Installation glitches on 2.1-RELEASE
-
pfSense 2.1 looks like a decent firewall, but there are several glitches in the
installation and configuration wizard, which would cost you a couple of days, a
few clean installs or resets to defaults, plus more than a basic knowledge of the
IP routing/networking and Linux administration.1. The initial setup should be done from the console on the PC running pfSense,
so the headless installation is impossible. (Firewalls are usually on the racks
in the server room, no keyboard or display attached.) Installing pfSense on one
computer (with a display) and the moving the HDD to a slightly different computer
does not work (Linux distributions usually survive such migrations.)2. The initial setup requires configuring interfaces for WAN and LAN. After configuring
WAN pfSense suggests to use https://wan_ip_address for further configuration, but
this obviously does not work because all WAN ports are initially (and correctly) closed.
_Luckily, after configuring LAN, pfSense suggests to use https://lan_ip_address for further
configuration, and this really works, because all LAN traffic is allowed by default.4. Running web installer on https://lan_ip_address starts the installation wizard.
Here you find out that some of your previous WAN installations (step 2), like the default
gateway address on WAN, are forgotten, the same for the forgotten DHCP range for LAN
(you already set up in step 3).5. The most difficult installation error (quite impossible to figure) is that after all wizard
manipulations, you cannot ping remote hosts from the LAN, although DNS works, and all
traffic from the LAN to WAN is allowed by default. The secret is that you have to say
NONE to the LAN gateway(another option is GW_LAN…), although the default gateway on
the LAN should and does exist (192.168.1.1 in my case). This is very confusing.6. The ssh service (unlike other services like dhcp) cannot be switched on/off from the web
interface. Bad luck if you forgot to enable it from the console setup in step 1 and
disconnected the display.7. Bad luck if you disconnected the display and ticked the boxes "Block private and bogon
networks". This immediately cuts you off from remote web-administering your computer on
the LAN (although the provided explanation says they should be turned ON). You need to
restart form step 1.8. For some unknown reason the TCP port 21 (ftp, who uses it anyway?) is open by default,
and cannot be closed.9. The pfSense search engine is quite weak, google with site:ofsense.org is more productive.
10. Although I checksumed the CD and burned it with checks on several computers, there is some
Medium error asc: 11, 5 (L-EC uncorrectable error)_