pfSense Hangout – new features and changes in pfSense (2.1, 2.2)

Last Friday, Chris Buechler did a live Google Hangout , which can now be watched on Youtube, on pfSense, a free, powerful, open source firewall and security solution.

The first part is a presentation, going over the new features and changes in the 2.1 release, and what is currently being worked on for the coming 2.2 release. After that there is a tutorial on troubleshooting port forwarding.

There was a problem with starting the hangout, so you best jump to 00:05:00.

 

pfSense 2.1, pfSense Gold Subscription and ESF

pfsense-logoChris Buechler has announced pfSense 2.1, a free, powerful, open source firewall and security solution.

Don’t be deceived by the .1 version number as it comes with a whole slew of new features. pfSense 2.1 is based on FreeBSD 8.3, comes with support for PC-BSD’s PBI package management, includes new hardware drivers and security updates, and many IPv6 updates.

A list with all the changes and additions can be found here.

It was also announced that there is now a $99 pfSense Gold Subscription.

pfSense Gold Subscription is our $99 per year premium membership subscription program, designed to provide special benefits to our members while supporting ongoing development of the Open Source pfSense project.  We hope this dual benefit will make Gold a program worth subscribing to.

The company behind pfSense has changed its name from BSD Perimeter to ESF. You will never guess what ESF stands for….. Electric Sheep Fencing.

FreeBSD news and links round-up – week 44

Welcome to the weekly (Free)BSD news round-up (week 44) where we have a mix of news snippets, links, howto’s and software/package updates for you all. These tid-bits are all very interesting and news worthy, yet too small to package as individual posts.

FreeBSD News

A FreeBSD Success Story

… Then, we switched the server to a new one, quad core, sixty gigabytes of ram and two terabytes of disk. This time, I chose FreeBSD because I knew that it would work greatly ! Linux could have worked too, maybe we could have more performance, but it would not be as easy to manage as our FreeBSD box… More

FreeBSD Ports

Bernhard Fröhlich joined the FreeBSD Ports Team in October.

Releases

1. FreeNAS 8.3 User Guide

The FreeNAS 8.3.0 Users Guide is available for download as EPUB, HTML and PDF.

2. M0n0wall 1.34b1 released

Manuel Kasper has announced Beta1 of M0n0wall 1.34.

“A maintenance version in the m0n0wall 1.3 branch has been released: 1.34b1 includes the CSRF-related fixes recently made to the beta branch, as well as a few others security-relevant things. Nothing is high priority, but once 1.34b1 has received some wider testing, it will be re-released as 1.34, and 1.33 users will be recommended to upgrade.”

Software/package updates

1. FreeBSD/Raspberry Pi

Gonzo has mentions that he has moved his FreeBSD/Raspberry Pi project into FreeBSD Head / Current.

2 KNemo 0.7.4 receives major improvements for FreeBSD

KNemo is a tool that monitors the network traffic and provides a tray widget for every network interface, support for network statistics, and different icon themes.

Highlights of the release are:

• Bugs in the BSD backend has been fixed;
• Wrong traffic bug reported on FreeBSD has been repaired;
• Wrong encryption state for mixed WEP connections on FreeBSD has been fixed;
• Default gateway previously undetected on FreeBSD is now working properly;
• A monochrome icon theme has been added;
• Support for the legacy system tray icon has been removed;
• Embedded plotter code has been dropped in favor of libksignalplotter.

Websites / Social Media

As some of you may have seen already RootBSD has a new website. It looks very clean and slick and looks more ‘web 2.0′ than the previous version.

RootBSD was established with one goal in mind: to provide reliable, flexible, and supported BSD-based hosting services to professionals and businesses. Our extensive selection of FreeBSD, OpenBSD, and Linux hosting packages means there is a right package for almost everyone.

(Free)BSD Events

1. PfSense Weekend (Brazil)

There will be a classroom pfSense weekend in Porto Alegre (Brazil) from 14-16 December. More details on http://www.cursopfsense.com.br/

New FreeBSD Committers

In October 2012 the following people became new committers or were given enhanced FreeBSD update rights: Simon J. Gerraty (src), Erwin Lansing (src, ports) and Eitan Adler (src, ports, doc).

BSD / Unix Family News

OpenBSD 5.2 arrives with improved multi-core support.

The OpenBSD project has released version 5.2 of its free BSD-based UNIX-like operating system. According to its developers, the most important change in the new release is the switch from user-level to kernel-level threads. This allows programs with multiple threads to use multiple CPU cores. (via)

pfSense tutorial: Configure pfSense as an SMB-caliber firewall

“Imagine this scenario: Another business group in your midsize company needs some new network connectivity, but they also require a number of network security features, including an integrated access point, user authentication, VPN capabilities, and a firewall to separate a certain group from the rest of the network. Oh, and they also want access to Snort and Nmap. Luckily, pfSense offers all of these features along with a number of customization options.”

Keith Barker explains in this video tutorial how to configure an SMB-caliber firewall

pfSense – Squid + Squidguard / Traffic Shapping Tutorial

Ever wanted to set up a pfSense firewall/router with content filtering? Howtoforge has one of the easiest tutorials to help you set this up. If you have a spare box, there’s no reason now to wait any longer: pfSense – Squid + Squidguard / Traffic Shapping Tutorial

In this tutorial I will show you how to set up pfSense 2.0.1 up as an Internet Gateway with Squid Proxy / Squidguard Filtering. I will also show that you have to configure some extra features of pfSense like traffic shapping with squid.

Installing and configuring Squid and DansGuardian under FreeBSD

Installing and configuring FreeBSD as router is something most of us won’t do daily. It’s one of those jobs you do once, and when it’s up and running, you let your server / router do its work and you don’t touch it – unless there’s a problem.

Squid and DansGuardian are some excellent tools for caching and content filtering. Squid is a caching proxy  supporting HTTP, HTTPS, FTP, and more. It reduces bandwidth and improves response times by caching and reusing frequently-requested web pages. DansGuardian is a web content filter. It filters the actual content of pages based on many methods including phrase matching, PICS filtering and URL filtering.

Since configuring Squid and DansGuardian is not something we daily do, the following tutorial may be useful: Installing and configuring Squid and DansGuardian under FreeBSD.

If you run pfSense, you can install Squid and DansGuardian too.

Another interesting tutorial is the one on creating plugins for FreeBSD’s new pkgng package management: Writing plugins for pkgns.

 

Traffic Shaping with pfSense and HFSC (video)

This screencast demonstrates the use of a pfSense device for traffic shaping on a typical home network, with the goals of minimizing latency and maximizing throughput. In particular, we use a three-tier queue configuration where a parent speedboost queue on each interface contains leaf queues that catch all the traffic. The speedboost queues use HFSC’s non-linear service curve to match the behavior of the comcast speedboost. The leaf queues are configured to partition the available bandwidth, and automatically allow ‘borrowing’ when there is no contention.


Section links:

  • Installation / Setup: 3min:01sec
  • Monitoring: 6min:30sec
  • Traffic Shaping: 15min:34sec