PFsense Configuration with Topology and Screenshots

最新推荐文章于 2022-04-24 16:10:40 发布

原创最新推荐文章于 2022-04-24 16:10:40 发布 · 195 阅读

0 ·

CC 4.0 BY-SA版权

本文详细介绍pfSense开源路由器及防火墙软件的安装与配置流程，包括家庭拓扑设置、防火墙规则、代理服务等核心功能，以及Snort入侵检测、Squid代理和URL过滤等高级特性。

摘要生成于 C知道，由 DeepSeek-R1 满血版支持，前往体验 >

pfSense is an open source routing and firewall software that is based on the FreeBSD distribution. The basic features including:

home-diagram-design.png?resize=800%2C519&ssl=1

pfSense Home Topology

Static/default/dynamic routing
Stateful firewall
Network Address Translation (NAT)
Virtual Private Networks (VPN)
Dynamic Host Configuration Protocol (DHCP)
Domain Name System (DNS)
Load balancing and so on.

With many supported add-on packages, other advanced features including:

Snort (for Intrusion Detection and Prevention)
FreeSWITCH (Voice over IP)
Squid (Proxy)
SquidGuard (URL Filtering/HTTPS inspection)
Darkstat (Network Traffic Monitor)

Here is my home pfSense firewall topology and configuration with screenshots and YouTube videos.

1. Topology and Installation

pfSense Installation YouTube Video:

2. Configuration Screenshots
2.1 Log into pfSense and Dashboard shows

pfsense-dashboard.png?resize=800%2C527&ssl=1

Pfsense-log-in-windows.png?resize=800%2C582&ssl=1

2.2 System – General Setup

pfsense-general-setup.png?resize=800%2C534&ssl=1

2.3 System – Package Manager
I have following packages installed:

Cron: The cron utility is used to manage commands on a schedule.
Lightsquid: LightSquid is a high performance web proxy reporting tool. Includes proxy realtime statistics (SQStat). Requires Squid package.
Open-VM-Tools: VMware Tools is a suite of utilities that enhances the performance of the virtual machine’s guest operating system.
Squid:High performance web proxy cache (3.5 branch). It combines Squid as a proxy server with its capabilities of acting as a HTTP / HTTPS reverse proxy.
squidGuard: High performance web proxy URL filter.

pfsense-Package-Management-installed-package.png?resize=800%2C504&ssl=1

2.4 Interfaces

Interfaces-Interface-assignment.png?resize=790%2C411&ssl=1

Interfaces-WAN.png?resize=800%2C650&ssl=1

Interfaces-LAN.png?resize=800%2C613&ssl=1

2.5 Firewall Rules

Firewall-Rules-WAN.png?resize=800%2C362&ssl=1

Firewall-Rules-LAN.png?resize=800%2C239&ssl=1

There are some NAT settings, but all are default.

2.6 Services – Cron
I have set up a daily restart task for my pfSense.

services-cron.png?resize=800%2C551&ssl=1

2.7 Services – Squid Proxy Server

Services-Squid-Proxy-2.png?resize=800%2C632&ssl=1

Services-Squid-Proxy-1.png?resize=800%2C644&ssl=1

Services-Squid-Proxy-3.png?resize=800%2C652&ssl=1

2.8 SquidGuard Proxy Filter

Services-Squid-Guard-Proxy-Filter-2.png?resize=800%2C511&ssl=1

Services-Squid-Guard-Proxy-Filter.png?resize=800%2C645&ssl=1

Services-Squid-Guard-Proxy-Filter-4.png?resize=800%2C226&ssl=1

Services-Squid-Guard-Proxy-Filter-3.png?resize=800%2C638&ssl=1

Services-Squid-Guard-Proxy-Filter-6.png?resize=800%2C291&ssl=1

Services-Squid-Guard-Proxy-Filter-5.png?resize=800%2C655&ssl=1

2.9 Squid Proxy Reports

Squid-User-Access-Report.png?resize=643%2C336&ssl=1

status-Squid-Proxy-Reports.png?resize=800%2C638&ssl=1

Squid-User-Access-Report-3.png?resize=800%2C605&ssl=1

Squid-User-Access-Report-2.png?resize=558%2C354&ssl=1

Notes: If in the status report, it only shows IP name, here is a solution I found online:

In an environment were pfSense is the only DNS server internally I have configured pfSense to look to itself first. This is what my config looks like.

Disable DNS resolver
Services | DNS Forwarder

check – Enable DNS forwarder
check – Register DHCP leases in DNS forwarder
check – Register DHCP static mappings in DNS forwarder

System | General Setup | DNS Servers

1st DNS Server – 127.0.0.1
2nd DNS Server – 8.8.8.8
3rd DNS server – 1.1.1.1
4th DNS server – 8.8.4.4
uncheck – Allow DNS server list to be overridden by DHCP/PPP on WAN