Download pfSense

Where to get it

Stuff it onto a thumbdrive

(really should create command-line instructions for this part)

If working from a Linux Mint machine GUI, right-click & extract the .gz file. Then right-click the resulting .img file & select "Make bootable USB stick".

If working from one of those crappy Windows machines, use Rufus...

If you're playing with a Mac... Yer on yer own for now.

Configure the Hardware

You'll want either a dual NIC or 2 (or more...) NICs.

A hard drive (or SSD) could come in rather handy...

Install pfSense

• Boot your machine from the thumbdrive. (UEFI is just fine...)
• Accept the copyright.
• Select "Install"
• Select "Continue with default keymap" (or, really, any keymap you like...)
• Select "Auto (UFS)
• Choose your disk for the install
  • I'd suggest only having one disk in the machine...
• Select "Entire Disk
  • Yes... Proceed.
• Select GPT (GUID Partition Table)
• Hit "Finish"
• Hit "Commit"
• Watch the pretty progress screens... (Or ignore it until it's done... Your choice...)
• When you see the "Manual Configuration" screen, Hit "No"
• Hit "Reboot"
• Go back & configure the machine to actually boot from the drive you installed pfSense onto...

Initial Configuration of pfSense

On first boot, pfSense will ask "Should VLANs be set up now [y|n]?"

Don't bother...

• Select your WAN interface
  • bce0 on this test machine (T310)
• Select your LAN interface
  • bce1 on this test machine (T310)
• Verify they're selected properly & say yes.
• Watch all the "done" messages scroll by (or not... again, your choice...)

After a moment or 3, you'll see the console menu.

*** Welcome to pfSense 2.4.5-RELEASE (amd64) on pfSense ***
 WAN (wan)       -> bce0       -> v4/DHCP4: 192.168.0.26/24
 LAN (lan)       -> bce1       -> v4: 192.168.1.1/24

 0) Logout (SSH only)                  9) pfTop
 1) Assign Interfaces                 10) Filter Logs
 2) Set interface(s) IP address       11) Restart webConfigurator
 3) Reset webConfigurator password    12) PHP shell + pfSense tools
 4) Reset to factory defaults         13) Update from console
 5) Reboot system                     14) Enable Secure Shell (sshd)
 6) Halt system                       15) Restore recent configuration
 7) Ping Host                         16) Restart PHP-FPM
 8) Shell

Enter an option:

It's ALIVE!!!

Configuring pfSense from here...

At this point, you should be able to connect to the LAN port & point a web browser at 192.168.1.1

This is the Web-UI...

Default login is:

• Username: admin
• Password: pfsense

Change this. Do it NOW!

If you have the WAN port connected to the Internet, you should actually be capable of accessing the outside world right now.

Menu Structure

All the fancy stuff

(Coming soon... Promise...)

• Configuring Dynamic DNS
• Managing DHCP
• Managing NAT on the firewall
• etc...

Troubleshooting & Repair

Clearing the DNS Forwarder Cache

Source

To clear the DNS Forwarder cache, restart the dnsmasq daemon as follows:

Click Status / Services

Find dnsmasq in the list

Click , or stop the service using then start again with .

Restarting the daemon will clear the internal cache, but the client PCs may still have cached entries.

Flushing the ARP Cache

Click Diagnostics / Command Prompt

arp -d -a

Port Forwarding

• Forwarding Ports with pfSense
• Port Forwarding - Step-by-Step - Demystified - pfSense 2 [SOLVED]
• Open Port Check Tool
• What am I missing on setting this port forward for RDP on pfSense?

Connecting to the VPN machine through the firewall

• SEARCH: bind vnc to network interface

Notes & Tips

• If you want to be able to ping your network from the outside, Go into Firewall / Rules / WAN & create a rule to allow ICMP.

Some Links

• Installing pfSense
• Build a Router 2016 Q4 - pfSense Build
• Whole-network VPN with pfSense Router
• pfSense: How to Setup in DataCenter on VM-ware ESXi (Morton Hjorth)