Skip to main content

2 posts tagged with "networking"

View All Tags

· 5 min read

I'm back! So been a little busy with life, but a couple weekends ago I did get pfSense running at its most basic functions on my network. I do feel like I approached it a little backwards...but it works. I did make some mistakes that, nothing major that I couldn't correct.

Here is what I did

  1. Setup pfBlocker

  2. Setup DHCP and setup old router as a wireless access point (WAP)

  3. Port Forwarding for PLEX

If I were to redo this process I would of setup DHCP and configure my previous router as a WAP first.

My main goals for this round of pfSense was essentially to duplicate my current setup. Replace Pi-hole with pfBlocker, pfSense as my DHCP provider, and something that I've always wanted...proper port forwarding of Plex. No more double NATing issues.

pfBlocker

pfBlocker is a wonderful little feature, essentially a DNS sinkhole that can be used to block adverts, malicious websites, or any unwanted websites. For my home network, I used the IP Blocklists provided by pfSense and FireBog.

  1. Install the pfBlocker package. I used the development package.

    • System > Available Packages > pfBlockerNG-devel >> Click Install + Confirm
  2. Wait for the installation to complete. Should take no more than a minute.

    • Firewall > pfBlockerNG Setup

    • We will follow the Setup Menu, on the "Welcome to pfBlockerNG" Screen, click Next. You will recieve a warning on the next screen. Click Next again.

    • "Step 2" On this Screen you will be presented with Inbound and Outbound interfaces. Here I set it as Inbound = WAN and Outbound = LAN.

    • "Step 3" I left the VIP address as the default...

      • LESSON LEARNED! I recommend changing the Port to something other than default that isn't currently being used such as 4443. The first time I went through this menu I left it as defaults. Once activated, I could not longer access pfSense. I had to console into pfSense and remove the pfBlocker package and start again. If pfBlocker locks you out, follow the below instructions. Assumptions are made that you are able to access the console or utilize SSH

      • To list installed packages from the console (or SSH)

        pkg info
      • The current version of pfBlocker I have installed is "pfSense-pkg-pfBlockerNG-devel-3.1.0_4", to uninstall run the following and then type y to confirm

        pkg delete pfSense-pkg-pfBlockerNG-devel-3.1.0_4
    • "Step 4" Hit Finish

    • "Extra Steps" Click on IP and enable Floating Rules under IP Interface/Rules Configuration this will plant the rules in the Firewall under Floating. This will make tracking rules easier. I'll have to re-refrence Lawrences video on configuration which I will link below.

    • Finally, I have found that I need to reboot pfSense in order for the pfBlocker to take effect. Not sure if this is normal.

IP Blocker

I kept this at its default settings, although I did add one more block list from Alien Vault which I selected from the Feeds Tab which is under the pfBlocker menu. You don't want to block inbound connections. Just anything going out in this case.

DNS Blocking

This is something I am a bit more familiar with, coming from Pi-Hole.

For now, I am leaving the DNSBL Category and DNSBL SafeSearch categories alone, focusing only on the DNSBL Groups tab instead.

I find this to be incredibly straight forward. Click on the Add button, Provide a name, and then add the various DNS blocking lists that suit your needs. Personally, I was a bit heavy handed and used all of FireBogs Green and Blue lists (that are not scratched out) while seperating them into various categories.

Ensure that once you have added your lists, that you set the State for each list you want as "ON" and under the Settings section that the Action is set to "Unbound". I would also recommend that you set the list to auto update on a semi-regular basis to ensure the lists stay up to date.

DHCP and WAP

This I should of done first. Like pfBlocker this was pretty straight forward with a couple of minor gotcha's.

  1. Under Interfaces, set IPv4 configuration type to Static IPv4 and then change your LAN port to the IP Range that you prefer. Such as 192.168.10.1. This will also be the gateway IP for devices on that subnet. Note, if you are accessing your device from that same port you will need to now access pfSense from the new IP address.
  2. Head to Services > DHCP Server, click to enable "DHCP Server on LAN Interface". You will then need to ensure that the available range matches the subnet of the LAN Interface. Such as 192.168.3.10 - 192.168.3.50. This will set the DHCP server to supply upwards of 40 IP address between 10 and 50.

That is it, straight forward and simple. This is a basic configuration. I plan for it to be a bit more complicated once I get into VLANs and Subnetting.

Port Forwarding for Plex

Resources

Lawrence Systems - pfBlocker Setup

· 2 min read

Just got back from a nice vacation this past week and decided it is time to jump into setting up my pfSense.

Getting it installed and running wasn't much of an issue, to be honest, all I did was connect the Modem/Router combo into port 1 (WAN) and port 2 connecting into the WAN port of my main router.

Network connectivity is a go...

The main problem I wanted to solve was getting the Telekom Modem/Router combo to only act as a modem and bridge the internet into my pfSense appliance.

In order to accomplish this I needed the following bits of information.

  1. Internet Zugangsnummer
  2. Kennwort (With Telekom, you should recieve this with your initial setup letter, but it looks like you can change this online)
  3. Anschlusskennung
  4. Mitbenutzernummer

image-center{:.align-center}

With this information you have everything you need to bridge your modem into pfSense.

The username will be Internet Zugangsnummer + Anschlusskennung + Mitbentuzernummer@t-online.de

Kennwort will be the password you will use.

Before doing anything else, I backed up the configuration for my router/modem combo (Speedport Smart 3) and my main router. I then set the Speedport into modem mode (just a click of a button) and connected the LAN cable from the WAN port to LAN 4 port, this is based on the Speedport manual.

Next, I disconnected the pfSense appliance from the modem and began configuration.

Within the pfSense go to Interfaces >> Interface Assignements >> VLANS

Click to create a new VLAN with the following configuration. The Parent Interface will be your WAN port.

image-center{:.align-center}

Next go to Interfaces >> WAN , set the IPv4 Configuration type to PPPoE.

Now configure the PPPoE with the information we gathered earlier. After the information is entered and saved click on "Advanced and MLPPP".

image-center{:.align-center}

Here you link the interface with your VLAN you created earlier. Ensure all username and password fields are filled as well.

image-center{:.align-center}

That is it, connect your LAN cable back into your WAN port and give it a few minutes. If it does not connect, check the system logs. Status >> System Logs >> PPP.