How to install and configure Thinstation

How to install and configure pfSense Firewall Router Linux

We've seen on the news how many businesses and general users are facing massive attacks on their information from viruses like WannaCry, ZeroDays, and many others designed to target the susceptibility exploiting the operating systems for attacks.

An organization is able to purchase innovative protection systems, but a small business or ordinary user does not always have this option as these types of systems can cost thousands of dollars.

We can use various tools to counteract these types of security vulnerabilities. This time, however, we will focus on one specific and important one Task, regardless of whether we are network administrators, IT staff or support staff or not. This is this pfsense- Tool.

Pfsense is an open source tool based on FreeBSD, which was developed as a firewall in the internal network.

Pfsense gives us the ability to centrally control the various network interfaces in our local network, so that we can access information in real time about what is happening in the system and know which objects can affect the security of the company or our information.

Properties of Pfsense
Some of the features of the pfsense firewall are:
  • Possibility to filter IP addresses according to origin and destination or according to TCP and UDP ports.
  • You can restrict multiple connections by creating rules.
  • Pfsense uses p0f technology which is an advanced passive operating system fingerprint that allows us to filter operating systems at the beginning of the session. For example, we can prevent all computers with MacOS or Windows systems from logging on.
  • We may or may not register the traffic generated in a particular rule.
  • You can create aliases to group IP addresses, ports, and networks.
  • Deactivating is very easy.
  • Performs constant monitoring of the instructions to get the data in real time.

Pfsense also makes network devices such as SOHO networks, modem routers, etc. To know more about these products we can go to the link below:

Requirements for installing pfsense
Pfsense can ideally be used to hire a team to monitor the entire network. These are the minimum requirements:
  • CPU with a speed of 500 MHz, recommended 1 GHz.
  • 4 GB of hard disk space.
  • At least 2 network cards.

Contents

1. Download and install pfsense on Ubuntu 17

The first step is to download Pfsense in ISO format from the link below with the following options:

  • Choose Install or Update.
  • Define the architecture of the device (32 or 64 bit).
  • Select one of the download repositories.

We will be able to record the ISO image on a CD or DVD or on a bootable USB stick and configure booting from there in the device on which it needs to be installed. Once we have started the installation process, we will see the following window:

There we enter the number 1 and we will see that it starts the process of loading the installation elements from pfsense:

Once this is done, the following window will appear where we have the option Accept these settings select with the scroll arrows:

Hit Enter and now select the option Quick / Easy Install:

Hit Enter and it will show the following message that we will press OK on:

We see that you start the process of installing pfsense:

After a while, you will see the following message associated with the application's kernel. In this case we choose the line Standard kernel and press Enter:

We will complete the Pfsense configuration process and at the end we will see the following message. There we need to remove the means of installing the device and the button reboot select to restart your computer.

2. Configure pfsense Ubuntu 17

After restarting the system we see the following window:

In this case we enter the number 1 because we assign the network interfaces first. When you press Enter, you will see the following configuration:

Later, a question will be displayed if we want to view the VLANs for their configuration. In this case we enter the letter n (no):

Press the Enter key. In the next question you need to enter the name of the WAN interface, in this case em0:

Hit Enter and in the next question enter the name of the LAN interface, in this case em1:

As soon as you press the Enter key, a summary of the configuration of the interfaces is displayed. If this is correct, enter the letter to confirm y a :

We can see that the changes are applied correctly:

Again we return to the pfsense main menu and this time select option 2 to set the IP addresses in the LAN interface:

Pressing the Enter key displays the two configured interfaces. Enter the number 2 to select the LAN interface and assign the corresponding IP address, which should not be assigned to any other device. This can be the gateway for devices in the local network:

After assigning the IP address, press Enter and assign the network mask according to the format shown. In this case, enter the number 24:

In the next question we will indicate whether we want to assign an IPv4 address for the WAN interface as there is no need to hit Enter to skip this step:

On the next question, press Enter as it will request the IPv6 address configuration:

We can see that the question of whether we want to enable DHCP on the LAN is active. Enter the letter and for its configuration where we assign the initial and final IP range:

The last question that comes up is whether we want to go back to the HTTP protocol, which is not recommended as we are using the HTTPS protocol which guarantees us a higher level of access security. As soon as we get the letter n and pressed the enter key, the summary is displayed, in which we can see how pfsense is used for the respective management over the local network:

3. Access pfsense Ubuntu 17

As mentioned earlier, we can configure any IP address on the local network. To check this, we configured pfsense with the IP address 192.168.1.101 for access via one of the computers in the local network.

We go to any browser and in the address bar we enter the line:

https://192.168.1.101

In the expanded window we can see that it is an insecure connection. To access it we click the button Extended and there on Add exception:

Once we have added the exception to this IP address, we will have access to the pfsense console, where we will enter the following credentials:

Click the button Log In to configure some parameters within the platform.
First, we see the welcome screen:

Then we see the general information window where we can enter details like host name, domain, DNS server, etc.

click on Further and in the next window we can configure the time zone of the server:

In the next window we have the option to configure the WAN interface with the following values:

  • IP address, network mask and gateway if the static option is selected, etc.

Once these values ​​are configured, click Further. Now we can configure the LAN interface. The displayed values ​​were assigned in the pfsense configuration:

Later we can set a password for the graphical user interface of pfsense:

Finally we see the following window:

There we click on the button ” New load ”to apply all changes. This is the result:

4. Environment of pfsense Ubuntu 17

There we click on the line. Click here to go to the pfSense webConfigurator. This is the environment offered by pfsense:

We can detail the available interfaces as well as real-time information of the system, such as:

  • DNS server, among others.

We can see that the structure of pfsense has several tabs that we can access several pieces of information such as:

It allows us to access the following options:
  • Advanced (advanced)
  • Cert. Manager (Certificate Manager)
  • Package manager (package manager)
  • Routing (Routing Manager)
  • User Manager (User Manager)

This enables us to manage pfsense's WAN and LAN interfaces.
It contains the following options:
  • Schedules (Scheduled Tasks)
  • Virtual IPs (Allows you to manage virtual IP addresses).
Services
Includes options like:

It allows us to access the VPN features like:
Thanks to this tab, we can view in real time the status of parameters such as the following:
  • Filter reload (filter management)
  • Services
With this option we can view detailed diagnoses of values ​​such as:
  • Authentication (authentication)
  • Save and recover
  • Halt system (system status)
  • Graphic traffic (graphic network traffic)

With pfsense we have a valuable tool available to protect and monitor all events in Linux environments in real time.