4 min read

 

pfSense 2 Cookbook

pfSense 2 Cookbook A practical, example-driven guide to configuring even the most advanced features of pfSense 2.0
      Read more about this book      

(For more resources related to this subject, see here.)

Q: What are the minimum hardware requirements for pfSense?
A: The minimum requirements for a pfSense installation are 500Mhz, 128MB RAM, and 1GB hard disk space.

Q: How does pfSense identify and assign interfaces?
A: pfSense, like any other computer operating system, references each NIC by some unique value (fxp0, em0, em1, and so on). These unique identifiers are often associated with the driver being used and make it easier for us humans to use than the associated MAC address (00:80:0c:12:01:52). Taking that concept a step further, an interface is simply a named placeholder for each port: fxp0=WAN, em0=LAN, em1=DMZ, and so on.

Q: How to enable the Secure Shell (SSH) service in pfSense?
A: SSH is a networking protocol that allows encrypted communication between two devices. Enabling SSH allows secure access to the pfSense console remotely, just as if you were sitting in front of the physical console.

  1. Browse to System | Advanced | Secure Shell.
  2. Check Enable Secure Shell.
  3. You will be prompted for credentials when you connect (use the same username and password as the webGUI), but checking Disable password login for Secure Shell will allow you to use RSA keys instead.
  4. Leave the SSH port blank to use the default port:

    (Move the mouse over the image to enlarge it.)

  5. Save the changes and the SSH service will be started.

Enabling the Secure Shell turns on pfSense’s built-in SSH server to listen to requests on the port you’ve specified (port 22 by default).
Like all pfSense services (unless otherwise noted), the SSH service will listen on every available interface. Like other services, firewall’s rules are used to grant or deny access to these services.

 

Q: How does pfSense assign DNS servers to the DHCP clients?
A: Specify any DNS server to be automatically assigned to our DHCP clients. If left blank, pfSense will automatically assign DNS servers to our clients in one of the following two ways:

  • If DNS Forwarder is enabled, then the IP address of the interface is used. This is because the DNS Forwarder turns the pfSense machine itself into a DNS server, so the IP of the pfSense machine (that is, the gateway, which varies by interface) is assigned to each client.
  • If DNS Forwarder isn’t enabled, then the DNS Servers configured on the General Setup page are used. And of course if, Allow DNS server list to be overridden by DHCP/PPP on WAN is enabled in General Setup, then the DNS servers obtained through the WAN will be used instead.

 

Q: What happens if the Register DHCP Leases in DNS Forwarder is enabled?
A: If the Register DHCP Leases in DNS Forwarder option is enabled, pfSense will automatically register any devices that specify a hostname when submitting a DNS request. The downside, of course, is that not all devices submit a hostname and even when they do, it is sometimes cryptic. I prefer to only register important devices using DHCP static mappings, and all other (unimportant/unknown) devices can be referenced using their IP addresses.

Q: What is an alias? What are the different types of aliases in pfSense?
A: An alias is a place-holder (that is a variable) for information that may change. Aliases provide a degree of separation between our rules and values that may change in the future (for example, IP addresses, ports, and so on). It’s best to use aliases whenever possible. The different types of aliases are as follows:

  • Host alias: Selecting Host(s) as an alias Type allows you to create an alias that holds one or more IP addresses.
  • Network alias: Selecting Network(s) as an alias Type allows you to create an alias that holds one or more networks (that is ranges of IP addresses).
  • Port alias: Selecting Port(s) as an alias Type allows you to create an alias that holds one or more ports.
  • OpenVPN Users alias: Selecting OpenVPN Users as an alias Type allows you to create an alias that holds one or more OpenVPN usernames.
  • URL alias: Selecting URL as an alias Type allows you to create an alias that holds one or more URLs.
  • URL Table alias: Selecting URL Table as an alias Type allows you to create an alias that holds a single URL pointing to a large list of addresses. This can be especially helpful when you need to import a large list of IPs and/or subnets.
  • Using an alias: Aliases can be used anywhere you see a red textbox. Simply begin typing and pfSense will display any available aliases that match the text you’ve entered.

LEAVE A REPLY

Please enter your comment!
Please enter your name here