Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
Learn pfSense 2.4
Learn pfSense 2.4

Learn pfSense 2.4: Get up and running with Pfsense and all the core concepts to build firewall and routing solutions

Arrow left icon
Profile Icon David Zientara
Arrow right icon
NZ$14.99 NZ$57.99
Full star icon Full star icon Full star icon Empty star icon Empty star icon 3 (1 Ratings)
eBook Jul 2018 346 pages 1st Edition
eBook
NZ$14.99 NZ$57.99
Paperback
NZ$71.99
Subscription
Free Trial
Arrow left icon
Profile Icon David Zientara
Arrow right icon
NZ$14.99 NZ$57.99
Full star icon Full star icon Full star icon Empty star icon Empty star icon 3 (1 Ratings)
eBook Jul 2018 346 pages 1st Edition
eBook
NZ$14.99 NZ$57.99
Paperback
NZ$71.99
Subscription
Free Trial
eBook
NZ$14.99 NZ$57.99
Paperback
NZ$71.99
Subscription
Free Trial

What do you get with eBook?

Product feature icon Instant access to your Digital eBook purchase
Product feature icon Download this book in EPUB and PDF formats
Product feature icon Access this title in our online reader with advanced features
Product feature icon DRM FREE - Read whenever, wherever and however you want
OR
Modal Close icon
Payment Processing...
tick Completed

Billing Address

Table of content icon View table of contents Preview book icon Preview Book

Learn pfSense 2.4

Getting Started with pfSense

As the internet approaches its fiftieth anniversary, networked computers have essentially become the norm across much of the world. Computer networks are commonplace, even within the home, and it is not uncommon for households to have multiple internet-connected devices—a trend that undoubtedly will only accelerate with the growing popularity of the internet of things (IoT). With networks becoming part of our basic infrastructure, reliable networking equipment has become as essential as telephone exchanges and railways were to prior generations.

Even if you only have a home network, at a minimum, you will need a router to connect your private network with the public internet and a firewall to provide both ingress filtering (filtering for incoming traffic) and possibly egress filtering (for outgoing traffic). pfSense can perform both functions. In this chapter, we will introduce the pfSense project, explain how pfSense can help secure your network, and introduce you to the pfSense community, from which you can find out more about pfSense, and, hopefully, get answers to questions. Finally, we will briefly discuss the objectives of this book.

Reading this chapter should provide the reader with an understanding of the following:

  • The pfSense project
  • What pfSense can do
  • The pfSense community
  • The objectives of this book

Technical requirements

There are no particular technical requirements for this chapter, as it is simply an overview of pfSense and the book's objectives. Some familiarity with Linux and/or BSD would be helpful, as well as access to a computer that is capable of running pfSense (any modern PC should do); we will discuss the technical specifications in greater depth in the next chapter.

The pfSense project

pfSense runs on the FreeBSD operating system. FreeBSD is an offshoot from Berkeley UNIX—the University of California, Berkeley had acquired a license for AT&T UNIX in the 1970s. Students started to improve on this version of UNIX, and Berkeley Software Distribution (BSD) was founded as a project to make modifications to AT&T UNIX, as well as to distribute this modified version. This version, however, had proprietary AT&T source code in it, and BSD users thus had to obtain a license from AT&T to use it legally. In the late 1980s, however, work began on a project to eliminate AT&T code from BSD in order to produce an open source version of it, thus spawning the FreeBSD project. Since then, FreeBSD has gained a following among those seeking a stable and secure open source variant of UNIX that provides good performance.

pfSense is based on pf, which is OpenBSD's packet filter (itself designed as a replacement for Darren Reed's IPFilter, which OpenBSD had been using up to that point). pf was incorporated into OpenBSD distributions in 2001. pf is a command-line utility, and, as a result, several projects were launched to provide a graphical interface for the pf utility. m0n0wall, initially released in 2003, was the first successful attempt at providing a graphical front end for pf. pfSense, which began as a fork of this project, was another such project.

