Mastering pfSense电子书

Title Page

Copyright and Credits

Mastering pfSense Second Edition

Dedication

Packt Upsell

Why subscribe?

PacktPub.com

Contributors

About the author

About the reviewer

Packt is searching for authors like you

Preface

Who this book is for

What this book covers

To get the most out of this book

Download the color images

Conventions used

Get in touch

Reviews

Revisiting pfSense Basics

Technical requirements

pfSense project overview

Possible deployment scenarios

Hardware requirements and sizing guidelines

Minimum hardware requirements

Hardware sizing guidelines

The best practices for installation and configuration

pfSense configuration

Configuration from the console

Configuration from the web GUI

Configuring additional interfaces

Additional WAN configuration

General setup options

Summary

Questions

Further reading

Advanced pfSense Configuration

Technical requirements

SSH login

DHCP

DHCP configuration at the console

DHCP configuration in the web GUI

DHCPv6 configuration in the web GUI

DHCP and DHCPv6 relay

DHCP and DHCPv6 leases

DNS

DNS resolver

General Settings

Enable DNSSEC support

Host Overrides and Domain Overrides

Access Lists

DNS forwarder

DNS firewall rules

DDNS

DDNS updating

RFC 2136 updating

Troubleshooting DDNS

Captive portal

Implementing captive portal

User manager authentication

Voucher authentication

RADIUS authentication

Other settings

Troubleshooting captive portal

NTP

SNMP

Summary

Questions

VLANs

Technical requirements

Basic VLAN concepts

Example 1 – developers and engineering

Example 2 – IoT network

Hardware, configuration, and security considerations

VLAN configuration at the console

VLAN configuration in the web GUI

QinQ

Link aggregation

Add firewall rules for VLANs

Configuration at the switch

VLAN configuration example 1 – TL-SG108E

VLAN configuration example 2 – Cisco switches

Static VLAN creation

Dynamic Trunking Protocol

VLAN Trunking Protocol

Troubleshooting VLANs

General troubleshooting tips

Verifying switch configuration

Verifying pfSense configuration

Summary

Questions

Using pfSense as a Firewall

Technical requirements

An example network

Firewall fundamentals

Firewall best practices

Best practices for ingress filtering

Best practices for egress filtering

Creating and editing firewall rules

Floating rules

Example rules

Example 1 – block a website

Example 2 – block all traffic from other networks

Example 3 – the default allow rule

Scheduling

An example schedule entry

Aliases

Creating aliases from a DNS lookup

Bulk import

Virtual IPs

Troubleshooting firewall rules

Summary

Questions

Network Address Translation

Technical requirements

NAT essentials

Outbound NAT

Example – filtering outbound NAT for a single network

1:1 NAT

Example – mapping a file server

Port forwarding

Example 1 – setting up DCC

Example 2 – excluding a port

Example 3 – setting up a personal web server

Network Prefix Translation

Example – mapping an IPv6 network

Troubleshooting

Summary

Questions

Traffic Shaping

Technical requirements

Traffic shaping essentials

Queuing policies

Priority queuing

Class-based queuing

Hierarchical Fair Service Curve

Configuring traffic shaping in pfSense

The Multiple LAN/WAN Configuration wizard

The Dedicated Links wizard

Advanced traffic shaping configuration

Changes to queues

Limiters

Layer 7 traffic shaping

Adding and changing traffic shaping rules

Example 1 – modifying the penalty box

Example 2 – prioritizing EchoLink

Traffic shaping examples

Example 1 – adding limiters

Example 2 – penalizing peer-to-peer traffic

Using Snort for traffic shaping

Installing and configuring Snort

Troubleshooting traffic shaping

Summary

Questions

Further reading

Virtual Private Networks

Technical requirements

VPN fundamentals

IPsec

L2TP

OpenVPN

AES-NI

Choosing a VPN protocol

Configuring a VPN tunnel

IPsec

IPsec peer/server configuration

IPsec mobile client configuration

Example 1 – Site-to-site IPsec configuration

Example 2 – IPsec tunnel for remote access

L2TP

OpenVPN

OpenVPN server configuration

OpenVPN client configuration

Client-specific overrides

Server configuration with the wizard

OpenVPN Client Export Utility

Example – site-to-site OpenVPN configuration

Troubleshooting

Summary

Questions

Redundancy and High Availability

Technical requirements

Basic concepts

Server load balancing

Example – load balancer for a web server

HAProxy – a brief overview

CARP configuration

Example 1 – CARP with two firewalls

Example 2 – CARP with N firewalls

An example of both load balancing and CARP

Troubleshooting

Summary

Questions

Further reading

Multiple WANs

Technical requirements

Basic concepts

Service Level Agreement

Multi-WAN configuration

DNS considerations

NAT considerations

Third-party packages

Example – multi-WAN and CARP

Troubleshooting

Summary

Questions

Routing and Bridging

Technical requirements

Basic concepts

Bridging

Routing

Routing

Static routes

Public IP addresses behind a firewall

Dynamic routing

RIP

OpenBGPD

Quagga OSPF

FRRouting

Policy-based routing

Bridging

Bridging interfaces

Special issues

Bridging example

Troubleshooting

Summary

Questions

Extending pfSense with Packages

Technical requirements

Basic considerations

Installing packages

Important packages

Squid

Issues with Squid

Squid reverse proxy server

pfBlockerNG

ntopng

Nmap

HAProxy

Example – load balancing a web server

Other packages

Snort

Example – using Snort to block social media sites

FRRouting

Zabbix

Summary

Questions

Further reading

Diagnostics and Troubleshooting

Technical requirements

Troubleshooting basics

Common networking problems

Wrong subnet mask or gateway

Wrong DNS configuration

Duplicate IP addresses

Network loops

Routing issues

Port configuration

Black holes

Physical issues

Wireless issues

RADIUS issues

pfSense troubleshooting tools

System logs

Dashboard

Interfaces

Services

Monitoring

Traffic graphs

Firewall states

States

States summary

pfTop

tcpdump

tcpflow

ping, traceroute and netstat

ping

traceroute

netstat

Troubleshooting scenarios

VLAN configuration problem

Summary

Questions

Assessments

Chapter 1 – Revisiting pfSense Basics

Chapter 2 – Advanced pfSense Configuration

Chapter 3 – VLANs

Chapter 4 – Using pfSense as a Firewall

Chapter 5 – Network Address Translation

Chapter 6 – Traffic Shaping

Chapter 7 – Virtual Private Networks

Chapter 8 – Redundancy and High Availability

Chapter 9 – Multiple WANs

Chapter 10 – Routing and Bridging

Chapter 11 – Extending pfSense with Packages

Chapter 12 – Diagnostics and Troubleshooting

Another Book You May Enjoy

Leave a review - let other readers know what you think