Installation and Configuration of pfSense 2.4.4 Firewall Router

The Internet is a scary place these days. Almost daily, a new zero day, security breach, or ransomware occurs leaving many people wondering if it is possible to secure their systems.

Many organizations spends hundreds of thousands, if not millions, of dollars trying to install the latest and greatest security solutions to protect their infrastructure and data. Home user’s though are at a monetary disadvantage. Investing even a hundred dollars into a dedicated firewall is often beyond the scope of most home networks.

Thankfully, there are dedicated projects in the open source community that are making great strides in the home user security solutions arena. Projects like IPfire, Snort, Squid, and pfSense all provide enterprise level security at commodity prices!

PfSense is a FreeBSD based open source firewall solution. The distribution is free to install on one’s own equipment or the company behind pfSense, NetGate, sells pre-configured firewall appliances.

The required hardware for pfSense is very minimal and typically an older home tower can easily be re-purposed into a dedicated pfSense Firewall. For those looking to build or purchase a more capable system to run more of pfSense’s advanced features, there are some suggested hardware minimums:

Hardware Minimums

  • 500 mhz CPU
  • 1 GB of RAM
  • 4GB of storage
  • 2 network interface cards

Suggested Hardware

  • 1GHz CPU
  • 1 GB of RAM
  • 4GB of storage
  • 2 or more PCI-e network interface cards.

Serious Home User Hardware Suggestions (and Enterprises)

In the event that a home user would like to enable many of the extra features and functions of pfSense such as Snort, Anti-Virus scanning, DNS blacklisting, web content filtering, etc the recommended hardware becomes a little more involved.

To support the extra software packages on the pfSense firewall, it is recommended that the following hardware be provided to pfSense:

  • Modern multi-core CPU running at least 2.0 GHz
  • 4GB+ of RAM
  • 10GB+ of HD space
  • 2 or more Intel PCI-e network interface cards

Installation of pfSense 2.4.4

In this section, we will see the installation of pfSense 2.4.4 (latest version at the time of writing this article).

The Lab Setup

pfSense is often frustrating for users new to firewalls. The default behavior for many firewalls is to block everything, good or bad. This is great from a security standpoint but not from a usability standpoint. Before starting into the installation, it is important to conceptualize the end goal before beginning the configurations.

pfSense Network Diagram

pfSense Network Diagram

Downloading pfSense

Regardless of which hardware is chosen, installing pfSense to the hardware is a straightforward process but does require the user to pay close attention to which network interface ports will be used for which purpose (LAN, WAN, Wireless, etc).

Part of the installation process will involve prompting the user to begin configuring LAN and WAN interfaces. The author suggests only plugging in the WAN interface until pfSense has been configured and then proceed to finish the installation by plugging in the LAN interface.

The first step is to obtain the pfSense software from https://www.pfsense.org/download/. There are a couple of different options available depending on the device and installation method but this guide will utilize the ‘AMD64 CD (ISO) Installer’.

Using the drop down menu’s on the link provided earlier, select an appropriate mirror to download the file.

Once the installer has been downloaded, it can either be burned to a CD or it can be copied to a USB drive with the ‘dd’ tool included in most Linux distributions.

The next process is to write the ISO to a USB drive to boot the installer. To accomplish this, use the ‘dd’ tool within Linux. First, the disk name needs to be located with ‘lsblk’ though.

$ lsblk
Find Device Name in Linux

Find Device Name in Linux

With the name of the USB drive determined as ‘/dev/sdc’, the pfSense ISO can be written to the drive with the ‘dd’ tool.

$ gunzip ~/Downloads/pfSense-CE-2.4.4-RELEASE-p1-amd64.iso.gz
$ dd if=~/Downloads/pfSense-CE-2.4.4-RELEASE-p1-amd64.iso of=/dev/sdc

Important: The above command requires root privileges so utilize ‘sudo’ or login as the root user to run the command. Also this command will REMOVE EVERYTHING on the USB drive. Be sure to backup needed data.

Installation of pfSense

Once ‘dd’ has finished writing to the USB drive or the CD has been burnt, place the media into the computer that will be setup as the pfSense firewall. Boot that computer to that media and the following screen will be presented.

pfSense Boot Menu

pfSense Boot Menu

At this screen, either allow the timer to run out or select 1 to proceed booting into the installer environment. Once the installer finishes booting, the system will prompt for any changes desired in the keyboard layout. If everything shows in a native language, simply click on ‘Accept these Settings’.

pfSense Configure Console

pfSense Configure Console

The next screen will provide the user with the option of a ‘Quick/Easy Install’ or more advanced install options. For the purposes of this guide, it is suggested to simply use the ‘Quick/Easy Install’ option.

pfSense Installation Option

pfSense Installation Option

The next screen will simply confirm that the user desires to use the ‘Quick/Easy Install’ method which won’t ask as many questions during the installation.