Version 1.0 of pfSense was released on October 4, 2006. Version 2.0 was released on September 17, 2011. Version 2.1 was released on September 15, 2013, and Version 2.2 was released on January 23, 2015. Version 2.3, released on April 12, 2016, phased out support for legacy technologies such as the Point-to-Point Tunneling Protocol (PPTP), Wireless Encryption Protocol (WEP) and single DES, and also provided a facelift for the web GUI.

Version 2.4, released on October 12, 2017, continues this trend of phasing out support for legacy technologies while also adding features and improving the web GUI. Support for 32-bit x86 architectures has been deprecated (however, security updates will continue for 32-bit systems for at least a year after the release of 2.4), while support for Netgate Advanced RISC Machines (ARM) devices has been added. A new pfSense installer (based on FreeBSD's bsdinstall) has been incorporated into pfSense, and there is support for the ZFS filesystem, as well as the Unified Extensible Firmware Interface (UEFI). pfSense now supports OpenVPN 2.4.x, and as a result, features such as AES–GCM ciphers can be utilized. In addition, pfSense now supports multiple languages; the web GUI has been translated into 13 different languages. At the time of writing, version 2.4.3, released on May 14, 2018, is the most recent version.

pfSense is not the only option if you are looking for open source firewall/router software—it is not even the only software making use of FreeBSD and pf. The m0n0wall project was discontinued in 2015, but there have been several m0n0wall forks since its end of life, including t1n1wall and SmallWall. Manuel Kasper, the developer behind m0n0wall, supports OPNsense, a project that forked from pfSense in 2015. There are also projects such as Shorewall, an open source firewall tool for Linux that builds on Netfilter.

Nevertheless, pfSense is currently the most popular open source firewall/router, and the developer community contributing to the project is strong. It is fairly easy to install and configure, and is useful in a variety of deployment scenarios.

What pfSense can do

To provide a general idea of the versatility of pfSense, consider the following use cases:

  • You have a home network, and need a means of connecting the wireless devices in your house (such as computers, laptops, and tablets) to the internet. Therefore, you need a router (to connect your home network to the internet), a firewall (to perform ingress and egress filtering at the boundary between your private network and the internet), and a wireless access point (to enable wireless devices to connect to your home network). You will likely also want to have a DHCP server to assign IP addresses to devices on the network, and possibly dynamic DNS (DDNS) capabilities, so that you don't have to remember your public IP address when accessing your home network from the outside world. pfSense can perform all these functions.

  • You have a small office/home office (SOHO) network, and you need to connect several computers in your company to the internet. You also want to provide a means of allowing customers to connect to the internet on the same connection, but you want to have some means of controlling their access to the network so they don't use up the bulk of available bandwidth. You also want to keep them from accessing the internal company network. Therefore, you need to have separate subnets for your internal network and for customers, a captive portal to control customers' access to your network, and possibly traffic shaping capabilities to limit the amount of bandwidth used by customers. Again, pfSense can perform all these functions.

  • You are an administrator at a corporation that has an office in another city. You want to provide access to your local corporate network to workers in the remote facility, but you are concerned about confidential corporate information traveling over the public internet. A private WAN circuit is one possible option to allow remote users to connect securely to your network, but private WAN circuits are expensive. Therefore, you decide that the best option is to set up a peer-to-peer VPN connection between your local network and the remote site. You also want to have more than one internet connection, to provide redundancy when one of the connections goes down. As you might have guessed, pfSense allows you to set up VPN connections between networks, and to set up multiple WAN connections.

In short, pfSense can be used in a variety of scenarios, ranging from a simple home network with a handful of internet-connected devices to a corporate network with thousands of users. For those administering corporate networks, commercially available equipment with proprietary technology (such as Cisco switches and routers) may prove to be the better option. Such equipment often performs better under heavy load scenarios, offers integrated voice, video, and data services, and often comes bundled with technical support.

