pfSense initial configuration

We now offer pfSense to install on your VPS. You can use pfSense for multiple purposes, such as a firewall for one or more other VPSes or as a VPN gateway for your internal network. There are many configuration options. To get you started, we'll show a configuration example here.

See here to see how you can configure your virtual network. You can do this after the initial setup (the guide below indicates when to do so).

After installing and opening your video display, you'll notice that there is only one networking interface. You will configure this interface as your WAN interface, as shown below (choices: n, vtnet0, empty, y).

vps0.png

Screen_Shot_2017-03-10_at_12.26.19.png

You should now be able to access your pfSense installation via your web browser. Navigate to the server's IP address via https and login using the admin user and your password. You may ignore the certificate warning (a certificate may be uploaded or generated afterwards). You can cancel the initial setup by clicking the pfSense logo.

  • Go to Firewall -> Rules:

Screen_Shot_2017-03-10_at_12.33.37.png

  • Add a rule which allows HTTPS access. Even though there is an anti-lockout rule which currently allows access, you still need to add this rule. When the LAN interface is configured, the anti-lockout rule will be automatically moved from WAN to LAN, preventing external access if you don't add this rule!

pf_fwrule.png

  • After saving, click the "Apply Changes" button.
  • Shut down the VPS from the Tilaa interface and add or create the private network as instructed above. After starting the VPS again and opening your video display, press "1" to assign interfaces:

Screen_Shot_2017-03-10_at_12.44.30.png

  • You will again not have to configure any VLANs, choose "n" here.
  • vtnet0 will be your WAN interface.
  • vtnet1 will be your LAN interface.
  • You will not need an optional interface, just hit your enter key here:

Screen_Shot_2017-03-10_at_12.03.15.png

  • Your LAN interface has been added:

pf_addedlan.jpg

  • You'll need to configure an IP address on your LAN interface. Press "2" in the menu and press "2" again to select your LAN interface.

You can create a subnet from the following pools (RFC1918):

  • 10.x.x.x (/8)
  • 172.16-31.x.x (/12)
  • 192.168.x.x  (/16)

Note that, should you want to use VPN connections (not covered in this article), you may want to use a non-commonly used client subnet to prevent overlapping with existing private subnets. For connections originating from residential lines, likely the 172.16.x.x range is least used.

For this example, we have used an example network range which will be 172.31.0.1 with netmask 255.255.255.0 (In other words, a /24). the pfSense installation will use 172.31.0.1 as it's IP address, the VM's can use other IP's in this pool (172.31.0.2/24 and so forth) and may be configured according to the above guide.

To keep things simple, clients behind the firewall will be using static addressing. If you do want to use DHCP on your LAN interface, ensure you configure the DHCP lease time to be long enough or (recommended) use static mappings, both can be configured via the web interface. Since static mappings cannot be in the DHCP pool, take notice when configuring the DHCP scope.

Screen_Shot_2017-03-10_at_12.14.17.png

  • Once this is done, you'll get back to the pfSense initial configuration screen, reflecting your changes.

finalv2.jpg

You're done with your initial configuration. You can access your pfSense instance again via your web browser. You may now further start configuring your appliance and configure e.g. the correct time zone. It is recommended to allow ICMP (echo req) traffic on your WAN interface. Your pfSense will not respond to echo requests (ping) if you don't.

Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.