The first question that is likely to be presented will ask about which kernel to install. Again, it is suggested that the ‘Standard Kernel’ be installed for most users.

pfSense Standard Kernel

pfSense Standard Kernel

When the installer has finished this stage, it will prompt for a reboot. Be sure to remove the installation media as well so the machine doesn’t boot back into the installer.

pfSense Installation Complete

pfSense Installation Complete

pfSense Configuration

After the reboot, and the removal of the CD/USB media, pfSense will reboot into the newly installed operating system. By default, pfSense will pick an interface to set-up as the WAN interface with DHCP and leave the LAN interface unconfigured.

pfSense Interface Configuration

pfSense Interface Configuration

While pfSense does have a web based graphical configuration system, it is only running on the LAN side of the firewall but at the moment, the LAN side will be unconfigured. The first thing to do would be to set an IP address on the LAN interface.

To do this follow these steps:

  • Take note of which interface name is the WAN interface (em0 above).
  • Enter ‘1’ and press the ‘Enter’ key.
  • Type ‘n’ and press the ‘Enter’ key when asked about VLANs.
  • Type in the interface name recorded in step one when prompted for the WAN interface or change to the proper interface now. Again this example, ‘em0’ is the WAN interface as it will be the interface facing the Internet.
  • The next prompt will ask for the LAN interface, again type the proper interface name and hit the ‘Enter’ key. In this install, ‘em1’ is the LAN interface.
  • pfSense will continue to ask for more interfaces if they are available but if all interfaces have been assigned, simply hit the ‘Enter’ key again.
  • pfSense will now prompt to ensure that the interfaces are assigned properly.
pfSense Network Interfaces

pfSense Network Interfaces

  • If the interfaces are correct, type ‘y’ and hit the ‘Enter’ key.

  • The next step will be to assign the interfaces the proper IP configuration. After pfSense returns to the main screen, type ‘2’ and hit the ‘Enter’ key. (Be sure to keep track of the interface names assigned to the WAN and LAN interfaces).

    *NOTE* For this install the WAN interface can use DHCP without any problems but there may be instances where a static address would be required. The process for configuring a static interface on the WAN would be the same as the LAN interface that is about to be configured.

    Type ‘2’ again when prompted for which interface to set IP information. Again 2 is the LAN interface in this walk through.

    pfSense Available Interfaces

    pfSense Available Interfaces

    When prompted, type the IPv4 address desired for this interface and hit the ‘Enter’ key. This address should not be in use anywhere else on the network and will likely become the default gateway for the hosts that will be plugged into this interface.

    pfSense IP Address

    pfSense IP Address

    The next prompt will ask for the subnet mask in what is known as prefix mask format. For this example network a simple /24 or 255.255.255.0 will be used. Hit the ‘Enter’ key when done.

    pfSense Network Subnet Mask

    pfSense Network Subnet Mask

    The next question will ask about an ‘Upstream IPv4 Gateway’. Since the LAN interface is currently be configured, simply hit the ‘Enter’ key.

    pfSense Network Gateway

    pfSense Network Gateway

    The next prompt will ask to configure IPv6 on the LAN interface. This guide is simply using IPv4 but should the environment require IPv6, it can be configured now. Otherwise, simply hitting the ‘Enter’ key will continue.

    pfSense IPv6 Address

    pfSense IPv6 Address

    The next question will ask about starting the DHCP server on the LAN interface. Most home users will need to enable this feature. Again this may need to be adjusted depending on the environment.

    This guide assumes that the user will want the firewall to provide DHCP services and will allocate 51 addresses for other computers to obtain an IP address from the pfSense device.

    pfSense DHCP Configuration

    pfSense DHCP Configuration

    The next question will ask to revert pfSense’s web tool to the HTTP protocol. It is strongly encouraged NOT to do this as the HTTPS protocol will provide some level of security to prevent disclosure of the admin password for the web configuration tool.

    pfSense HTTP Protocol

    pfSense HTTP Protocol

    Once the user hits ‘Enter’, pfSense will save the interface changes and start the DHCP services on the LAN interface.

    pfSense Interface URL

    pfSense Interface URL

    Notice that pfSense will provide the web address to access the web configuration tool via a computer plugged in on the LAN side of the firewall device. This concludes the basic configuration steps to make the firewall device ready for more configurations and rules.