This book, however, is aimed primarily at beginners; therefore, it is generally assumed that the reader is more likely to set up a home network or SOHO network than a corporate network, in which case pfSense is generally a cost-effective, sensible option. There is a great deal of functionality built in to pfSense, and in many cases, when the base install does not provide the functionality you need, there are third-party packages available that do provide such functionality.

The pfSense community

There will be times when you encounter a problem that cannot be solved by referencing this book or by troubleshooting the problem yourself. Although this book provides a detailed procedure for troubleshooting in Chapter 11, Diagnostics and Troubleshooting, it is often expedient to refer the problem to those who are more knowledgeable about pfSense than you are. In such cases, you can turn to the online pfSense community.

The official pfSense forums have recently moved to Netgate's website, which has reorganized the forums and added several more (including many devoted to pfSense international support). Anyone can read the forums, but in order to post on the forums, you must register, which requires you to provide a name and email address. Participation in the official forums can be an effective way of resolving problems and increasing your knowledge of pfSense.

The forums can be found at https://forum.netgate.com.

Reddit has its own pfSense forum, and members of the pfSense development team often participate in this forum. Although Reddit isn't everyone's cup of tea, it is a good place to find out the latest pfSense news, ask questions, and (hopefully) get answers.

The Reddit pfSense forum can be found at https://www.reddit.com/r/PFSENSE/.

Also worth mentioning is the Spiceworks pfSense forum. Spiceworks is a professional network for the IT community. Although the company has its headquarters in Austin, Texas, it has an international presence as well. Their pfSense forum also has polls and how-to guides.

The Spiceworks pfSense forum can be found at https://community.spiceworks.com/networking/pfsense.

Finally, for those who find it easier to watch videos, there are many useful how-to video guides available online. An online search for the pfSense topic in which you need assistance will often turn up multiple videos, of varying degrees of complexity and clarity. YouTube is the most obvious place to look for such videos, although other video sites, such as Vimeo, also have pfSense-related content.

Objectives of this book

The purpose of this book is to explain the basics of pfSense—installing, configuring, and utilizing its services—to the networking beginner. This book does not presuppose any prior knowledge of networking, and thus some of the material is devoted to explaining networking basics. At the same time, this book focuses on pfSense fundamentals—not networking fundamentals—and if you find such explanations inadequate, it might behoove you to find a good networking primer to supplement your reading. For example, any of the popular review guides for the CompTIA's Networking+ exam should prove adequate.

The following are the main topics covered in this book:

  • Installing and configuring pfSense
  • Captive portal configuration
  • Configuration of other basic services (DNS, NTP, SNMP, and so on)
  • Firewall and NAT
  • Traffic shaping
  • VPNs
  • Multiple WANs
  • Routing and bridging
  • Diagnostics and troubleshooting

This book is not aimed at intermediate users—it is aimed mainly at beginners setting up a home for their SOHO network. Therefore, some topics that would be more appropriate in a corporate network scenario have been omitted, such as load balancing and failovers. Other topics that might be worthy of a more extensive treatment in a more intermediate-level book, such as VLANs, have been scaled back somewhat. Also, although third-party packages are mentioned where appropriate, this book does not discuss such packages in any great depth.

Nonetheless, the reader should come away from this book with a basic understanding of how to utilize pfSense in the most common scenarios. If you feel you need to know more about pfSense than the information contained within this book, you might consider another book I authored, Mastering pfSense, which covers intermediate-level topics.

Summary

In this chapter, we introduced FreeBSD and the pfSense project, provided a brief overview of what pfSense can do, mentioned the online pfSense community, and looked at the objectives of this book. In the next chapter, we will provide a survey of the basics of networking, ways in which pfSense can be deployed in typical networks, the hardware requirements for pfSense, and how to install pfSense and do some basic configuration.

Questions

  1. What OS is used to run pfSense?
  2. What does pf stand for?
  3. Name one open source alternative to pfSense.

Further reading

Hansteen, Peter N.M. (2014). The Book of PF: 3rd Edition. San Francisco, CA: No Starch Press. To my knowledge, the only comprehensive guide on pf, the command-line utility upon which pfSense is based.

