Securing the pfSense console access by modem



  • I have a remote site that I support where the entire network is powered by a single Linux box serving as a NAT Gateway/Firewall, Inter-VLAN router, DHCP Server, TFTP Server, Samba Domain Controller, and other things.  I've been wanting to separate out these services for a while and have decided to try and use pfSense to do it because of its great capabilities but easy to use interface.  I have a wonderful "enterprise grade" configuration right now that is very complex to manage because there is no GUI and little documentation but I think I could duplicate pretty much all of it very easily.  That makes me very happy. ;-)  However, one part I haven't quite figured out is the backup modem that I have configured to provide a console on the Linux box in the event where I need to diagnose connectivity problems and can't reach the site using traditional means.  It's come in quite handy already, and I would rather not lose it.

    Right now the modem is simply hanging off a getty and therefor using the Linux login process and associated authentication.  Is there a way I could hang a modem off the pfSense box and obtain access to the pfSense console in a similar but secure fashion?  I'm not sure that people wardial anymore, but I don't quite feel right leaving any part of my network open with no authentication, even if it is just through a modem that I doubt anyone will ever find.

    Any thoughts?



  • connect it through another com port to pfsense and edit the /etc/ttys file to mark the port as secure.
    That should give you a standard unix login prompt.


Locked