Difference between revisions of "Pfsense"

From Security Weekly Wiki
Jump to navigationJump to search
Line 30: Line 30:
  
 
Now go get a cup of coffee, it takes a while. Notice I used the image labeled "2g", for 2 gig, which is the size of my card.
 
Now go get a cup of coffee, it takes a while. Notice I used the image labeled "2g", for 2 gig, which is the size of my card.
 +
 +
== Configure an IP address in the Serial Interface ==
 +
 +
== Setup the Wifi Interface using the Web UI ==
 +
 +
[[File:interfaces.png|5500px|thumb|center|alt text]]
  
 
= Tech Segment: Installing pfSense on an Alix.6e1 by InternMike & PaulDotCom=
 
= Tech Segment: Installing pfSense on an Alix.6e1 by InternMike & PaulDotCom=

Revision as of 18:20, 12 January 2012

Tech Segment: Using pfSense and an Alix.6F2 For A Wireless Access Point

Hardware List

All hardware for this project came from www.netgate.com:

  1. ALIX.6F2 Kit Black Unassembled - $188 - This kit comes with the board, power supply, CF card, and enclosure.
  2. Atheros WLM54G-HP mini PCI Card, U.FL to RP-SMA pigtails (two), 5.5 dbi rubber duck antennas (two) - $88 - This is the wireless card, with all the fixings!
  3. 2.4 GHz 9 dBi Rubber Duck Omni Antenna RP-SMA - Bigger is better, right? I want to cover my entire house with one 802.11g access point.

Total cost: $305.77

Get pfSense and Install on CF Card

For the embedded version, make sure you get the NanoBSD images.

Important, verify that you are installing the operating system on the correct disk image:

# df -h
Filesystem      Size   Used  Avail Capacity  Mounted on
/dev/disk0s2   465Gi  425Gi   40Gi    92%    /
devfs          185Ki  185Ki    0Bi   100%    /dev
map -hosts       0Bi    0Bi    0Bi   100%    /net
map auto_home    0Bi    0Bi    0Bi   100%    /home
/dev/disk1s1   7.5Gi  805Mi  6.7Gi    11%    /Volumes/AVST

On OS X, for example, the OS disk is "disk0", try not to overwrite that one (even though you'd likely get an error that its already in use, however I did not test that!). Then use the following command to dump the image on the CF card:

# gzcat pfSense-2.0.1-RELEASE-2g-i386-nanobsd.img.gz | dd of=/dev/disk3 bs=16k

Now go get a cup of coffee, it takes a while. Notice I used the image labeled "2g", for 2 gig, which is the size of my card.

Configure an IP address in the Serial Interface

Setup the Wifi Interface using the Web UI

alt text

Tech Segment: Installing pfSense on an Alix.6e1 by InternMike & PaulDotCom

We here at PaulDotCom love FreeBSD. We also love beer, and so we've been looking for an economical (read: cheap) way to install a firewall without raiding our beer fund. I also have to say, that I am totally in love with the ALIX.6e1 hardware platform:

2 10/100 LAN / 1 miniPCI / 1 miniPCI Express / AMD LX800 / 256 MB / 2 USB / DB9 serial port / CF Card slot / Board size: 6 x 6

pfSense is a FreeBSD-based project that has been special purposed for use as either a firewall or router. The project started in 2004 as a fork of the embedded firewall software package called m0n0wall. pfSense is focused towards full PC installations rather than the embedded hardware focus of m0n0wall. After some research, we decided to purchase the ALIX6E1 kit as there was a lot of web documentation for the project and well, because it was a sweet red color that made Larry crazy. Well, more crazy than his usual self.

Sexyred.png "Sexy red firewall..."

First step: break out the credit card

As we hold a strong belief that you should purchase from the vendor whose Google page ranking is first in search results, we clicked the link to Netgate's ALIX 6E1. Netgate's ALIX 6E1 Costs $175, or roughly a box of PADRON 7000's

The kit includes:

  • ALIX.6E1 system board (2/1/1/256/LX800)
  • Laser etched red aluminum enclosure with USB and antenna cutouts
  • Blank 2 GB Sandisk Ultra II CF Card
  • 15V 1.25A 18W power supply (US 3 prong plug style)

You will also need a Compact Flash card writer for installing the pfSense operating system. The one we used cost $10.00 or one PADRON 1926 Series Cigar.

Next you will need the pfSense & physdiskwrite Software, Cost: FREE! (or what a sexy blond pays to drink beer at a frat party).

Second step: Download the necessary packages

We needed the embedded version specifically created for the 2GB CF card size. The embedded version performs only reads from the flash card, with read/write file systems as RAM disks as compact flash cannot handle many write operations. The embedded versions can be found on pfSense's mirror list

Third step: Install the pfSense operating system on our CF card

pfSense's documentation does a good job. We used a Windows PC as all our other boxes were busy umm analyzing pr0n, so we opted for the physdiskwrite method.

WARNING: Follow the documentation's advice and be sure you are not overwriting the wrong disk!

C:\Documents and Settings\All Users\Documents>physdiskwrite.exe pfSense-1.2.3-2g
-20091207-1914-nanobsd.img

physdiskwrite v0.5.2 by Manuel Kasper <mk@neon1.net>

Searching for physical drives...

Information for \\.\PhysicalDrive0:
   Windows:       cyl: 19452
                  tpc: 255
                  spt: 63
   C/H/S:         16383/16/63
   Model:         ST3160812AS
   Serial number:             9LS0V1FC
   Firmware rev.: 3.ADH

Information for \\.\PhysicalDrive1:
DeviceIoControl() failed on \\.\PhysicalDrive1.

Information for \\.\PhysicalDrive2:
   Windows:       cyl: 244
                  tpc: 255
                  spt: 63

Information for \\.\PhysicalDrive3:
DeviceIoControl() failed on \\.\PhysicalDrive3.

Information for \\.\PhysicalDrive4:
DeviceIoControl() failed on \\.\PhysicalDrive4.

Which disk do you want to write? (0..2) 2
About to overwrite the contents of disk 2 with new data. Proceed? (y/n) y
2001194496/2001194496 bytes written in total

C:\Documents and Settings\All Users\Documents>

Fourth step: Find a desktop PC for a serial connection to the Alix

You'll need either a USB to serial converter cable or a desktop PC to connect the serial cable. In OS X I've used the USB to Serial cable and software called "Zterm". You can also use the command line utility called "screen", or several other free programs.

Fifth Step: Bootup the device and fire up Windows' hyperterminal

Use the following settings for the connection:

  • Baud rate: 9600
  • Data: 8 bit
  • Parity: None
  • Stop: 1 bit
  • Flow control: None

Now we boot into pfSense. As the bootloader comes there are 7 options listed. The first choice you will be asked is

“Do you want to set up     VLAN's now [y|n]?”  select no or 'n'.    

Then you are asked to

“Enter your LAN interface name”,  

We used 'fxp1'. Next,

“Enter your WAN interface name”  

We entered 'fxp2'. Next,

“Enter the Optional 1 interface name”,  

here we used 'fxp0'.

Using the above examples, you'd see  “The interfaces will be assigned as follows:”
LAN  -> fxp1
WAN ->  fxp2
OPT1 -> fxp0
Do you want to proceed [y|n]?                      (make sure you enter 'y' here).

pfSense is now running in RAM and almost fully functional. If you wish you may plug your LAN interface into a hub or switch and connect via the web interface. pfSense is by default assigned an ip of 192.168.1.1. Open your browser and navigate to http://192.168.1.

  • If you choose to login the username is 'admin' and the password is 'pfsense'.

Guides & Further Reading