Difference between revisions of "PfSense"

From wiki.bastelbude.grade.de
Jump to: navigation, search
(prerequisite)
(config)
 
(10 intermediate revisions by the same user not shown)
Line 1: Line 1:
 
=== about ===
 
=== about ===
 
building an open-source firewall-router
 
building an open-source firewall-router
 +
* https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Grundschutz/Kompendium_Einzel_PDFs_2021/09_NET_Netze_und_Kommunikation/NET_3_2_Firewall_Edition_2021.html
 +
* https://de.wikipedia.org/wiki/PfSense
 +
* https://de.wikipedia.org/wiki/OPNsense
 +
* https://www.admin-magazin.de/Das-Heft/2016/12/Freie-Firewall-OPNSense
  
=== Hardware ===
+
==== whishlist ====
 +
DSL is extremly slow, improve performance
 +
* WAN load-balancing DSL <> LTE
 +
* cache Windows updates (squid)
 +
* filter
 +
** malware
 +
** ads
 +
* isolated public wifi hotspot (VLan)
 +
* isolated CCTV servers (VLan)
 +
** allow outside > in (routing)
 +
* ...
 +
 
 +
=== hardware ===
 
* https://shop.tronico.net/Embedded-Computer/PC-Engines/APU-Mainboards/APU-4D4-system-board.html
 
* https://shop.tronico.net/Embedded-Computer/PC-Engines/APU-Mainboards/APU-4D4-system-board.html
 
* https://shop.tronico.net/Embedded-Computer/PC-Engines/Gehaeuse/Gehaeuse-fuer-APU4x4.html?force_sid=9c6oet13oep8rrl80b8ne9k4lh
 
* https://shop.tronico.net/Embedded-Computer/PC-Engines/Gehaeuse/Gehaeuse-fuer-APU4x4.html?force_sid=9c6oet13oep8rrl80b8ne9k4lh
Line 19: Line 35:
  
 
==== config ====
 
==== config ====
* set LAN Interface 192.168.1.4
+
* set LAN Interface 192.168.1.6
 
* IPv4 Upstream gateway 192.168.1.1
 
* IPv4 Upstream gateway 192.168.1.1
 
* System > General Setup > DNS Servers 8.8.8.8
 
* System > General Setup > DNS Servers 8.8.8.8
 +
 +
=== configuration ===
 +
==== pfBlockerNG ====
 +
 +
* https://www.computing-competence.de/2018/06/11/mit-pfsense-werbung-und-potentielle-angriffe-blockieren-ala-pihole/
 +
 +
==== squid ====
 +
* https://www.taste-of-it.de/pfsense-squid-als-transparenter-proxy-mit-antivirus-funktion-fuer-http/ (http)
 +
** Local Cache > Dynamic and Update Content > ?geeignete Refresh Patterns?
 +
* https://turbofuture.com/internet/Intercepting-HTTPS-Traffic-Using-the-Squid-Proxy-in-pfSense (https)
 +
** ?klappt nicht?
  
 
[[category:Projekte]]
 
[[category:Projekte]]

Latest revision as of 17:43, 9 February 2021

about

building an open-source firewall-router

whishlist

DSL is extremly slow, improve performance

  • WAN load-balancing DSL <> LTE
  • cache Windows updates (squid)
  • filter
    • malware
    • ads
  • isolated public wifi hotspot (VLan)
  • isolated CCTV servers (VLan)
    • allow outside > in (routing)
  • ...

hardware

installation

prerequisite

config

  • set LAN Interface 192.168.1.6
  • IPv4 Upstream gateway 192.168.1.1
  • System > General Setup > DNS Servers 8.8.8.8

configuration

pfBlockerNG

squid