pfSense: A Guide to NAT, Firewall Rules and some Networking 101

How to pfSense.

So, you’ve decided to ditch that POS ISP provided router, or just literally anything marketed towards consumers and have installed pfSense, so.. what now?

The following will be a guide on how to create, manage and understand both firewall rules and NAT in pfSense. I get asked a lot of questions daily and I thought this should be useful for those that are either new to pfSense or want to understand what they’re doing when they create rules.

This guide is not just for pfSense, it’s just what I use and is extremely popular so I’m doing a post about it. A lot of the fundamentals and methodology will carry over to many other devices/software.

In this post, I will try and explain why these steps are being taken and add some networking 101 into the mix as well.

Continue Reading

Tunneling Specific Traffic over a VPN with pfSense

Recently I stumbled on a post in /r/sysadmin by /u/ThatOnePrivacyGuy that had a spreadsheet he had created comparing a load of VPN services, you can find it here.

This got me thinking, my automated downloads crunch through terabytes of data every month on a home connection, and if my ISP were to look into this it would not show me in a good light due to a lot of p2p I have going on in my household; with my flat mate constantly having torrent connections open and Sonarr + Couchpotato downloading via torrents and NZBs there is a lot of data I would like to mask from my ISP. Thanks to that awesome spreadsheet I managed to find a service that looked perfect for me, vpn.ac.

Continue Reading

Create an IPSEC Site to Site tunnel between two PfSense firewalls

So I need to create an IPSEC point to point link between two sites so my two FreeNAS boxes can replicate between each other as per this project.  I already run my network on PfSense and have done for a few years now and think it’s great so slapping a PfSense box at my mother’s house seemed like the easiest thing to do. Once all the NAS business was setup I dug out an old desktop machine (Dell Optiplex 760), put a 2 port Intel gigabit card inside and installed PfSense. After bringing it to my old house and changing the config on their DD-WRT router to act as a switch+AP I brought up the WAN connection and did some IP configuring. Once the interweb was setup and I confirmed the LAN was fully working (had to turn on static NAT for my lil’ bros PS4) I went ahead and configured the tunnel.
Continue Reading