Network Security with pfSense E-Book

Network Security with pfSense

Copyright © 2018 Packt Publishing

All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.

Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor Packt Publishing or its dealers and distributors, will be held liable for any damages caused or alleged to have been caused directly or indirectly by this book.

Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.

Commissioning Editor: Vijin BorichaAcquisition Editor: Prachi BishtContent Development Editor: Deepti ThoreTechnical Editor: Nirbhaya ShajiCopy Editor: Safis EditingProject Coordinator: Kinjal BariProofreader: Safis EditingIndexer: Mariammal ChettiyarGraphics: Jisha ChirayilProduction Coordinator: Deepika Naik

First published: July 2018

Production reference: 1280718

Published by Packt Publishing Ltd. Livery Place 35 Livery Street Birmingham B3 2PB, UK.

ISBN  978-1-78953-297-5

www.packtpub.com

Mapt is an online digital library that gives you full access to over 5,000 books and videos, as well as industry leading tools to help you plan your personal development and advance your career. For more information, please visit our website.

Why subscribe?

Spend less time learning and more time coding with practical eBooks and Videos from over 4,000 industry professionals

Improve your learning with Skill Plans built especially for you

Get a free eBook or video every month

Mapt is fully searchable

Copy and paste, print, and bookmark content

PacktPub.com

Did you know that Packt offers eBook versions of every book published, with PDF and ePub files available? You can upgrade to the eBook version at www.PacktPub.com and as a print book customer, you are entitled to a discount on the eBook copy. Get in touch with us at [email protected] for more details.

At www.PacktPub.com, you can also read a collection of free technical articles, sign up for a range of free newsletters, and receive exclusive discounts and offers on Packt books and eBooks. 

Contributor

About the author

Manuj Aggarwal is an entrepreneur, investor, and a technology enthusiast. He likes startups, business ideas, and high-tech anything. He loves to work on hard problems and get his hands dirty with cutting-edge technologies. Currently, he is the principal consultant, architect, and CTO of a software consulting company, TetraNoodle Technologies, based in Vancouver, Canada. He is passionate about sharing all the knowledge that he has acquired over the years.

Packt is searching for authors like you

If you're interested in becoming an author for Packt, please visit authors.packtpub.com and apply today. We have worked with thousands of developers and tech professionals, just like you, to help them share their insight with the global tech community. You can make a general application, apply for a specific hot topic that we are recruiting an author for, or submit your own idea.

Table of Contents

Title Page

Copyright and Credits

Network Security with pfSense

Packt Upsell

Why subscribe?

PacktPub.com

Contributor

About the author

Packt is searching for authors like you

Preface

Who this book is for

What this book covers

To get the most out of this book

Download the color images

Conventions used

Get in touch

Reviews

Introduction to pfSense

What is pfSense?

Benefits of pfSense

Use cases

LAN or WAN router

Wireless hotspot or captive portal

VPN router

Firewall

DHCP or DNS server

Multi-WAN router support for failover or load balancer

Port forwarding or Network Address Translation

pfSense features

Prerequisites for installation

Installing pfSense on a virtual machine

Launching the virtual machine

Configuring VM and completing the installation

Configuring pfSense

pfSense WebGUI walkthrough

Configuring pfSense as a DHCP server

Summary

pfSense as a Firewall

What is a firewall?

Configuring pfSense as a firewall

Setting up firewall rules

Firewall rules in pfSense

Firewall rules for internal LAN networks

Setting up firewall rules for LAN2

Managing firewall rules

Summary

pfSense as a Failover and Load Balancer

Load balancing and failover

Load balancing and failover across multiple WAN connections

Configuring Gateway Groups

Verifying load balancing across WAN connections

Failover across multiple WAN connections

Summary

Remote Connectivity with pfSense and IPsec

What is IPsec?

Transport mode

Tunnel mode

IPsec features

Security Association

IPsec VPN tunnel implementation

Prerequisites

IPsec phases

Configuring IPsec tunnel

Configuring pfSense firewall rules

Summary

Using pfSense as a Squid Proxy Server

The proxy server

The Squid proxy server

Installing the Squid proxy server

Configuring the Squid proxy server

Testing the Squid proxy server

Summary

Other Books You May Enjoy

Leave a review - let other readers know what you think

Preface

According to a recent study conducted by a major cyber-security firm, only less than half the online population understands the term firewalls, or even knows if they have one enabled on their PC. Firewalls are much more important in a corporate or work environment. They not only keep the corporate network safe, but can also optimize traffic routing and provide a whole range of other benefits. If you're connected to the internet, you are a potential target of an array of cyber threats, such as hackers, keyloggers, and Trojans that attack through unpatched security holes. This means that if you, like most people, shop and bank online, then you are vulnerable to identity theft and other malicious attacks. A firewall works as a barrier or a shield between your PC and cyberspace. When you're connected to the internet, you're continually sending and receiving information in small units called packets. The firewall filters these packets to see whether they meet certain criteria set by a series of rules. And after that, it blocks or allows the data. This way, hackers cannot get inside and steal information, such as bank account numbers and passwords from you.

Basic firewalls, such as the one included in your operating systems, only monitor incoming traffic by default. This may give you a false sense of security. Keep in mind that outgoing traffic with your credit card information, bank accounts, and social security number is not protected. A good firewall will monitor traffic in both directions, that is both your incoming data and your outgoing data, keeping your private information safe. In addition to preventing unauthorized access to your PC, it also makes your PC invisible when you're online, helping prevent attempted intrusions in the first place. Firewalls are one of the most critical parts of a network. It's the first line of defense that your system has against attacks or unwanted visitors. And it makes all the difference in ensuring that your data is protected. pfSense is a highly versatile, open source routing and firewall software. With thousands of enterprises using pfSense software, it is quickly becoming the world's most trusted open source network security solution. pfSense has all of the features you would find in a commercial firewall solution and more. And it is absolutely free. And better yet, you can customize pfSense based on your organization's requirements and create a unique solution that is perfect for you. In this book, you'll learn about pfSense, all of its key features, how you can install and deploy it, as well as the different tasks you can perform.

