pfsense: Cheat sheets

[Stryder]

Okay so if you have been looking through the documents online, you might or might not have fathomed some of the necessary things that the firewall has to offer and how to configure them. If you haven't then you are probably like me and in the boat of trialling and testing until you get the solution that you are looking for.

What I'm going to try and accomplish with this Thread is a "Cheat sheet", the idea being that rather than spending hours going through the mountains of websites and other peoples personal inabilities at explaining how something works, I am going to try my very best to make it as clear and precise as possible to aid you in your endevours of utilising this cost efficient firewall.

Now unfortunatelly I can't start at the very beginning with something like this, so I am going to submit this as a post by post basis, where I identify a problem and the solution and well... it will grow the more I learn or perhaps more if others add to it.

[Stryder]

The Test Environment

This is a highly important factor in writing some cheat sheets, afterall one test environment (production environment) will differ from other peoples environments. So to start with let me introduce you to my test environment, which is actually a working environment which I'm slowly piecing together.


For those of you that can't see the image, the basic environment has an ADSL Router connect to the internet, the Pfsense Firewall is situated behind the Router and then a connection is made to a network switch. The switch has various computers running Windows XP/Vista/7/2003 Enterprise Server and an instance of FreeBSD over TCP/IP.

Currently there is no DMZ or OPT(optional interface) setting via Pfsense. If I want to use a DMZ, I'll just drop a test system directly onto the Router.

The Router in this instance has been configured to route all traffic to the Pfsense box via the Firewall rules. The firewall had to be turned on to allow firewall logging, it doesn't do any blocking. The router make is Zyxel.

An IP table would look similar to this:
WAN
*.*.*.* = Public IP address subnet 255.255.255.255

SubWAN (A non-DHCP, statically defined private network)
172.16.5.1 = ADSL Router subnet 255.255.255.252
172.16.5.2 = Pfsense WAN interface
(Note: The network here is set for a 2 host limit)

LAN (Pfsense DHCP defined and Static assigned computers and servers on a private network)
172.16.0.1 = Pfsense LAN subnet 255.255.255.0
172.16.0.2 = Windows 2003 Enterprise server
172.16.0.3 = FreeBSD DNS/webserver
172.16.0.4 = CTI phone Computer
etc.
(Note: The network here is set for a 254 Host potential, it could be tightened further for less IP's by using )