PfScence on windows



  • I am thinking about using pfSense because it come with an outbound NAT and my current Draytek does not and I want ot force some trafic to use a custom proxy server and i also run a custom made DNS server that blocks spyware domain based on a tracking protection list but both programs are windows base.

    My DNS server also hijacks lookups made by my samsung TV to force it to use the custom proxy server where the hidden MAC address embeded in the HTTP Request sent to Samsung gets doctored. If i block Samsung then the TV won't work

    Block/Pass is not always an option when it comes to security and the same goes for scripts from Google that will stop some web-sites from working if blocked so my tracking protection list includes "Protected" too and this works a treat for me when the proxy server doctors the HTTP request  plus removes none standard headders.

    Now i know pfSense can use packages for a squid and even a DNS server but i want to stick to my own so i have a few options

    1. Buy a router to run pfSense that has wifi built in
    2. Bolt new pfsense router to my old 2.4ghz DrayTek wifi router and turn DHCP off on DrayTeck
    3. Get a PC like an I3 with two NCs and wifi to host pfsense, dump DrayTek
    4. Run VM-Ware on PC to host pfsense, Connect to ISP from PC using Popppe plus host DNS/Proxy server
    5. See if i can find a windows based alternative to pfsense and put it on the same box as DNS/Proxy server
    6. Write my own port relay in windows with blocks, hook relay up to DNS and Proxy

    Don't get me wrong I am no fan of bill gates and his bloated spyware virus but i am stuck with the skill I have



  • What is your question?

    If it is: Can I use pfsense as my router/firewall and still use external DNS and Proxy? Then the answer is yes, you can.

    Many ways to configure this. One way would be to set them up in the dhcp options and block outbound dns and HTTP from your LAN. Another way would be to statically configure your clients and apply the blocks. Or, if you're using Windows dhcp, configure those options there and apply the blocks, plus set the pfsense ip as the default gateway.


  • Netgate Administrator

    If you do choose to run pfSense bare metal on new or existing hardware then don't bother trying to run a wifi card directly. Your Draytek will make a much better wifi access point. pfSense currently (2.1.4) has very limited wifi support, that should improve a lot with 2.2 though.

    Steve



  • @stephenw10:

    If you do choose to run pfSense bare metal on new or existing hardware then don't bother trying to run a wifi card directly. Your Draytek will make a much better wifi access point. pfSense currently (2.1.4) has very limited wifi support, that should improve a lot with 2.2 though.

    Steve

    Yes thanks for the help and i am trying to get it working by using a PC with 2 NIC with one card connecting to the WAN outlet on the wifi router but the only traffic that hits the machine is traffic addresed to the machine and i think all the other traffic is blocked at the card.

    if i bridge both NICs then machines connected to the wifi on the test router can see the internet using the live router and gateway.

    Not sure if i need to run my own gateway or what on the middle machine to receive all the traffic but once i have it working under windows then i will try to get it working with WM-Ware


  • Netgate Administrator

    If you're using that wifi router just as an access point you probably don't want to use its WAN port. Instead connect directly to one of it's LAN ports and make sure you've disabled its DHCP service. That will make it act as an access point only.
    The exception to this is some routers have an 'access point' mode where the WAN port is added to the LAN port bridge or if you're running a third party firmware and can add the port manually.

    Steve