pfSense FAQs

Exclusive offer: get 50% off this eBook here
pfSense 2 Cookbook

pfSense 2 Cookbook — Save 50%

A practical, example-driven guide to configuring even the most advanced features of pfSense 2.0

$26.99    $13.50
by Matt Williamson | May 2011 | Cookbooks Open Source

pfSense is an open source distribution of FreeBSD-based firewall which provides a platform for flexible and powerful routing and firewalling. The versatility of pfSense presents us with a wide array of configuration options. This article will take a look at some frequently asked questions on pfSense such as:

  • What are the minimum hardware requirements for pfSense?
  • How does pfSense assign DNS servers to the DHCP clients?
  • How does the OpenVPN service work?

 

pfSense 2 Cookbook

pfSense 2 Cookbook

A practical, example-driven guide to configuring even the most advanced features of pfSense 2.0

      Read more about this book      

(For more resources related to this subject, see here.)

Q: What are the minimum hardware requirements for pfSense?
A: The minimum requirements for a pfSense installation are 500Mhz, 128MB RAM, and 1GB hard disk space.

Q: How does pfSense identify and assign interfaces?
A: pfSense, like any other computer operating system, references each NIC by some unique value (fxp0, em0, em1, and so on). These unique identifiers are often associated with the driver being used and make it easier for us humans to use than the associated MAC address (00:80:0c:12:01:52). Taking that concept a step further, an interface is simply a named placeholder for each port: fxp0=WAN, em0=LAN, em1=DMZ, and so on.

Q: How to enable the Secure Shell (SSH) service in pfSense?
A: SSH is a networking protocol that allows encrypted communication between two devices. Enabling SSH allows secure access to the pfSense console remotely, just as if you were sitting in front of the physical console.

  1. Browse to System | Advanced | Secure Shell.
  2. Check Enable Secure Shell.
  3. You will be prompted for credentials when you connect (use the same username and password as the webGUI), but checking Disable password login for Secure Shell will allow you to use RSA keys instead.
  4. Leave the SSH port blank to use the default port:

    (Move the mouse over the image to enlarge it.)

  5. Save the changes and the SSH service will be started.

Enabling the Secure Shell turns on pfSense's built-in SSH server to listen to requests on the port you've specified (port 22 by default).
Like all pfSense services (unless otherwise noted), the SSH service will listen on every available interface. Like other services, firewall's rules are used to grant or deny access to these services.

 

Q: How does pfSense assign DNS servers to the DHCP clients?
A: Specify any DNS server to be automatically assigned to our DHCP clients. If left blank, pfSense will automatically assign DNS servers to our clients in one of the following two ways:

  • If DNS Forwarder is enabled, then the IP address of the interface is used. This is because the DNS Forwarder turns the pfSense machine itself into a DNS server, so the IP of the pfSense machine (that is, the gateway, which varies by interface) is assigned to each client.
  • If DNS Forwarder isn’t enabled, then the DNS Servers configured on the General Setup page are used. And of course if, Allow DNS server list to be overridden by DHCP/PPP on WAN is enabled in General Setup, then the DNS servers obtained through the WAN will be used instead.

 

Q: What happens if the Register DHCP Leases in DNS Forwarder is enabled?
A: If the Register DHCP Leases in DNS Forwarder option is enabled, pfSense will automatically register any devices that specify a hostname when submitting a DNS request. The downside, of course, is that not all devices submit a hostname and even when they do, it is sometimes cryptic. I prefer to only register important devices using DHCP static mappings, and all other (unimportant/unknown) devices can be referenced using their IP addresses.

Q: What is an alias? What are the different types of aliases in pfSense?
A: An alias is a place-holder (that is a variable) for information that may change. Aliases provide a degree of separation between our rules and values that may change in the future (for example, IP addresses, ports, and so on). It's best to use aliases whenever possible. The different types of aliases are as follows:

  • Host alias: Selecting Host(s) as an alias Type allows you to create an alias that holds one or more IP addresses.
  • Network alias: Selecting Network(s) as an alias Type allows you to create an alias that holds one or more networks (that is ranges of IP addresses).
  • Port alias: Selecting Port(s) as an alias Type allows you to create an alias that holds one or more ports.
  • OpenVPN Users alias: Selecting OpenVPN Users as an alias Type allows you to create an alias that holds one or more OpenVPN usernames.
  • URL alias: Selecting URL as an alias Type allows you to create an alias that holds one or more URLs.
  • URL Table alias: Selecting URL Table as an alias Type allows you to create an alias that holds a single URL pointing to a large list of addresses. This can be especially helpful when you need to import a large list of IPs and/or subnets.
  • Using an alias: Aliases can be used anywhere you see a red textbox. Simply begin typing and pfSense will display any available aliases that match the text you've entered.
pfSense 2 Cookbook A practical, example-driven guide to configuring even the most advanced features of pfSense 2.0
Published: March 2011
eBook Price: $26.99
Book Price: $44.99
See more
Select your format and quantity:
      Read more about this book      

(For more resources related to this subject, see here.)

