34,79 €
Mehr erfahren.
- Herausgeber: Packt Publishing
- Kategorie: Wissenschaft und neue Technologien
- Sprache: Englisch
pfSense is an open source distribution of FreeBSD-based firewall that provides a platform for flexible and powerful routing and firewalling. The versatility of pfSense presents us with a wide array of configuration options, which makes determining requirements a little more difficult and a lot more important, compared to other offerings. Through this book you will see that pfSense offers numerous alternatives to fit any environment's security needs.
pfSense 2.0 Cookbook is the first and only book to explore all the features of pfSense, including those released in the latest 2.0 version. With the help of step-by-step instructions and detailed screenshots of the pfSense interface you will be able to configure every general and advanced feature from creating a firewall rule to configuring multi-WAN failover. Each recipe includes tips and offers advice on variations of the topic or references to other related recipes and additional information that can be found from other sources.
pfSense 2.0 Cookbook covers the gamut of available features and functionality. The first three chapters will take you from a non-existent system to a basic pfSense firewall. The next chapter focuses on configuring any number of the VPN services available, a very important and sought-after feature for anyone implementing a firewall. The following two chapters describe how to configure the most advanced features available in pfSense; features that may only be relevant to the most experienced network admins. Chapter 7 is dedicated to understanding and configuring the "grab-bag" of features that are available in pfSense, but are often stand-alone options and unrelated to each other. The first appendix explains how to use the status monitoring tools available for many of the features. The second appendix wraps up with helping you to decide how and where pfSense may be incorporated into your system and what type of hardware is required based on your throughput needs.
Das E-Book können Sie in Legimi-Apps oder einer beliebigen App lesen, die das folgende Format unterstützen:
Veröffentlichungsjahr: 2011
Ähnliche
Table of Contents
pfSense 2 Cookbook
pfSense 2 Cookbook
Copyright © 2011 Packt Publishing
All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.
Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author nor Packt Publishing, and its dealers and distributors will be held liable for any damages caused or alleged to be caused directly or indirectly by this book.
Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.
First published: March 2011
Production Reference: 1180311
Published by Packt Publishing Ltd.
32 Lincoln Road
Olton
Birmingham, B27 6PA, UK.
ISBN 978-1-849514-86-6
www.packtpub.com
Cover Image by Asher Wishkerman (<[email protected]>)
Credits
Author
Matt Williamson
Reviewers
Josh Brower
Jim Cheetham
Brad Hedlund
Mohd Izhar Bin Ali
Acquisition Editor
Tarun Singh
Development Editor
Alina Lewis
Technical Editor
Krutika V. Katelia
Indexer
Monica Ajmera Mehta
Rekha Nair
Editorial Team Leader
Akshara Aware
Project Team Leader
Priya Mukherji
Project Coordinator
Jovita Pinto
Proofreader
Kevin Mcgowan
Production Coordinator
Alwin Roy
Cover Work
Alwin Roy
About the Author
Matt Williamson is the founder of Blue Key Consulting, a software design and development firm located in the New York City area. Prior to starting his consulting business, Matt worked as a software developer for various insurance and financial companies in Chicago and New York. Matt can be reached through his personal website at http://www.bunkerhollow.com.
About the Reviewers
Josh Brower has been working in IT since he crashed his first computer at age 14. He writes blogs regularly at http://defensivedepth.com/ on a variety of Information Security topics. He is currently working with a non-profit organization as the head of IT Security, and pursuing his graduation degree in Information Security from STI. Josh is happily married to his wife Mandi. They have one son.
Jim Cheetham has been managing, deploying, supporting, and designing Unix solutions and TCP/IP networks for over 20 years. During this time, he has been part of the establishment of the first SSL-protected website outside the USA, the design and implementation of a high-volume web portal that deliberately had no firewalls between it and the Internet, and has run a busy Managed Network and Security Service looking after multiple government departments.
Jim has worked for global companies such as ICL, Vodafone, and Unisys, along with keeping hands-on with numerous small, interesting, and fast-moving businesses. Jim is currently running Inode Ltd., a New Zealand-based consultancy and service provider specializing in open source solutions for management of networks, systems, and security.
I'd like to thank my wife Maria and my children Alexander and Katherine for letting me spend so much time behind the keyboard hacking, and for keeping things running smoothly at home when I have to take trips away for work.
Brad Hedlund is a Technical Solutions Architect at Cisco Systems, Inc. in the company's Center of Excellence for Data Center field sales. Since joining Cisco in 2006, Brad has been helping Enterprise customers design large and small data centers with challenging and complex requirements. Brad has extensive design experience with Cisco's Data Center switching line (Nexus) and Cisco's Unified Computing System (UCS), with specific expertise in server networking and virtualization. Brad Hedlund also maintains a popular blog on data center networking topics at http://bradhedlund.com.