    The web interface is accessed through a web browser by navigating to the LAN interface’s IP address.

    pfSense Login Interface

    pfSense Login Interface

    The default information for pfSense at the time of this writing is as follows:

    Username: admin
    Password: pfsense
    

    After a successful login through the web interface for the first time, pfSense will run through an initial setup to reset the admin password.

    pfSense Setup Wizard

    pfSense Setup Wizard

    The first prompt is for a registration to pfSense Gold Subscription which has benefits such as automatic configuration backup, access to the pfSense training materials, and periodic virtual meetings with pfSense developers. Purchasing of a Gold subscription isn’t required and the step can be skipped if desired.

    The following step will prompt the user for more configuration information for the firewall such as hostname, domain name (if applicable), and DNS servers.

    pfSense General Information

    pfSense General Information

    The next prompt will be to configured Network Time Protocol, NTP. The default options can be left unless different time servers are desired.

    pfSense Network Time Protocol

    pfSense Network Time Protocol

    After setting up NTP, the pfSense installation wizard will prompt the user to configure the WAN interface. pfSense supports multiple methods for configuring the WAN interface.

    The default for most home users is to use DHCP. DHCP from the user’s internet service provider is the most common method for obtaining the necessary IP configuration.

    pfSense WAN Configuration

    pfSense WAN Configuration

    The next step will prompt for configuration of the LAN interface. If the user is connected to the web interface, the LAN interface has likely already been configured.

    However, if the LAN interface needs to be changed, this step would allow for changes to be made. Make sure to remember what the LAN IP address is set to as this is how the
    administrator will access the web interface!

    pfSense LAN Configuration

    pfSense LAN Configuration

    As with all things in the security world, default passwords represent an extreme security risk. The next page will prompt the administrator to change the default password for the ‘admin’ user to the pfSense web interface.

    pfSense Admin Setup

    pfSense Admin Setup

    The final step involves restarting pfSense with the new configurations. Simply click the ‘Reload’ button.

    pfSense Configuration Reload

    pfSense Configuration Reload

    After pfSense reloads, it will present the user with a final screen before logging into the full web interface. Simply click the second ‘Click Here’ to log into the full web interface.

    pfSense Wizard Completed

    pfSense Wizard Completed

    At last pfSense is up and ready to have rules configured!

    pfSense Dashboard

    pfSense Dashboard

    Now that pfSense is up and running, the administrator will need to go through and create rules to allow the appropriate traffic through the firewall. It should be noted that pfSense has a default allow all rule. For security sake, this should be changed but this is again an administrator’s decision.

    Read Also : Install and Configure pfBlockerNg for DNS Black Listing in pfSense Firewall

    Thank you for reading through this TecMint article on pfSense installation! Stay tuned for future articles on configuring some of the more advanced options available in pfSense.

Best Affordable Linux and WordPress Services For Your Business
Outsource Your Linux and WordPress Project and Get it Promptly Completed Remotely and Delivered Online.

If You Appreciate What We Do Here On TecMint, You Should Consider:

  1. Stay Connected to: Twitter | Facebook | Google Plus
  2. Subscribe to our email updates: Sign Up Now
  3. Get your own self-hosted blog with a Free Domain at ($3.45/month).
  4. Become a Supporter - Make a contribution via PayPal
  5. Support us by purchasing our premium books in PDF format.
  6. Support us by taking our online Linux courses

We are thankful for your never ending support.

Rob Turner

Rob Turner is an avid Debian user as well as many of the derivatives of Debian such as Devuan, Mint, Ubuntu, and Kali. Rob holds a Masters in Information and Communication Sciences as well as several industry certifications from Cisco, EC-Council, ISC2, Linux Foundation, and LPI.

Your name can also be listed here. Got a tip? Submit it here to become an TecMint author.

RedHat RHCE and RHCSA Certification Book
Linux Foundation LFCS and LFCE Certification Preparation Guide

You may also like...

22 Responses

  1. varun says:

    Could you guys do a video on PFsense as well please.

  2. Rob Turner says:

    Chidi,

    If you followed this guide, you will have installed PFsense over your CentOS installation….

    You would have to reinstall CentOS in order to get it back.

  3. chidi says:

    Hi, I have finished configuring pfsense on my system, but whenever i tried to reboot my system it tends to return to pfsense.

    Please how do i return to CENTOS ?

Got something to say? Join the discussion.

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.