New to Pfsense 2.0 - Create Firewall
-
Hi,
Am a student and came across pfsense to use a firewall in a project I am doing.
I was able to successfully install pfsense 2.0 on an old PC and have setup LAN and WAN interfaces and through a switch and am able to connect to the internet from two client PCs.
I am completely new to pfsense. I have installed hvap, snort, squid and squidguard. And am trying configure these as a firewall but am having difficulty. I would like to be able to block porn sites, facebook and other sites. Is there a thread, documents or can anyone help in how to set up fully functioning firewall for pfsense 2.0
Thanks.
-
Pfsense is a very powerful platform for a firewall distro. The amount of configurations and purposes for pfsense is virtually unlimited.
What you are looking for has been documented on the pfsense wiki: http://doc.pfsense.org/index.php/Main_Page
There is a tutorial section as well: http://doc.pfsense.org/index.php/Tutorials
And within the pfsense forums there are sub-forums for Firewalling and addon packages. Good luck! -
Thanks I have read through the links provided but am still a bit lost.
I did manage to do a bit more googling I did find a bit more on setting pfsense and squidGuard but am still encountering problems with the common acl. I would like to be able to block porn sites, spam, Facebook, YouTube and the like. I was able to download and use a common acl list as suggested in the pfsense wiki but am unable to get it to work. I denied shopping and pets for example but am still unable to access these from a client. I would also like to know if I am able to block specific content and also block specific websites or urls. Am I able to edit the acl to include these? Are there other options, packages etc…?
I have not much luck with ip-blocklist or snort either, I did follow all the instructions but ip-blocklist tells me that I am currently blocking 0 networks and I am unable to update snort, I have obtained an oinkmaster code but am unable to get updates from snort.Are there troubleshooting steps I can follow or more detailed documentation on pfsense 2.0?
Is there something I'm missing with these configurations? There is a lot of things the web interface and some steps on on basic configuration of these would appreciated.Thanks.
-
you need to make sure that you have selected the interface you want everything to run on.
squidguard is what you would use to block what you want.try clearing states after you apply the squidguard settings, this should ensure any clients that have an active connection to a site you are blocking, will get blocked as it forces the client to create a new connection.
-
Thanks. A lot for your your help XIII and tommyboy180! Pfsense 2.0 is now working well. After a fair bit of playing around with the web interface. I was able to get snort working and updating. It must have been waiting for a reply from the server or some other settings for it to start updates and be active. I probably need to do a bit more reading on this and the other features and functions of pfsense, so my question is now that how am I able to test if these setting work. It looks to me like snort, ip-blocklist and squidguard are similar with their functionality or would I need these to ensure maximum defense? The blocklists and blacklists I have implemented are from the same sources like this for example; http://www.shallalist.de/Downloads/shallalist.tar.gz. Does that mean one cancels the other our or do they cancel each other out?
tommyboy180 your packages are great and if only I had read your tutorials a bit better I would have avoided some of the gray hairs Ive gotten over this. :-)
I did have another issue which I was able to resolve after a couple days. I had installed a mikrotik router to act as client router. I was able to access the web interface on the client which was on a different network but the host wasnt able to ping pfsense through the router. After a teardown. It had turned out that a rule we had created earlier in pfsense was blocking the hosts. I had to change the rule to allow any protocol to and from the "green" interface.