Mohd Izhar Bin Ali, CEH CHFI is an independent security consultant having 10 years' working experience in networking, open source, and the IT Security field. He started his career as a Security Analyst with SCAN Associates, Berhad, and he is one of the team members managing the security services of an Intrusion Detection System (IDS) for Malaysian government's SOC center. After that, he became a trainer (LINUX and Networking) for the largest private education college in Malaysia. Before becoming a freelance security consultant, he worked with FIRMUS Security Sdn Bhd, one of the largest IT security companies in Malaysia. With FIRMUS, he had performed enterprise security assessment to clients (banking, insurance, and government) including web penetration testing, external and internal penetration testing, and wireless penetration testing. Now, takes up freelance jobs in security and also research in the network security field.
He has contributed articles on pfSense (Setup Squid as A Transparent Proxy, Setup VideoCache with Squid) and has also written white papers for The Exploit Database (MySQL Injection using darkMySQLi.py, Howto: DNS Enumeration, Easy Method: Blind SQL Injection).
I would like to thank Allah, my parents, my girlfriend Umairah, and also my best friend in IT security, Mohd Asrullita bin Abdul Taib.
www.PacktPub.com
Support files, eBooks, discount offers and more
You might want to visit www.PacktPub.com for support files and downloads related to your book.
Did you know that Packt offers eBook versions of every book published, with PDF and ePub files available? You can upgrade to the eBook version at www.PacktPub.com and as a print book customer, you are entitled to a discount on the eBook copy. Get in touch with us at <[email protected]> for more details.
At www.PacktPub.com, you can also read a collection of free technical articles, sign up for a range of free newsletters and receive exclusive discounts and offers on Packt books and eBooks.
http://PacktLib.PacktPub.com
Do you need instant solutions to your IT questions? PacktLib is Packt's online digital book library. Here, you can access, read and search across Packt's entire library of books.
Why Subscribe?
Free Access for Packt account holders
If you have an account with Packt at www.PacktPub.com, you can use this to access PacktLib today and view nine entirely free books. Simply use your login credentials for immediate access.
Instant Updates on New Packt Books
Get notified! Find out when new books are published by following @PacktEnterprise on Twitter, or the Packt Enterprise Facebook page.
To the important people in my life;Alex, Paul, Deb, and Ted.And to those who have lived and died fighting for my right to live my life any way I choose.
Preface
pfSense is an open source distribution of FreeBSD-based firewall which provides a platform for flexible and powerful routing and firewalling. The versatility of pfSense presents us with a wide array of configuration options which, compared to other offerings, makes determining requirements a little more difficult and a lot more important. Through this book, you will see that pfSense offers numerous other alternatives to fit any environment's security needs.
This book follows a cookbook style to teach you how to use the features available with pfSense after determining your environment's security requirements. It covers everything from initial configuration of your network interfaces and pfSense services such as DHCP and Dynamic DNS to complex techniques to enable failover and load-balancing.
What this book covers
Chapter 1, Initial Configuration covers the settings needed for almost every pfSense deployment including those for a firewall, router, and wireless access point. Through the recipes in this chapter, you will learn how to install and configure pfSense with a fully-operational firewall and router.
Chapter 2, EssentialServices explains how to configure the essential networking services provided by pfSense such as the DHCP server and dynamic DNS services.
Chapter 3, General Configuration describes how to configure NAT and firewall rules and the features associated with them.
Chapter 4, Virtual Private Networking describes how to configure pfSense to serve any or all of the four major VPN implementations—IPSec, L2TP, OpenVPN, and PPTP.
Chapter 5, Advanced Configuration covers advanced networking features such as configuring different types of virtual IP, creating gateways, and bridging interfaces.
Chapter 6, Redundancy, Load Balancing, and Failover contains recipes explaining how to load-balance or failover the multi-WAN interfaces to protect large and sensitive systems.
Chapter 7, Services and Maintenance describes all the networking services and features offered in pfSense such as configuring external logging (syslog server), enabling Wake On LAN (WOL), and configuring automatic configuration file backup.
Appendix A, Monitoring and Logging includes the features available in pfSense to help you monitor your system and also covers how to use different logging tools built into pfSense.
Appendix B, Determining our Hardware Requirements will show you how to choose the best pfSense configuration after you determine your firewall requirements. You will even learn how and where to deploy pfSense to fit your environment's security needs.
