banner
miaoer

miaoer

喵二の小博客 https://www.miaoer.net xLog 分站
tg_channel
telegram
bilibili
HomeArchives

First time using pfSense

#软路由45
AI Translation
This post is translated from Chinese into English through AI.View Original
AI-generated summary
The author shares their experience setting up pfSense, an open-source firewall and router software based on FreeBSD, after using Router OS and other systems. They downloaded pfSense quickly from the Singapore node and configured it in an EXSI virtual machine with specific hardware resources. The setup process included configuring WAN PPPoE, DHCP server, DNS caching, and UPNP. For multi-interface routers, the author explains how to set up a bridge and disable secondary isolation. They also detail enabling IPv6, configuring firewall settings, and managing DHCPv6. The author notes that pfSense has fewer plugins compared to OpenWrt but highlights its strong firewall capabilities. Overall, they find pfSense more complex than RouterOS, with many steps that are not user-friendly, yet they appreciate its stability, security, and efficiency.

After using Router OS and Aikua, I focused on pfSense, which foreigners love to play with, to complete basic network applications. Downloading from the pfSense official website with the Singapore node is very fast. pfSense is a free and open-source system based on FreeBSD.

I allocated 2 cores and 2 threads CPU, 512M RAM, and 2G hard disk (SATA controller) for pfSense in the EXSI virtual machine. After the basic installation, I set up the network card, static IP, and enabled the HTTP backend...

image

When I reached the most challenging configuration of pfSense, I first set up the PPPoE dial-up for the WAN port, configured the DHCP server, DNS cache, and UPNP.

image

Oh, if you have a multi-port soft router, you will set up a bridge (interfaces_bridge) here. You need to set the LAN as a member interface and bridge opt1, opt2, opt3... together. You also need to disable secondary isolation (System/Advanced Options/System Tunable Parameters).

net.link.bridge.pfil_member =1  ##  Packet filter on the member interface
net.link.bridge.pfil_bridge =0  ##	Packet filter on the bridge interface

Since my home uses Guangmi, I need to enable IPv6 (IPv6 promoter), which is probably to open the IPv6 firewall to allow IPv6 ICMP/TCP, allow the LAN port IPv6 UDP 53 port, set the LAN port IPv6 configuration type Track Interface to WAN, set the WAN port to use IPv4 as the parent interface Request IPv6 prefix/information via IPv4 connection link, DHCPv6 service Enable DHCPv6 server on interface LAN, routing mode Managed - RA flag [managed, other stateful], prefix flag [onlink, router]. If I remember correctly, that should be it. I also learned how to enable it from other blogs because it’s too complicated...

Also, its plugins are relatively few compared to OpenWrt, but you can still use SSL, iperf3, open-vmware-tools... The advantage of this system is its powerful firewall functionality, the above is the firewall white elephant series

I won't demonstrate here. Personally, I think this system is relatively difficult, but the basics are simpler than RouterOS; it’s just that the steps are cumbersome and very user-unfriendly...

Stability, security, and efficiency are the way to go. (●'◡'●)

Installation video reference: VedioTalk

This article is synchronized and updated to xLog by Mix Space. The original link is https://www.miaoer.net/posts/network/first-pfsense

Loading...
Ownership of this post data is guaranteed by blockchain and smart contracts to the creator alone.