Installation glitches on 2.1-RELEASE



  • pfSense 2.1 looks like a decent firewall, but there are several glitches in the
    installation and configuration wizard, which would cost you a couple of days, a
    few clean installs or resets to defaults, plus more than a basic knowledge of the
    IP routing/networking and Linux administration.

    1. The initial setup should be done from the console on the PC running pfSense,
      so the headless installation is impossible. (Firewalls are usually on the racks
      in the server room, no keyboard or display attached.) Installing pfSense on one
      computer (with a display) and the moving the HDD to a slightly different computer
      does not work (Linux distributions usually survive such migrations.)

    2. The initial setup requires configuring interfaces for WAN and LAN. After configuring
      WAN pfSense suggests to use https://wan_ip_address for further configuration, but
      this obviously does not work because all WAN ports are initially (and correctly) closed.
      _Luckily, after configuring LAN, pfSense suggests to use https://lan_ip_address for further
      configuration, and this really works, because all LAN traffic is allowed by default.

    4. Running web installer on https://lan_ip_address starts the installation wizard.
      Here you find out that some of your previous WAN installations (step 2), like the default
      gateway address on WAN, are forgotten, the same for the forgotten DHCP range for LAN
      (you already set up in step 3).

    5. The most difficult installation error (quite impossible to figure) is that after all wizard
      manipulations, you cannot ping remote hosts from the LAN, although DNS works, and all
      traffic from the LAN to WAN is allowed by default. The secret is that you have to say
      NONE to the LAN gateway(another option is GW_LAN…), although the default gateway on
      the LAN should and does exist (192.168.1.1 in my case). This is very confusing.

    6. The ssh service (unlike other services like dhcp) cannot be switched on/off from the web
      interface. Bad luck if you forgot to enable it from the console setup in step 1 and
      disconnected the display.

    7. Bad luck if you disconnected the display and ticked the boxes "Block private and bogon
      networks". This immediately cuts you off from remote web-administering your computer on
      the LAN (although the provided explanation says they should be turned ON). You need to
      restart form step 1.

    8. For some unknown reason the TCP port 21 (ftp, who uses it anyway?) is open by default,
      and cannot be closed.

    9. The pfSense search engine is quite weak, google with site:ofsense.org is more productive.

    10. Although I checksumed the CD and burned it with checks on several computers, there is some

    Medium error asc: 11, 5 (L-EC uncorrectable error)_


Log in to reply