Configuring Pfsense via ssh

userkiller · Feb 17, 2015, 3:28 PM

I want to know how i can completely configured my pfsense box via ssh. I want to create a JavaScript form that will asked for the type of configuration like defaults port, rules , lan1 IP, enable DHCP and so on .

The initial requirement is to have a wan IP on the firewall and password, so I can ssh into it and run the configurations. basically I will have a dummy backup file where the configurations setting will be stored and it will be restored into the firewall.

Or if there's a way I can just edit the conf/config.xml on a freshly installed pfsense so I can configure my settings from there and then restore it into the firewall?

Thanks

userkiller · Feb 17, 2015, 3:12 PM

bump, can anyone help me out.

dotdash · Feb 17, 2015, 4:24 PM

There is a menu that lets you assign the lan IP, enable dhcp, etc. Other things such as restoring a config can be done via the dev shell. I understand the desire for more cli based control, but don't know why you'd bring javascript into it. If you just want to restore an edited config, why not do it via the gui?

heper · Feb 17, 2015, 4:58 PM

you can scp a config.xml to the right location, then reboot the firewall. (/conf/config.xml)
to be on the safe side, you might wish to rm /tmp/config.cache to wipe the cache if there is one.

there might be issue's when you move the config to a device with different NIC's …. the webgui restore function will prompt to reassign the interfaces ; when you manually drop a new xml this (might) not happen.

userkiller · Feb 17, 2015, 5:29 PM

Thanks for the reply guys, I'm trying to build a platform that will automatically configured the servers, along with the firewall automatically based on the users input.

And in order to scp i would need a default IP for Pfsense? and regarding to the NIC issued is there a way to go around it, I would to doing this type of installation on different types of firewall(vendors) running Pfsense.
This is my senior project, so any help will be highly appreciate it.

Gertjan · Feb 18, 2015, 1:00 AM

Setup up pfSense with the SSH access ?
Why not.

Hard core question => hard core answer.

Enter SSH.
Type this command

viconfig

Now, yo have FULL control - even more as what the GUI offers you.

Or, of course, you could rewrite the entire PHP GUI in Javascript ….
Well .... you will be right. That will kill a user ;)

userkiller · Feb 18, 2015, 12:31 PM

Thanks I will try it out, and no I don't want to reinvent the wheel. I just want to make a cluster installation quicker and less technical.

userkiller · Feb 18, 2015, 12:34 PM

@Gertjan:

Setup up pfSense with the SSH access ?
Why not.

Hard core question => hard core answer.

Enter SSH.
Type this command
viconfig
Now, yo have FULL control - even more as what the GUI offers you.

Or, of course, you could rewrite the entire PHP GUI in Javascript ….
Well .... you will be right. That will kill a user ;)

One more thing so I would still need to enable SSH, assign an IP on WAN, and configured the firewall to allow SSH in order for me to be able to do this.

Gertjan · Feb 18, 2015, 3:26 PM

If you want to:
@userkiller:

I want to know how i can completely configured my pfsense box via ssh.

then, yes, somehow your SSH port needs to be accessible from 'somewhere'.

O….. assign an IP on WAN, and configured the firewall to allow SSH in order for me to be able to do this.

Accessing SSH from WAN is possible - but isn't done.
Its like introducing a huge security risk.

userkiller · Feb 18, 2015, 7:59 PM

I can do it from lan, it doesn't matter since the configuration is being done locally.