gateway down?
Configuring multiple WANs
DNS considerations
NAT considerations
Third-party packages
Troubleshooting
Summary
Questions
Further reading
Routing and Bridging
Technical requirements
Routing and bridging fundamentals
Bridging fundamentals
Routing fundamentals
Routing
Static routes
Public IP addresses behind a firewall
Dynamic routing
RIP (routed)
OpenBGPD
Quagga OSPF
FRRouting
Bridging
Bridging interfaces
The other issues
Troubleshooting
Summary
Questions
Further reading
Diagnostics and Troubleshooting
Technical requirements
Troubleshooting fundamentals
A seven-step approach to troubleshooting
Common networking problems
Wrong subnet mask or gateway
Wrong DNS configuration
Duplicate IP addresses
Network loops
Routing issues
Port configuration
Black holes
Physical issues
Wireless issues
RADIUS issues
pfSense troubleshooting tools
Dashboard
System logs
Interfaces
Services
Monitoring
Traffic graphs
Firewall states
States
State summary
pfTop
tcpdump
tcpflow
ping, traceroute, and netstat
ping
traceroute
netstat
A troubleshooting scenario
A user cannot connect to a website
Summary
Questions
Further Reading
Assessments
Chapter 1
Chapter 2
Chapter 3
Chapter 4
Chapter 5
Chapter 6
Chapter 7
Chapter 8
Chapter 9
Chapter 10
Chapter 11
Other Books You May Enjoy
Leave a review - let other readers know what you think
← Prev
Back
Next →
← Prev
Back
Next →