A complete Cloud Server system cannot be complete without a firewall. And pfSense is a worthy Firewall platform for you to install for your server.
Firewall is considered a barrier to protect individuals and organizations from Internet users illegally accessing important information and data. Setting up a firewall is an extremely important task when it comes to protecting the Cloud Server system. Below, ODS will guide you through the installation and basic configuration of pfSense, a very popular Firewall platform today.
See also: Instructions to install FireWallD for Cloud Server running on CentOS 7
mục lục
What is pfSense?
pfSense is an open source Firewall platform. It is built based on FreeBSD operating system and is used to build Firewall, Dedicated Router.
PfSense is trusted by many system administrators because of its reliability, providing many features that can only be found on commercial Firewall devices or software.
Advantages of pfSense
The flexibility of the pfSense Firewall is one of its greatest strengths. It allows users to install additional packages of extensions provided by third parties. Specialized Firewall devices from professional brands such as Cisco, Juniper, Fortigate, Checkpoint… are all powerful devices, but have high costs. If you want to optimize the cost of use, users should consider pfSense solution , which is provided completely free of charge.
Even though it’s free, it doesn’t mean it’s low quality. The pfSense firewall works extremely stably with high performance, optimizing source code and operating system. pfSense does not need a powerful hardware system. If the business must have a high-speed transmission line. pfSense only needs to be installed on a personal computer to start working. That further reduces setup costs. At the same time, it creates unprecedented flexibility and availability when businesses want to set up more firewalls.
Hardware requirements to set up pfSense
Firewall pfSense requires very light configuration, most computer systems today can easily meet:
- CPU 1 Ghz. above.
- 1GB Ram or more.
- 1GB free hard drive.
- 2 network cards.
Hardware requirements will depend on the data file traffic going through the network card. For 500 Mbps traffic, we will need a multi-core CPU with a speed of 2.0 Ghz or higher.
Instructions to install pfSense for Cloud Server
The first step, you need to visit the Website below:
https://www.pfSense.org/download/ and download File Image (ISO). Then use this ISO to install:
At the pfSense installation interface , a Menu shows installation options. User can press 1 key for default setting. Or the system will automatically select the default Boot pfSense Default.
Next in the section ” Configure Console “, you select the Option ” Accept these settings ” to continue the installation.
If you have never installed or used pfSense , you can choose Option “ Quick/Easy Install ”. Or if you have ever used pfSense , you can choose Option ” Custom Install ” for advanced options for pfSense configuration section .
Option “Custom Install” next Boot system asks to select the hard drive to install.
Next, the installation system will ask to provide Format of the hard drive to continue the installation. To be more secure, users should Backup the data on the hard drive first and then install pfSense .
Then you continue to configure Cylinders, Sectors for the hard drive. You should choose the default “Use this Geometry” to go to the next installation step.
Next, the system will give a warning about Formatting the hard drive. If the hard drive does not have important data, the user selects the Format section to move to the next installation step.
Next, you choose “ Partition Disk ”:
And select the hard drive partition that appears on the system. The user clicks “ Accept and Create ” to create the partition.
Once you have created the Partition, you continue to install Bootlocks to load the Bootloader for pfSense , the user selects ” Accept and Install bootblocks “.
Next, you choose the partition to install pfSense:
A message board is displayed warning the partition will be overwritten, select “ OK ” to continue.
Next to ” Select Subpartitions ” select ” Accept and Create ” to create partitions:
When Subparttions are created, the system will notify you that the installation is being processed.
Next is the Kernel installation process. There are 2 user options to choose ” Embedded kernel (No vga console, keyboard) ” to continue the installation.
After installing the Kernel, click Reboot to complete the installation of pfSense.
Instructions for configuring pfSense on Cloud Server
After the installation is complete, on the screen will appear 2 network cards.
Next, the system will ask to install WAN and LAN on pfSense. On pfSense system will include 2 network cards. Em0 will be the Wan network card and Em1 will act as the Lan card to enable Firewall, Nat features.
If you don’t need to name the Network Card, click Return Key. The system will return Confirm YES/NO . Press Y and Enter to continue.
After configuring the basic network card on pfSense, the interface will display according to the Menu below.
