Difference between revisions of "PfSense"
(→installation) |
(→config) |
||
(9 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
=== about === | === about === | ||
building an open-source firewall-router | building an open-source firewall-router | ||
+ | * https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Grundschutz/Kompendium_Einzel_PDFs_2021/09_NET_Netze_und_Kommunikation/NET_3_2_Firewall_Edition_2021.html | ||
+ | * https://de.wikipedia.org/wiki/PfSense | ||
+ | * https://de.wikipedia.org/wiki/OPNsense | ||
+ | * https://www.admin-magazin.de/Das-Heft/2016/12/Freie-Firewall-OPNSense | ||
− | === | + | ==== whishlist ==== |
+ | DSL is extremly slow, improve performance | ||
+ | * WAN load-balancing DSL <> LTE | ||
+ | * cache Windows updates (squid) | ||
+ | * filter | ||
+ | ** malware | ||
+ | ** ads | ||
+ | * isolated public wifi hotspot (VLan) | ||
+ | * isolated CCTV servers (VLan) | ||
+ | ** allow outside > in (routing) | ||
+ | * ... | ||
+ | |||
+ | === hardware === | ||
* https://shop.tronico.net/Embedded-Computer/PC-Engines/APU-Mainboards/APU-4D4-system-board.html | * https://shop.tronico.net/Embedded-Computer/PC-Engines/APU-Mainboards/APU-4D4-system-board.html | ||
* https://shop.tronico.net/Embedded-Computer/PC-Engines/Gehaeuse/Gehaeuse-fuer-APU4x4.html?force_sid=9c6oet13oep8rrl80b8ne9k4lh | * https://shop.tronico.net/Embedded-Computer/PC-Engines/Gehaeuse/Gehaeuse-fuer-APU4x4.html?force_sid=9c6oet13oep8rrl80b8ne9k4lh | ||
Line 19: | Line 35: | ||
==== config ==== | ==== config ==== | ||
− | * set LAN Interface 192.168.1. | + | * set LAN Interface 192.168.1.6 |
* IPv4 Upstream gateway 192.168.1.1 | * IPv4 Upstream gateway 192.168.1.1 | ||
* System > General Setup > DNS Servers 8.8.8.8 | * System > General Setup > DNS Servers 8.8.8.8 | ||
Line 29: | Line 45: | ||
==== squid ==== | ==== squid ==== | ||
− | * https://www.taste-of-it.de/pfsense-squid-als-transparenter-proxy-mit-antivirus-funktion-fuer-http/ | + | * https://www.taste-of-it.de/pfsense-squid-als-transparenter-proxy-mit-antivirus-funktion-fuer-http/ (http) |
− | * ?geeignete Refresh Patterns? | + | ** Local Cache > Dynamic and Update Content > ?geeignete Refresh Patterns? |
+ | * https://turbofuture.com/internet/Intercepting-HTTPS-Traffic-Using-the-Squid-Proxy-in-pfSense (https) | ||
+ | ** ?klappt nicht? | ||
[[category:Projekte]] | [[category:Projekte]] |
Latest revision as of 17:43, 9 February 2021
Contents
about
building an open-source firewall-router
- https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Grundschutz/Kompendium_Einzel_PDFs_2021/09_NET_Netze_und_Kommunikation/NET_3_2_Firewall_Edition_2021.html
- https://de.wikipedia.org/wiki/PfSense
- https://de.wikipedia.org/wiki/OPNsense
- https://www.admin-magazin.de/Das-Heft/2016/12/Freie-Firewall-OPNSense
whishlist
DSL is extremly slow, improve performance
- WAN load-balancing DSL <> LTE
- cache Windows updates (squid)
- filter
- malware
- ads
- isolated public wifi hotspot (VLan)
- isolated CCTV servers (VLan)
- allow outside > in (routing)
- ...
hardware
- https://shop.tronico.net/Embedded-Computer/PC-Engines/APU-Mainboards/APU-4D4-system-board.html
- https://shop.tronico.net/Embedded-Computer/PC-Engines/Gehaeuse/Gehaeuse-fuer-APU4x4.html?force_sid=9c6oet13oep8rrl80b8ne9k4lh
- https://shop.tronico.net/Speicherkarten-SSD/mSATA/Transcend-mSATA-SSD-32GB.html?force_sid=9c6oet13oep8rrl80b8ne9k4lh
installation
prerequisite
- serial-cable / female<>female (null-modem)
- https://de.wikipedia.org/wiki/RS-232#Verkabelung_und_Stecker
- RX-TX (Pin2/Pin3) crossed
- GND <> GND
- putty
- speed 115200
- pfSense-CE-memstick-serial-2.4.5-RELEASE-p1-amd64.img
config
- set LAN Interface 192.168.1.6
- IPv4 Upstream gateway 192.168.1.1
- System > General Setup > DNS Servers 8.8.8.8
configuration
pfBlockerNG
squid
- https://www.taste-of-it.de/pfsense-squid-als-transparenter-proxy-mit-antivirus-funktion-fuer-http/ (http)
- Local Cache > Dynamic and Update Content > ?geeignete Refresh Patterns?
- https://turbofuture.com/internet/Intercepting-HTTPS-Traffic-Using-the-Squid-Proxy-in-pfSense (https)
- ?klappt nicht?