Power Home Network Setup - Lab



  • Hello all.  I am sure this question has been asked but after about an hour of reading and looking I could not find an answer that would help me. So I have set up a pfsense box on a retired windows home server.  The existing network topology is as follows:

    Internet=>TWC Modem=>Ubiquiti ER8 Pro=>Ubiquiti switch=> clients

    The ER8 Router does my DHCP and I want to keep it that way.

    I have people that work out of my home and I have a lot of network devices (home automation, roku, apple tv, tivo, wifi devices, voip, etc)  so i have a fairly robust network and it must remain stable.  However, I am interested in learning more about pfsense for personal knowledge and a possible business endeavor.  So I want to place the device into my network but I need the network to remain stable and reliable.

    So I have configured the pfsense box with DHCP on the WAN interface obtaining a IP address off the ER8 in the same subnet as my home network and on the LAN side of the PFbox i configured a static IP in the same subnet as the rest of the network.  So I can access the pfsense box.  But here is what I would like to do:

    I would like to:

    -View and collect traffic on the network at the gateway (192.168.1.1)
    -I would like to engage snort for UTM
    -OpenVPN server

    Can I do any of this with my current network topology?  My ultimate goal is that if i screw something up I can just pull the pfsense box of the network and everything is back to its stable today configuration.

    Really appreciate the forums as a power home geek I find the information sharing on forums to be invaluable.



  • Hi bbuchanan99

    -View and collect traffic on the network at the gateway (192.168.1.1)

    Simply, if you use pf as your gateway 192.168.1.1 yes by using f.ex ntopng (package).
    If pfsense is not your gateway, then you would mirror a WAN-Port of your UB-Firewall to a interface of your Pfsense - see respective documentations of ntopng and pfsense.

    -I would like to engage snort for UTM

    PFsense has a snort-package and also the more free suricata-package ready to install…

    -OpenVPN server

    Pfsense has an OpenVPN package too (and also the client open-VPN-Package).
    I use OpenVPN every day (Mobilephone and also PC… Macs are there tooo... well).

    Can I do any of this with my current network topology?

    I also use Voip, PlexTV, loads of other stuff, Ubi-Aps etc. etc. and whatnot in our network. I rely on pfsense as my firewall, DHCP, Openvpn etc. Server since the day, i changed away from some crappy commercial product. And yes, you can achieve all of above, given time. so, yes, possible.

    You could put the pfsense-box in front of your UB ER8 if you do not want to break up with that… at least for some time :D

    Kind regards
    Walbog



  • Ok so here is where I am today.  I have set up a port on my switch as a mirror of the WAN uplink.  I have PFsense connected and running.  What settings do I use for the interface setting in pfsense in order to sniff that port?  I think it would be none in the IP4 and IP6 configuration type?  Does that seem correct?  How do I know if its working?



  • Define 'sniff the port' please?

    You can use simple tcpdump, or are you referring to snort/suricata (packages on their own)?

    @bbuchanan99:

    Ok so here is where I am today.  I have set up a port on my switch as a mirror of the WAN uplink.  I have PFsense connected and running.  What settings do I use for the interface setting in pfsense in order to sniff that port?  I think it would be none in the IP4 and IP6 configuration type?  Does that seem correct?  How do I know if its working?



  • snort/suricata….I have gone into my ubiquiti unifi switch and mirrored port 1 (Router uplink) to port 19 (Mirror port).  The pfsense is then connected to port 19 via opt1.  I don't seem to be getting any traffic on the port, tcptop shows nothing on the opt1 interface.  Anyone know how to mirror a port on a ubiquiti switch?  seemed really straight forward but something does not appear to be working.



  • First, ensure that the traffic you are suppose to see, is there.

    tcptop won't tell you much, or anything, if the rules are not there to let the traffic in/out (use tcpdump).

    It should be straight forward to mirror a port in any managed switch, but you should ask in the ubiquiti forums.

    Now, think about this, if the mirror config is correct, and the date is being sent to the WAN in pfsense,
    WHY would pfsense do ANYTHING with that data if it is NOT addressed to it?

    You may be able to see traffic with tcpdump if you put the interface in promiscuous mode, but if pfsense doesn't have
    an address on the WAN and it is not routing/handling the information, it will not go through it.

    What you want is to put pfsense in series with your current network. Add it as a router and simply use an rfc1918 address to link the
    Internet to your current setup.

    I am sure there is a way to convert the IPS in pfsense to an IDS, but that's not the design/purpose of pfsense, so you are on your own there.

    @bbuchanan99:

    snort/suricata….I have gone into my ubiquiti unifi switch and mirrored port 1 (Router uplink) to port 19 (Mirror port).  The pfsense is then connected to port 19 via opt1.  I don't seem to be getting any traffic on the port, tcptop shows nothing on the opt1 interface.  Anyone know how to mirror a port on a ubiquiti switch?  seemed really straight forward but something does not appear to be working.