Who this book is for

This book is for IT administrators, security administrators, anyone running a home or small office network, technical architects, founders, and CXOs.

What this book covers

Chapter 1, Introduction to pfSense, helps you gain an understanding of what pfSense is, what its key features are, and its advantages.

Chapter 2, pfSense as a Firewall, explains how to configure pfSense as a firewall, and create and manage firewall rules.

Chapter 3, pfSense as a Failover and Load Balancer, covers how to configure and test pfSense for failover and load balancing across multiple WAN connections.

Chapter 4, Remote Connectivity with pfSense and IPSec, explains how you can implement IPsec tunnels with pfSense. You will learn about its features, and how it is configured and used.

Chapter 5, Using pfSense as a Squid Proxy Server, covers how to configure and integrate pfSense as a Squid proxy server.

To get the most out of this book

In this book, we have used the latest stable version of pfSense, which is 2.4.3. The minimum hardware requirements, as of the latest version, are 500 Mhz CPU and 512 MB of RAM. The recommended requirements are a bit higher than these such as 1 Ghz CPU and 1 GB of RAM. 

For some of the topics, you may need to take some initial steps, such as signing up for services and launching a virtual machine.

Download the color images

We also provide a PDF file that has color images of the screenshots/diagrams used in this book. You can download it here: https://www.packtpub.com/sites/default/files/downloads/NetworkSecuritywithpfSense_ColorImages.pdf.

Conventions used

There are a number of text conventions used throughout this book.

CodeInText: Indicates code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles. Here is an example: "Enter the desired Name of the VM, select BSD from the Type drop-down menu, and select FreeBSD (64-bit) from the Version drop-down menu."

Any command-line input or output is written as follows:

ping 192.168.1.1 -t

Bold: Indicates a new term, an important word, or words that you see onscreen. For example, words in menus or dialog boxes appear in the text like this. Here is an example: "In this scenario, pfSense acts as a DHCP Server, Firewall, and NAT device. It can play these roles distinctly or all at the same time simultaneously."

Get in touch

Feedback from our readers is always welcome.

General feedback: Email [email protected] and mention the book title in the subject of your message. If you have questions about any aspect of this book, please email us at [email protected].

Errata: Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you have found a mistake in this book, we would be grateful if you would report this to us. Please visit www.packtpub.com/submit-errata, selecting your book, clicking on the Errata Submission Form link, and entering the details.

Piracy: If you come across any illegal copies of our works in any form on the Internet, we would be grateful if you would provide us with the location address or website name. Please contact us at [email protected] with a link to the material.

If you are interested in becoming an author: If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, please visit authors.packtpub.com.

Reviews

Please leave a review. Once you have read and used this book, why not leave a review on the site that you purchased it from? Potential readers can then see and use your unbiased opinion to make purchase decisions, we at Packt can understand what you think about our products, and our authors can see your feedback on their book. Thank you!

For more information about Packt, please visit packtpub.com.

Introduction to pfSense

his book aims to provide you with in-depth knowledge of a very widely used technology, pfSense. This will provide you with some real-world scenarios and use cases, which you will be able to leverage immediately in your own projects. The introductory modules will help you to understand what pfSense is, its features, the key services it provides, and how you can install it. After the introductory modules, we will deep dive into each of its exciting features. You'll learn about the installation, configuration, and use of pfSense. This education will enable you to do everything from setting up firewalls, load balancing, and failover settings, to integrating with other software such as OpenVPN and Squid proxy server.

In this book, we will give you the information you need in order to work with this amazing piece of software.

In this chapter, you will be introduced to pfSense. You will gain an understanding of what pfSense is, its key features, and its advantages. You will also view demonstrations on the installation of pfSense on a virtual platform on VMware, as well as some other configurations. Let's get started.

What is pfSense?

pfSense is a free, customized distribution of FreeBSD. FreeBSD itself is an operating system for a variety of platforms, which focuses on features, speed, and stability. It's derived from BSD, the version of UNIX developed at the University of California, Berkeley. It is developed and maintained by a large community. You can use pfSense to turn a computer into a fully-featured router and firewall. This software was first developed in 2004 as an offshoot of the popular m0n0wall project. The main difference between pfSense and m0n0wall is that pfSense is designed for personal computers and servers instead of embedded devices. This allows pfSense to offer more flexibility and features. pfSense is a very flexible and powerful tool that you can easily adapt to numerous applications, from a home router to a firewall, for a large corporate network. pfSense is easy to install and maintain. It has a very useful web-based user interface. pfSense also has many features that are usually only found in expensive commercial routers. You can use the following three types of install media to install pfSense:

Optical disk image

: That could be an ISO image, a CD, or a DVD disc. This is an easy and familiar choice. Use this option if the target hardware has an optical drive. This is especially useful if the BIOS will not boot from USB.

Memstick:

This option is similar to the CD or DVD, but runs the installation from a USB thumb drive. It's often faster than a CD or DVD. This is very useful with new devices, as many of them don't have integrated optical drives, making this the current best recommendation.

Serial memstick

: This option is similar to the memstick image, but runs using the serial console rather than VGA for newer embedded systems.