Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Pfsense newbie looking for advice/help setting up new system

    Scheduled Pinned Locked Moved Problems Installing or Upgrading pfSense Software
    2 Posts 2 Posters 578 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      JoJa15
      last edited by

      I am very new to network setup/firewall rules but I am fairly technically capable and not afraid to take on new things. I have to be honest though and say the network setup/firewall rules is a little overwhelming/intimidating. I am looking for some help on tutorials or guides to setup my system. Hopefully you can help point me in the right direction or provide advice on how to setup my system. Even just helping to break down the major steps for me would help out.

      My hardware consists of the following:

      • Mac Mini mid 2011 2.3ghz i5, 8gb ram, with main nic, and extra nic via Thunderbolt Ethernet adapter
      • Netgear GS748T Managed switch
      • AC1750 Wireless Dual Band Gigabit Router
      • Comcast internet/TV via Netgear cable modem (no router functionality)

      I already have pfsense installed on the Mac Mini and everything looks good. Even has AES support.
      I would like to set up my network so I have the following devices isolated from each other. I am assuming I will need to setup VLAN's on my managed switch.

      • Kids computers (one on Ethernet other on wifi)
      • Internet of things devices (cameras, etc), Xboxes, etc.
      • Work computers (two of them one on Ethernet the other a laptop on wifi).
      • Freenas server (accessible by work computers).

      I would ideally like to be able to monitor bandwidth of all devices individually as well as be able to restrict what hours the kids computers can access the network.
      I would like to either use pfblocker or pihole on my network to provide ad blocking.
      I do not need a VPN setup currently as I rarely travel and am home most of the time.

      Thank you in advance for any help provided!

      1 Reply Last reply Reply Quote 0
      • KOMK
        KOM
        last edited by

        This guide will get you going on how to create the VLANs you want.

        https://docs.netgate.com/pfsense/en/latest/book/vlan/pfsense-vlan-configuration.html

        You can then create firewall rules on each interface to restrict access outbound. By default, only the LAN interface gets a Default Allow rule that passes all traffic from LAN to anywhere. All other interfaces, ie your VLANs, will require at least one rule added in order for them to talk.

        I would stick with pfB instead of pihole as you then only have one device to worry about, and if pfSense goes down then you have bigger fish to fry then adblocking, ha!

        Bandwidth monitoring can be done with ntop or lightsquid, depending on if you want all traffic or just http/s.

        https://www.youtube.com/watch?v=_jBufEhP_IU

        You can do scheduling with pfSense but the interface is a little clunky, and you're limited to 15 minute intervals IIRC. You create a schedule and then create a firewall rule and link to it.

        1 Reply Last reply Reply Quote 1
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.