4. HOWTO: remote backup the pfSense firewall

HOWTO: remote backup the pfSense firewall

  • R

    Hello,

    I have read some posts in the forum . Finally I have my own way to remote backup the firewall. I write my steps here.  Feel free to feedback and help me improve this guide.

    Purpose: remote backup the firewall
    Solution: rsync+ssh backup
    Requirements:
        rsync, ssh, shell (for both firewall + client)
    Settings:
        firewall (192.168.1.1)
        backup client (192.168.1.9)
        pfsense: FreeBSD xyz.localdomain 6.2-RELEASE-p11 FreeBSD 6.2-RELEASE-p11
    FIXME:
        security hole due to NON-password private RSA key

    Step 0: prepare non-password RSA key ==> for automatic proccess
       a. from client, use ssh-keygen to generate private/public key without password
       b. put the private key to client => ~/.ssh/firewall
       c. put the public key to firewall => /root/.ssh/authorized_keys (you can use web gui to update the key)
       Please try this step by yourself. Google it :)

    Step 1: install rsync to firewall
        a. download FreeBSD-6.2.iso DISC2 and mount to somewhere. We will have rsync-2.6.8_2.tbz for freebsd-6.2
        b. Put rsync-2.6.8_2.tbz to the firewall (by web server from client or use webGUI to upload file)

    Or you may fetch this rsync from my server:

    
fetch http://kyanh.zapto.org:9999/freebsd/rsync-2.6.8_2.tbz

    c. ssh login to firewall
        d. then install package:

    pkg_add rsync-2.6.8_2.tbz

    Step 2: modify the SHELL login message
       a. ssh login to the firewall
       b. empty the file .profile

    cd /root/
echo '' > .profile

    This step is required, so that we can use rsync backup script from client. If you donot do this, the shell is INTERATIVE and rsync from client cannot do the backup routines

    Step 3: from client, create the backup script. Below my script. Please note:
        a. We must login by ROOT account of firewall. Don't not use ADMIN account (AMIND uses SHELL=/etc/rc.initial )
        b. The destination of my backup file is /home/users/kyanh/tmp/firewall

    
#!/bin/bash
root=/home/users/kyanh/
dest=$root/tmp/firewall

[ -d $dest ] || mkdir -p $dest
chmod 700 $dest
cd $dest

echo "start: `date +%y%m%d-%H`"

rsync --delete -avze "ssh -i /home/users/kyanh/.ssh/firewall" root@192.168.1.1:/ .

cd -

    Step 4: Add cron job from CLIENT (192.168.1.9). I use "hourly" backup with the above script (named monobackup)

    01 * * * *  /home/users/kyanh/bin/monobackup

    That's all. Enjoy!

    0
Locked
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2018 Rubicon Communications, LLC | Privacy Policy