Left arrow icon Right arrow icon

Key benefits

  • Build firewall and routing solutions with PfSense.
  • Learn how to create captive portals, how to connect Pfsense to your HTTPS environment and so on.
  • Practical approach towards building firewall solutions for your organization

Description

As computer networks become ubiquitous, it has become increasingly important to both secure and optimize our networks. pfSense, an open-source router/firewall, provides an easy, cost-effective way of achieving this – and this book explains how to install and configure pfSense in such a way that even a networking beginner can successfully deploy and use pfSense. This book begins by covering networking fundamentals, deployment scenarios, and hardware sizing guidelines, as well as how to install pfSense. The book then covers configuration of basic services such as DHCP, DNS, and captive portal and VLAN configuration. Careful consideration is given to the core firewall functionality of pfSense, and how to set up firewall rules and traffic shaping. Finally, the book covers the basics of VPNs, multi-WAN setups, routing and bridging, and how to perform diagnostics and troubleshooting on a network.

Who is this book for?

This book is towards any network security professionals who want to get introduced to the world of firewalls and network configurations using Pfsense. No knowledge of PfSense is required

What you will learn

  • Install pfSense
  • Configure additional interfaces, and enable and configure DHCP
  • Understand Captive portal
  • Understand firewalls and NAT, and traffic shaping
  • Learn in detail about VPNs
  • Understand Multi-WAN
  • Learn about routing and bridging in detail
  • Understand the basics of diagnostics and troubleshooting networks

Product Details

Country selected
Publication date, Length, Edition, Language, ISBN-13
Publication date : Jul 31, 2018
Length: 346 pages
Edition : 1st
Language : English
ISBN-13 : 9781789349009
Concepts :
Tools :

What do you get with eBook?

Product feature icon Instant access to your Digital eBook purchase
Product feature icon Download this book in EPUB and PDF formats
Product feature icon Access this title in our online reader with advanced features
Product feature icon DRM FREE - Read whenever, wherever and however you want
OR
Modal Close icon
Payment Processing...
tick Completed

Billing Address

Product Details

Publication date : Jul 31, 2018
Length: 346 pages
Edition : 1st
Language : English
ISBN-13 : 9781789349009
Concepts :
Tools :

Packt Subscriptions

See our plans and pricing
Modal Close icon
$19.99 billed monthly
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Simple pricing, no contract
$199.99 billed annually
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just NZ$7 each
Feature tick icon Exclusive print discounts
$279.99 billed in 18 months
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just NZ$7 each
Feature tick icon Exclusive print discounts

Frequently bought together


Stars icon
Total NZ$ 201.97
Mastering pfSense
NZ$80.99
Learn pfSense 2.4
NZ$71.99
Network Security with pfSense
NZ$48.99
Total NZ$ 201.97 Stars icon
Banner background image

Table of Contents

13 Chapters
Getting Started with pfSense Chevron down icon Chevron up icon
Installing pfSense Chevron down icon Chevron up icon
Configuring pfSense Chevron down icon Chevron up icon
Captive Portal Chevron down icon Chevron up icon
Additional pfSense Services Chevron down icon Chevron up icon
Firewall and NAT Chevron down icon Chevron up icon
Traffic Shaping Chevron down icon Chevron up icon
Virtual Private Networks Chevron down icon Chevron up icon
Multiple WANs Chevron down icon Chevron up icon
Routing and Bridging Chevron down icon Chevron up icon
Diagnostics and Troubleshooting Chevron down icon Chevron up icon
Assessments Chevron down icon Chevron up icon
Other Books You May Enjoy Chevron down icon Chevron up icon