The WAN IP address is automatically assigned from DHCP. If needed, you can assign a static IP address to the WAN Card. For LAN, the default IP address of pfSense is 192.168.1.1/24. If the user wants to change the IP address, select Option 2 Set Interface(s) IP Address, and select the network card to change the address.
Next, we choose Option 2 to configure the LAN card (em1 – Static):
- IP card LAN: 192.168.2.162
- Subnet = 24
- Gateway = 192.168.2.1
If in the Enable DHCP Server section you select Y / YES, then we will be able to choose the Range IP assigned to the internal computer according to the Range specified here, the writer sets the range for the LAN card. Here it is from 192.168.2.163 to 192.168.2.200
And to access the Web-control of pfSense follow the path http://192.168.2.162/ to configure NAT,Firewall for pfSense .
Next is the pfSense login interface to access, we use the Client in the LAN to access the path http://192.168.2.162/ .
The default username/password on pfSense is Admin / pfsense
After logging in, pfSense ‘s message will be displayed for configuration instructions. User clicks “ Next ” to continue.
In the next interface, enter the required information including Hostname , domain name , Primary DNS server , Secondary DNS server . After filling all the information, select “ Next ” to continue.
On the next screen, select the Time zone for pfSense and then click “Next” to continue.
If you have pre-installed PPOE connection , and want to configure pfSense as a Router. Continue to select Option ” PPOE ” or ” Static ” to configure static IP for WAN Card.
Next “ Configure LAN Interface ”
Since you have configured the LAN Card from the beginning, at this step you click “ Next ” to continue.
The next interface is to set the admin password for Web Config and SSH of pfSense .
After setting the password, the user presses “ Reload ” to complete the pfSense configuration .
After completing the Reload, click “Click here to continue on to pfSense webConfigurator” to go to the Status/Dashboard interface of pfSense .
Some basic features of pfSense
Some basic features on Firewall rules web-config pfSense: Block Port, block IP
To configure IP blocking rules, you can click on the “Add” section to configure.
Include :
- Action : Create an action when the packet does not match the Rule. By default, pfSense has Action options: Pass/Block (Discard packets going to Firewall) /Reject (reject packets and flag, resend the user).
- Disable : Stop the Rule temporarily
- Interface: Depends on the user who wants to configure the Rule on LAN, WAN.
- Address Family : Select the type of IP you want to create Rule – IPv4, IPv6 or both.
- Protocol : Includes popular pfSense protocols with support on Rule TCP, UDP, ICMP, ESP, AH,IPV6, SCTP, OSPF, PIM or can choose Option Any.
Next is to select Source and Destination to configure depending on your needs.
In the Source and Destination section: Indicate the sending IP address, receiving IP address, Port of the packet when users need to create Firewall Rules for configuration.
Source: Specify the sending IP address.
Destination: Specifies the destination IP address.
Các tùy chọn: Any, Single host or alias, Network, PPPoE Clients, L2TP Clients, Interface Net, Interface Address
- Any : Any IP address
- Single host or alias : Host, personal IP when matching rules
- Network : Find a list of IP ranges, subnets according to user preferences.
- PPPoE Clients : Retrieve the list of IP Clients in the PPPoE protocol to the PPPoE server if the user is using it.
- L2TP Clients : Retrieve the list of IP Clients in the L2TP protocol to the L2TP server if the user uses it.
- Interface Net : Retrieve all WAN-LAN IPs according to user-optional IP ranges.
- Interface Address : Retrieve the specified IP according to user preferences.
Extra Options:
- Log : Allows you to track and record the activity of the rules.
- Description : Description of the rules.
Besides, you can also create a Rule using the command line when connecting to pfSense by SSH as follows:
Create a rule with the easyrule command
- easyrule pass wan tcp x.x.x.x y.y.y.y 443
- easyrule pass <interface> <protocol> <source IP> <destination ip> [destination port]
Conclusion
Setting up a pfSense firewall will help you optimally protect your Cloud Server system. At the same time effectively save costs for businesses. Above are the most detailed information for the process of installing and configuring pfSense on the server. Thank you for watching. Hope they will be useful to readers.
My mail: dinhhuynhanhkiet@gmail.com