Configure a professional firewall using pfSense

pfSense project logoThe Free Software Magazine has a good howto on installing and setting up pfSense.

This guide was written for Linksys, Netgear, and D-link users with no firewall or router experience. No experience is needed with FreeBSD or GNU/Linux to install and run pfSense. When you are finished, management of pfSense will be from a web interface just like any of the SOHO firewall/router appliances.

pfSense is a web-based firewall project that is similar, in terms of functionality, to the software in firewall appliances sold by Linksys, Netgear and D-Link. pfSense covers all the basic requirements offered by those appliances but offers so much more—in fact, it is really in a class by itself since it would be very difficult to find a commercial alternative that would provide what pfSense has to offer (or, anything cheaper than $2,000–$5,000).

Two good reasons to use pfSense

1. pfSense is a very powerful and stable project with advanced features. Users of pfSense have reported that it performs well even with hundreds of computers operating behind the firewall. pfSense has all the features of the SOHO units and much more. You can have multiple network subnets separate from each other using firewall rules. For example, you could have separate subnets for each business function; or separate Accounting, Marketing, Sales, and R&D from each other, while giving each one access to the Internet; or set up a HotSpot for your business, allowing users to access the Internet but not the company LAN (which usually contains a POS (Point Of Sale) system and/or proprietary information and non public computer systems).

2. If you are an experienced FreeBSD, GNU/Linux or Unix user you may wish to add applications from the FreeBSD repository. While running additional applications on a firewall can increase your exposure to potential risk of being hacked, it can still be extremely useful to add a few applications to pfSense. Once you get pfSense installed you can find a list of authorized ports under the System Packages tab. These can be installed with one click. The FreeBSD.org packages are added by the user via the shell the way it has been done for years. These FreeBSD.org packages are not officially supported by pfSense.

Not directly related to pfSense, but if you’re interested in professional qualifications maintaining and supporting firewall and routing platforms, have a look at the InfoSec Institute. InfoSec can help you receive your CISSP Certification and become an IT professional.

Read the howto or download the howto as PDF

Links: Free Software Magazine | pfSense howto | pfSense Project

FreeNAS 0.69 beta1 available

Folker Theile has announced the release of FreeNAS 0.69 beta 1, a tiny FreeBSD-based operating system for NAS services. From the changelog

  • Upgrade to FreeBSD 6.3;
  • add ‘lagg’ link aggregation and link failover interface support (kernel);
  • switch back to SCHED_4BSD scheduler; add generic web server service;
  • complete review and typo fixes in source code;
  • upgrade rsync to 3.0.2, smartmontools to 5.38, lighttpd to 1.4.19, e2fsprogs to 1.40.10, PHP to 5.2.6;
  • use SAJAX to update miscellaneous WebGUI pages every 5 seconds to display current states;
  • refactor complete S.M.A.R.T. WebGUI and ActiveDirectory WebGUI;
  • add ability to web server WebGUI to configure URLs requiring authentication;
  • replace Adaptec SCSI RAID administration tool aaccli with arcconf;
  • upgrade Adaptec AACRAID 32- and 64-bit driver to version 5.2.0 Build 15727;
  • replace UPnP media player MediaTomb with Fuppes

Download (MD5): i386 version (47.6MB) | amd64 version (51.7MB).

pfSense – hardware/server request

Scott Ullrich from pfSense Project

is looking for anybody willing to donate a hardware or a fast server to speed up building and compiling of pfSense.

It seems more and more that I spend 90% of my time waiting for pfSense builds to validate code changes, kernel changes, etc
more…

Here’s a rundown of parts that would be ideal:

  • quad core cpu, or dualquad core if possible
  • 4g ram (not strictly necessary, but useful for cache)
  • 6 sata disks (western dig raptors would rock), and an areca or similar card with 256M-1G battery backed cache

Is there anybody able to help the pfSense project?

Read the whole blogpost and the comments here.