Q: How does the OpenVPN service work?
A: The OpenVPN service allows external users to establish a secure, encrypted connection to our network. Users will connect to the network using an OpenVPN client and once authenticated, the user will have access to the network as if they were physically connected.

Q: What are Gateway Groups?
A: PfSense 2.0 implements a new concept called Gateway Groups. A Gateway Group is a collection of gateways that can be treated as one unit from various other features in the system.
Gateway groups will appear in the gateway drop-down menu when appropriate, such as when defining a firewall rule.

Q: How are bridged interfaces useful and how can one bridge together two interfaces in pfSense?
A: Bridging allows you to join two networks together. For example, a network administrator may want to bridge a wired network with a wireless network. The following steps describe how to bridge together two interfaces in pfSense:

  1. Browse to Interfaces | (assign).
  2. Click on the Bridges tab.
  3. Click on the "plus" button to create a new bridge.
  4. Select the Member Interfaces with Ctrl + click.
  5. Add a Description, such as LAN DMZ Bridge:

    (Move the mouse over the image to enlarge it.)

  6. Save the changes:

    (Move the mouse over the image to enlarge it.)

Bridging combines two interfaces on the firewall into a single Layer-2 network. Our LAN and DMZ interfaces are now connected.

 

Q: What is OLSR and how is it enabled in pfSense?
A: OLSR is an implementation of the Optimized Link State Routing Protocol, an IP routing protocol optimizing wireless mesh networks. A mesh network is a network consisting of two or more nodes, but what makes it unique is the way in which the nodes communicate with each other. The nodes have multiple routes across the network, improving reliability in the face of individual node failures. The following steps describe how to enable OLSR (Optimized Link State Routing) in pfSense:

  1. Browse to Services | OLSR.
  2. Check Enable OLSR.
  3. Choose an interface (Ctrl + click to select multiple interfaces).
  4. Save the changes.

    (Move the mouse over the image to enlarge it.)

pfSense's built-in support of OLSR allows configuration through the pfSense GUI. OLSR is highly scalable and highly portable, with an emphasis on reliability. OLSR is commonly used for mobile ad-hoc networks.

 

Q: How to configure pfSense to automatically back up its configuration file?
A: Users with a pfSense support subscription can configure automated backup to external pfSense servers using their portal.pfsense.org login credentials. Currently, only paid support subscribers have access to this feature.

  1. Browse to Diagnostics | AutoConfigBackup.
  2. Click on the Settings tab.
  3. Enter our Subscription Username.
  4. Enter our Subscription Password.
  5. Confirm Subscription Password.
  6. Enter our Encryption Password.
  7. Confirm Encryption Password.

    (Move the mouse over the image to enlarge it.)

  8. Save the changes.

Automated backups can now be securely stored on a set of external pfSense servers. This is convenient for users to have a safe external backup location, as well as for support staff, which will be able to track configuration changes while troubleshooting issues.
A pfSense support subscription makes automated backup available. Also, restores can be done directly from the pfSense servers and backup/restore statistics are available directly from the Stats tab.

 

Summary

This article answered some of the most frequently asked questions on pfSense.


Further resources related to this subject:


pfSense 2 Cookbook A practical, example-driven guide to configuring even the most advanced features of pfSense 2.0
Published: March 2011
eBook Price: $26.99
Book Price: $44.99
See more
Select your format and quantity:

Resources for Article :


pfSense 2 Cookbook by Matt Williamson

Books From Packt


OpenVPN 2 Cookbook
OpenVPN 2 Cookbook

Squid Proxy Server 3.1: Beginner's Guide
Squid Proxy Server 3.1: Beginner's Guide

Nginx HTTP Server
Nginx HTTP Server

Tcl 8.5 Network Programming
Tcl 8.5 Network Programming

OpenX Ad Server: Beginner's Guide
OpenX Ad Server: Beginner's Guide

VirtualBox 3.1: Beginner's Guide
VirtualBox 3.1: Beginner's Guide

FreeSWITCH 1.0.6
FreeSWITCH 1.0.6

Building Telephony Systems with OpenSER
Building Telephony Systems with OpenSER


Code Download and Errata
Packt Anytime, Anywhere
Register Books
Print Upgrades
eBook Downloads
Video Support
Contact Us
Awards Voting Nominations Previous Winners
Judges Open Source CMS Hall Of Fame CMS Most Promising Open Source Project Open Source E-Commerce Applications Open Source JavaScript Library Open Source Graphics Software
Resources
Open Source CMS Hall Of Fame CMS Most Promising Open Source Project Open Source E-Commerce Applications Open Source JavaScript Library Open Source Graphics Software