Title Page Copyright and Credits Learn pfSense 2.4 Packt Upsell Why subscribe? PacktPub.com Contributors About the author About the reviewer Packt is searching for authors like you Preface Who this book is for What this book covers To get the most out of this book Conventions used Get in touch Reviews Getting Started with pfSense Technical requirements The pfSense project What pfSense can do The pfSense community Objectives of this book Summary Questions Further reading Installing pfSense Technical requirements Networking fundamentals The seven-layer OSI model LANs, WANs, and MANs Client-server and peer-to-peer networking Layers 1 and 2 — topology and data link protocols Layers 3 and 4 — network and transport IP addressing Typical pfSense deployment scenarios Hardware requirements and sizing guidelines Minimum requirements Hardware sizing guidelines Budget-priced options Using an old desktop system Using a thin client Using an old laptop Installing pfSense Step-by-step installation guide Initial pfSense configuration Configuration from the console Configuration from the web GUI Advanced WAN configuration Additional setup options SSH login Summary Questions Further reading Configuring pfSense Technical requirements IPv4 and IPv6 addressing Additional setup options SSH login Adding interfaces Configuration of LAN-type interfaces WAN configuration Adding a DHCP server DHCP configuration at the console DHCP configuration in the web GUI DHCP static configuration DHCPv6 configuration in the web GUI DHCP and DHCPv6 relay DHCP and DHCPv6 leases VLAN configuration VLAN configuration at the console VLAN configuration in the web GUI QinQ and link aggregation Remaining considerations Summary Questions Further reading Captive Portal Technical requirements Captive portal basics Captive portal best practices Enabling a captive portal Authentication options Local User Manager/Vouchers Local user manager Voucher authentication RADIUS authentication Additional captive portal options Captive portal examples Example #1 – no authentication Example #2 – authentication with vouchers Example #3 – RADIUS authentication Step 1 – RADIUS installation and configuration Step 2 – captive portal prerequisites Step 3 – captive portal configuration Troubleshooting captive portals Summary Questions Further reading Additional pfSense Services Technical requirements Introduction to DNS Configuring DNS DNS Resolver DNS Forwarder DNS firewall rules DDNS Updating DDNS RFC 2136 updating Checking IP services Troubleshooting DDNS NTP Configuring NTP Troubleshooting NTP SNMP Troubleshooting SNMP Summary Questions Further reading Firewall and NAT Technical requirements Firewall fundamentals Firewall best practices Best practices for ingress filtering Best practices for egress filtering Creating firewall rules Floating rules Example rules Example #1 – rule to block a website Example #2 – universal allow any rule Example #3 – rule to prevent SYN flood attacks Scheduling Example – blocking a website only during certain hours Aliases and virtual IPs Aliases Example – creating an alias and making a block rule based on the alias Virtual IPs NAT Port-forwarding Example – DCC port-forwarding Outbound NAT 1:1 NAT Troubleshooting Summary Questions Further reading Traffic Shaping Technical requirements Traffic shaping fundamentals Queuing disciplines Priority queuing Class-based queuing Hierarchical Fair Service Curve – HFSC Configuring traffic shaping The Multiple Lan/Wan configuration wizard The Dedicated Links wizard Advanced traffic shaping configuration Changes to queues Limiters Manual rule configuration Example #1 – modifying the penalty box Example #2 – prioritizing EchoLink Using Snort for traffic shaping Installing and configuring Snort Troubleshooting Summary Questions Further reading Virtual Private Networks Technical requirements VPN fundamentals IPsec L2TP OpenVPN Choosing a VPN protocol VPN hardware Configuring a VPN tunnel IPsec configuration IPsec peer/server congfiguration IPsec mobile client configuration Pre-shared keys Advanced settings Example 1 – Site-to-site IPsec configuration Example 2 – IPsec tunnel for mobile remote access L2TP OpenVPN OpenVPN server configuration OpenVPN client configuration Server configuration with the wizard OpenVPN Client Export Utility Troubleshooting VPNs Summary Questions Further reading Multiple WANs Technical requirements Multi-WAN fundamentals Service-level agreement Policy-based routing Failover and load balancing When is a gateway down? Configuring multiple WANs DNS considerations NAT considerations Third-party packages Troubleshooting Summary Questions Further reading Routing and Bridging Technical requirements Routing and bridging fundamentals Bridging fundamentals Routing fundamentals Routing Static routes Public IP addresses behind a firewall Dynamic routing RIP (routed) OpenBGPD Quagga OSPF FRRouting Bridging Bridging interfaces The other issues Troubleshooting Summary Questions Further reading Diagnostics and Troubleshooting Technical requirements Troubleshooting fundamentals A seven-step approach to troubleshooting Common networking problems Wrong subnet mask or gateway Wrong DNS configuration Duplicate IP addresses Network loops Routing issues Port configuration Black holes Physical issues Wireless issues RADIUS issues pfSense troubleshooting tools Dashboard System logs Interfaces Services Monitoring Traffic graphs Firewall states States State summary pfTop tcpdump tcpflow ping, traceroute, and netstat ping traceroute netstat A troubleshooting scenario A user cannot connect to a website Summary Questions Further Reading Assessments Chapter 1 Chapter 2 Chapter 3 Chapter 4 Chapter 5 Chapter 6 Chapter 7 Chapter 8 Chapter 9 Chapter 10 Chapter 11 Other Books You May Enjoy Leave a review - let other readers know what you think