SG-4860 ------- # setup ATT ----------------------------------------------------------------------- # Configure ATT to use 172.16.* private IP address space # needed because of some pfsense bug that doesn't allow you to have ATT # and pfsense in the same private IP address space # ATT Gateway: 172.16.0.1 # reset ATT, if needed # Home > Restart your System -------------------------- # Settings > Diagnostics > Resets # System & Link Resets Clear Device List [Clear] # Configuration Resets Firewall Configuration Reset [Reset] # System & Link Resets Reset IP [Reset] Reset Broadband [Reset] Reboot System [Reset] # setup ATT for pfSense configuration # Settings > Firewall > Advanced Configuration -------------------------------------------- Block Ping [ ] Enable Strict UDP Session Control [ ] Enable [Save] # Settings > Firewall > Applications, Pinholes and DMZ ---------------------------------------------------- # Allow device application traffic to pass through firewall 1) Select a computer pfsense (.) Allow all applications (DMZplus mode) [Save] # Enter device access code [Submit] # Settings > LAN > LAN IP Address Allocation ------------------------------------------ # Public-Private NAT Mappings and Device IP Allocation Device pfsense Firewall disabled Address Assignment Public (select WAN IP Mapping) WAN IP Mapping Router WAN IP address (default) # --------------------------------------------------------------------- # setup pfSense --------------------------------------------------------------------- # plug-in WAN ethernet cable to ATT # plug-in LAN ethernet cable to computer site: 192.168.1.1 username: admin password: pfsense Setup Wizard ------------ # pfSense Setup --------------- [>> Next] # Netgate Global Support is available 24/7 ------------------------------------------ [>> Next] # General Information --------------------- Hostname "${hostname}" Domain home.arpa Primary DNS Server 9.9.9.9 Secondary DNS Server 149.112.112.112 Override DNS [ ] [Next] # Time Server Information ------------------------- Time server hostname 0.pfsense.pool.ntp.org Timezone: "${timezone}" [Next] # Configure WAN Interface ------------------------- SelectedType [DHCP] # RFC1918 Networks Block RFC1918 Private Networks [ ] # Block bogon networks Block bogon networks [x] [Next] # Configure LAN Interface ------------------------- LAN IP Address 192.168.1.1 Subnet Mask [24] [Next] # Set Admin WebGUI Password --------------------------- Admin Password ........ Admin Password AGAIN ........ [Next] [>> Reload] # Wizard completed ------------------ [Finish] # System > Advanced > Networking -------------------------------- # IPv6 Options Allow IPv6 [ ] Prefer IPv4 over IPv6 [x] IPv6 DNS entry [x] [Save] # Interfaces > WAN ------------------ # General Configuration IPv6 Configuration Type [None v] [Save] [Apply Changes] # Services > DNS Resolver > Advanced Settings --------------------------------------------- # Advanced Privacy Options Hide Identity [x] Hide Version [x] Query Name Minimization [x] # Advanced Resolver Options Prefetch Support [x] Prefetch DNS Key Support [x] Harden DNSSEC Data [x] Number of Hosts to Cache 20000 Unwanted Reply Threshold 10000000 Experimental Bit 0x20 Support [x] [Save] [Apply Changes] # setup DNS over TLS # Services > DNS Resolver > General Settings -------------------------------------------- # General DNS Resolver Options DNS Query Forwarding [x] Enable Forwarding Mode [x] Use SSL/TLS for outgoing DNS Queries to Forwarding Servers # Testing # dnsleaktest.com, extended test # returns ISP - WoodyNet $ scutil --dns | grep nameserver # returns pfSense IP address, using DNS resolver $ nslookup duckduckgo.com | grep 'Server\|Address' # returns pfSense IP address, using DNS resolver $ dig duckduckgo.com | grep 'SERVER' # returns pfSense IP address, using DNS resolver # https://dnssec.vs.uni-due.de/ # DNSSEC Test