pfSense is a powerful open-source firewall and router distribution based on FreeBSD. On the Tilaa platform, it is often used as a gateway to protect other servers within a Private Network (VLAN) or as a VPN endpoint.
Step 1: First Boot & Interface Assignment
After deploying the pfSense appliance, you need to perform the initial interface assignment via the console.
- Log in to the MyTilaa Dashboard.
- Open the Video Display for your VPS.
- The setup wizard will ask to assign interfaces.
-
VLANs: Type
n(No). -
WAN Interface: Type
vtnet0. - LAN Interface: Press Enter (leave empty for now).
-
VLANs: Type
- Confirm the settings with
y.
Once the boot process finishes, you will see the console menu. Note the WAN IP address displayed.
Step 2: The Critical "Anti-Lockout" Rule
STOP! Read this before proceeding.
By default, pfSense allows access to the web interface via WAN. However, the moment you configure a LAN interface later, pfSense will block web access on WAN automatically.
You MUST create a manual "Allow" rule now, or you will lock yourself out in Step 3.
By default, pfSense allows access to the web interface via WAN. However, the moment you configure a LAN interface later, pfSense will block web access on WAN automatically.
You MUST create a manual "Allow" rule now, or you will lock yourself out in Step 3.
- Open your web browser and navigate to
https://<your-wan-ip>. - Log in with username
adminand the password found in your Tilaa Dashboard. - Complete the initial setup wizard (Hostname, DNS, Timezone).
- Go to Firewall > Rules > WAN.
- Click Add (Arrow pointing up/down) to create a new rule:
- Action: Pass
- Interface: WAN
- Protocol: TCP
- Source: Any (or restrict to your Office IP for security).
- Destination: WAN Address.
- Destination Port Range: HTTPS (443).
- Click Save and then Apply Changes.
Step 3: Adding the Private Network (LAN)
Now that access is secured, we can add the internal network.
- Shut down the VPS via the Tilaa Dashboard.
- Go to the Network tab and add your Virtual Private Network interface.
- Start the VPS and open the Video Display again.
Re-assign Interfaces:
- In the console menu, select Option 1 (Assign Interfaces).
-
WAN:
vtnet0 -
LAN:
vtnet1(This is the new interface). - Confirm with
y.
Step 4: Configuring the LAN IP
You must assign a static private IP to the LAN interface to act as the gateway for your other servers.
- In the console menu, select Option 2 (Set interface(s) IP address).
- Select the LAN interface (2).
- Enter a private IP (e.g.,
10.0.0.1or172.16.0.1). - Enter the subnet bit count (e.g.,
24for 255.255.255.0). - Upstream Gateway: Press Enter (None).
-
DHCP Server: Type
n(No) unless you specifically need it. We recommend static IPs for servers.
Setup Complete!
Your pfSense is now ready. You can configure your other VPSs to use the LAN IP (e.g., 10.0.0.1) as their Default Gateway to route traffic through the firewall.
Your pfSense is now ready. You can configure your other VPSs to use the LAN IP (e.g., 10.0.0.1) as their Default Gateway to route traffic through the firewall.
Tip: Enable Ping
By default, pfSense blocks ICMP (Ping) on WAN. To monitor your server, go to Firewall > Rules > WAN and add a rule to pass protocol ICMP (Echo Request).
By default, pfSense blocks ICMP (Ping) on WAN. To monitor your server, go to Firewall > Rules > WAN and add a rule to pass protocol ICMP (Echo Request).