Customer reviews

Rating distribution
Full star icon Full star icon Full star icon Empty star icon Empty star icon 3
(1 Ratings)
5 star 0%
4 star 0%
3 star 100%
2 star 0%
1 star 0%
SwedishMike Apr 08, 2019
Full star icon Full star icon Full star icon Empty star icon Empty star icon 3
This is a decent introduction to pfSense and I fully realise that an introductory book can't cover everything. It covers the basics like installation and initial configuration.There are some things that I think could have been done differently - like for example using 'block a website' as a firewall example feels a bit weird. Maybe showing how to block allow different ports outbound for different hosts could have been a better example - or possibly a second example.One thing I definitely think is missing is talking about logs on the device. Including how to get logs off the device onto a syslog server and/or something like ELK or Splunk.If you have experience of firewalls this book might not be for you - if you're starting on your journey with pfSense it will probably make sense. Pun intended.
Amazon Verified review Amazon
Get free access to Packt library with over 7500+ books and video courses for 7 days!
Start Free Trial

FAQs

How do I buy and download an eBook? Chevron down icon Chevron up icon

Where there is an eBook version of a title available, you can buy it from the book details for that title. Add either the standalone eBook or the eBook and print book bundle to your shopping cart. Your eBook will show in your cart as a product on its own. After completing checkout and payment in the normal way, you will receive your receipt on the screen containing a link to a personalised PDF download file. This link will remain active for 30 days. You can download backup copies of the file by logging in to your account at any time.

If you already have Adobe reader installed, then clicking on the link will download and open the PDF file directly. If you don't, then save the PDF file on your machine and download the Reader to view it.

Please Note: Packt eBooks are non-returnable and non-refundable.

Packt eBook and Licensing When you buy an eBook from Packt Publishing, completing your purchase means you accept the terms of our licence agreement. Please read the full text of the agreement. In it we have tried to balance the need for the ebook to be usable for you the reader with our needs to protect the rights of us as Publishers and of our authors. In summary, the agreement says:

  • You may make copies of your eBook for your own use onto any machine
  • You may not pass copies of the eBook on to anyone else
How can I make a purchase on your website? Chevron down icon Chevron up icon

If you want to purchase a video course, eBook or Bundle (Print+eBook) please follow below steps:

  1. Register on our website using your email address and the password.
  2. Search for the title by name or ISBN using the search option.
  3. Select the title you want to purchase.
  4. Choose the format you wish to purchase the title in; if you order the Print Book, you get a free eBook copy of the same title. 
  5. Proceed with the checkout process (payment to be made using Credit Card, Debit Cart, or PayPal)
Where can I access support around an eBook? Chevron down icon Chevron up icon
  • If you experience a problem with using or installing Adobe Reader, the contact Adobe directly.
  • To view the errata for the book, see www.packtpub.com/support and view the pages for the title you have.
  • To view your account details or to download a new copy of the book go to www.packtpub.com/account
  • To contact us directly if a problem is not resolved, use www.packtpub.com/contact-us
What eBook formats do Packt support? Chevron down icon Chevron up icon

Our eBooks are currently available in a variety of formats such as PDF and ePubs. In the future, this may well change with trends and development in technology, but please note that our PDFs are not Adobe eBook Reader format, which has greater restrictions on security.

You will need to use Adobe Reader v9 or later in order to read Packt's PDF eBooks.

What are the benefits of eBooks? Chevron down icon Chevron up icon
  • You can get the information you need immediately
  • You can easily take them with you on a laptop
  • You can download them an unlimited number of times
  • You can print them out
  • They are copy-paste enabled
  • They are searchable
  • There is no password protection
  • They are lower price than print
  • They save resources and space
What is an eBook? Chevron down icon Chevron up icon

Packt eBooks are a complete electronic version of the print edition, available in PDF and ePub formats. Every piece of content down to the page numbering is the same. Because we save the costs of printing and shipping the book to you, we are able to offer eBooks at a lower cost than print editions.

When you have purchased an eBook, simply login to your account and click on the link in Your Download Area. We recommend you saving the file to your hard drive before opening it.

For optimal viewing of our eBooks, we recommend you download and install the free Adobe Reader version 9.