Pfsense newbie looking for advice/help setting up new system
-
I am very new to network setup/firewall rules but I am fairly technically capable and not afraid to take on new things. I have to be honest though and say the network setup/firewall rules is a little overwhelming/intimidating. I am looking for some help on tutorials or guides to setup my system. Hopefully you can help point me in the right direction or provide advice on how to setup my system. Even just helping to break down the major steps for me would help out.
My hardware consists of the following:
- Mac Mini mid 2011 2.3ghz i5, 8gb ram, with main nic, and extra nic via Thunderbolt Ethernet adapter
- Netgear GS748T Managed switch
- AC1750 Wireless Dual Band Gigabit Router
- Comcast internet/TV via Netgear cable modem (no router functionality)
I already have pfsense installed on the Mac Mini and everything looks good. Even has AES support.
I would like to set up my network so I have the following devices isolated from each other. I am assuming I will need to setup VLAN's on my managed switch.- Kids computers (one on Ethernet other on wifi)
- Internet of things devices (cameras, etc), Xboxes, etc.
- Work computers (two of them one on Ethernet the other a laptop on wifi).
- Freenas server (accessible by work computers).
I would ideally like to be able to monitor bandwidth of all devices individually as well as be able to restrict what hours the kids computers can access the network.
I would like to either use pfblocker or pihole on my network to provide ad blocking.
I do not need a VPN setup currently as I rarely travel and am home most of the time.Thank you in advance for any help provided!
-
This guide will get you going on how to create the VLANs you want.
https://docs.netgate.com/pfsense/en/latest/book/vlan/pfsense-vlan-configuration.html
You can then create firewall rules on each interface to restrict access outbound. By default, only the LAN interface gets a Default Allow rule that passes all traffic from LAN to anywhere. All other interfaces, ie your VLANs, will require at least one rule added in order for them to talk.
I would stick with pfB instead of pihole as you then only have one device to worry about, and if pfSense goes down then you have bigger fish to fry then adblocking, ha!
Bandwidth monitoring can be done with ntop or lightsquid, depending on if you want all traffic or just http/s.
https://www.youtube.com/watch?v=_jBufEhP_IU
You can do scheduling with pfSense but the interface is a little clunky, and you're limited to 15 minute intervals IIRC. You create a schedule and then create a firewall rule and link to it.