What you need for this book
A working installation of pfSense 2.0 is the only requirement for the recipes in this book. Readers who are new to pfSense can follow the recipes in the appendices for instructions on how to determine what type of hardware they should install pfSense on. The minimum requirements for a pfSense installation are 500Mhz, 128MB RAM, and 1GB hard disk space. PfSense can also be installed as a virtual machine, and for convenience a VMWare image is available from the Downloads section of the pfSense website.
Who this book is for
This book is intended for all levels of network administrators. If you are an advanced user of pfSense, then you can flip to a particular recipe and quickly accomplish the task at hand, while if you are new to pfSense, you can read chapter-by-chapter and learn all of the features of the system from the ground-up.
Conventions
In this book, you will find a number of styles of text that distinguish between different kinds of information. Here are some examples of these styles, and an explanation of their meaning.
Code words in text are shown as follows: "Our public key is now located at /home/user/.ssh/id_rsa.pub."
Any command-line input or output is written as follows:
New terms and important words are shown in bold. Words that you see on the screen, in menus or dialog boxes for example, appear in the text like this: "On the Virtual IPs tab, click the "plus" button to add a new virtual IP Address".
Note
Warnings or important notes appear in a box like this.
Tip
Tips and tricks appear like this.
Reader feedback
Feedback from our readers is always welcome. Let us know what you think about this book—what you liked or may have disliked. Reader feedback is important for us to develop titles that you really get the most out of.
To send us general feedback, simply send an e-mail to <[email protected]>, and mention the book title via the subject of your message.
If there is a book that you need and would like to see us publish, please send us a note in the SUGGEST A TITLE form on www.packtpub.com or e-mail <[email protected]>.
If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, see our author guide on www.packtpub.com/authors.
Customer support
Now that you are the proud owner of a Packt book, we have a number of things to help you to get the most from your purchase.
Errata
Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you find a mistake in one of our books—maybe a mistake in the text or the code—we would be grateful if you would report this to us. By doing so, you can save other readers from frustration and help us improve subsequent versions of this book. If you find any errata, please report them by visiting http://www.packtpub.com/support, selecting your book, clicking on the errata submission form link, and entering the details of your errata. Once your errata are verified, your submission will be accepted and the errata will be uploaded on our website, or added to any list of existing errata, under the Errata section of that title. Any existing errata can be viewed by selecting your title from http://www.packtpub.com/support.
Piracy
Piracy of copyright material on the Internet is an ongoing problem across all media. At Packt, we take the protection of our copyright and licenses very seriously. If you come across any illegal copies of our works, in any form, on the Internet, please provide us with the location address or website name immediately so that we can pursue a remedy.
Please contact us at <[email protected]> with a link to the suspected pirated material.
We appreciate your help in protecting our authors, and our ability to bring you valuable content.
Questions
You can contact us at <[email protected]> if you are having a problem with any aspect of the book, and we will do our best to address it.
Chapter 1. Initial Configuration
In this chapter, we will cover:
Introduction
PfSense is an open source operating system used to turn a computer into a firewall, router, or a variety of other application-specific network appliances. PfSense is a customized FreeBSD distribution based on the m0n0wall project, a powerful but light-weight firewall distribution. PfSense builds upon m0n0wall's foundation and takes its functionality several steps further by adding a variety of other popular networking services.
This chapter covers the core settings needed for almost every pfSense deployment; whether that is a firewall, router, or even a wireless access point! Once pfSense is installed and configured according to the recipes in this chapter, you will have a fully-operation firewall plus router. At its most basic level, a pfSense machine can be used to replace the common home router when more functionality is desired. In more advanced configurations, pfSense can be used to establish a secure tunnel to a remote office, load-balance a web farm, or shape and prioritize all network traffic just to name a few example scenarios. There are literally hundreds of ways to configure and customize a pfSense installation.
Once pfSense is installed, there are two ways to access the system remotely—SSH and the WebGUI. An SSH connection will present you with the same low-level system menu that you would see on the screen if your machine is connected to a monitor. The SSH menu options are basic and very little configuration is done here. The entire configuration described in every recipe in this book is done through the WebGUI interface, unless specified otherwise, which is accessible through the IP address of any interface you configured during installation (such as 192.168.1.1).
Applying basic settings in General Setup
This recipe describes how to configure the core system settings in PfSense.
Getting ready
All that's required for this recipe is a base installation of pfSense and access to the WebGUI. Some of these settings will have been configured during the installation process, but can be modified here at any time.
Note
On a new install, the default credentials are:
Username: admin
Password: pfsense
