If you’re keen to find out what’s been added and changed in 2.0 in general, have a look at the pfSense 2.0 new features and changes page. The final release can be expected in about four weeks time.
pfSense is an open source distribution of FreeBSD-based firewall which provides a platform for flexible and powerful routing and firewalling. The versatility of pfSense presents us with a wide array of configuration options.
Matt Williamson takes a look at some frequently asked questions on pfSense such as:
- Q: What are the minimum hardware requirements for pfSense?
- Q: How does pfSense identify and assign interfaces?
- Q: How to enable the Secure Shell (SSH) service in pfSense?
- Q: How does pfSense assign DNS servers to the DHCP clients?
- Q: What happens if the Register DHCP Leases in DNS Forwarder is enabled?
- Q: What is an alias? What are the different types of aliases in pfSense?
- Q: How does the OpenVPN service work?
- Q: What are Gateway Groups?
- Q: How are bridged interfaces useful and how can one bridge together two interfaces in pfSense?
- Q: What is OLSR and how is it enabled in pfSense?
- Q: How to configure pfSense to automatically back up its configuration file?
Packt Publishing, the publishers of Learning FreeNAS, are now in the process of publishing pfSense 2 Cookbook.
This book helps users discover the power of pfSense‘s core functionality. It is written by Matt Williamson and is filled with examples of interfaces, firewall rules, NAT port-forwarding, VPN services, etc.
pfSense 2 Cookbook helps readers determine their deployment scenario, their hardware, throughput, andinterface requirements, and to select the right platform version of pfSense. They will be able to configure essential networking services such as DHCP, DNS, Dynamic DNS, and will be able to provide external Remote Desktop Access to an internal machine.
Through this book readers will learn to create multiple WAN interfaces, virtual IPs, a virtual LAN, gateways, and bridged interfaces. They will be able to configure traffic-shaping and Quality of Service (QoS), firewall redundancy with a CARP firewall failover, and external logging with syslog.
Talking about CARP, I came across a very interesting site explaining how to set up a CARO cluster, step-by-step: http://pfsense.basis06.com/download/tutorials/carp/carp-cluster-new.htm. There’s enough material available and howtos explaining how to set this up, but this little demo, is super clear.
When I have read the book, I’ll let you know more about the contents.
smallnetbuilder.com has an article (Build your own UTM with pfSense) showing what you can do with pfSense as Unified Threat Management appliance, esp. with regards to
Intrusion Detection and Prevention, Anti-Virus, Content Filtering, Anti-Spam and Traffic Control.
The concept of Unified Threat Management is straightforward: on the outer reaches of your network perimeter, you install an appliance that stops all possible threats to your network, an über firewall, as it were. The fact of the matter is that UTM hardware is expected to completely overtake separate network protection hardware.
pfSense can perform all these functions to some extent. To judge how well pfSense meets these UTM requirements, I’ve given a subjective grade to each set of UTM function groups. Once we’ve defined how these functions thwart threats, and how pfSense meets those challenges, we’ll upgrade Cerberus, and see how it performs as a UTM. more
The article concludes with:
With pfSense, this content is largely free – making pfSense, with all of its patchwork flaws, very compelling. The value proposition of pfSense is significant. It is free, open, and no expensive subscriptions are needed to protect your network. Free something is better than nothing.
Chris Buechler has also announced the availability of pfSense 2.0-RC1 (pfSense 2.0-RC1 now available):
Years and many thousands of hours in the making, pfSense 2.0 Release Candidate 1 is now available!
Check it out, test it, and leave feedback on the pfSense forums
I End of Life Announcement for PC-BSD 7.x
With the release of version 8.2 just around the corner, and PC-BSD 9.0 slated for later this year, we will be stopping the production of new packages / PBIs for the PC-BSD 7.x series in the near future: End of Life Announcement for PC-BSD 7.x
II Required: Senior FreeBSD/UNIX/Linux Administrator
You might be our next Sr. Systems Engineer: Senior FreeBSD/UNIX/Linux Administrator
III FreeBSD: Virtual Network Switch
In the previous post, I have mentioned about I’m going to cover Open vSwitch and Vde implementation. However I think it is also interesting to cover how you can setup virtual switch with FreeBSD native system. As we all know bridging is actually software switching, therefore we can make use of bridge interface to achieve this. I will explain the 6 ports virtual network switch setup that is illustrated in the diagram below: FreeBSD: Virtual Network Switch
IV Installing pfSense on an Alix.6e1
The ALIX.6e1 hardware platform:
2 10/100 LAN / 1 miniPCI / 1 miniPCI Express / AMD LX800 / 256 MB / 2 USB / DB9 serial port / CF Card slot / Board size: 6 x 6 : Installing pfSense on an Alix.6e1
Recently I contacted lead developers of different FreeBSD based projects and asked them about their development plans and ideas for 2011. Yesterday we looked at PC-BSD, let’s now see what the pfSense developers have in store.
As most of you will be aware, pfSense is a free, open source customised version of FreeBSD tailored for use as a firewall and router. In addition to being a powerful, flexible firewalling and routing platform, it includes a long list of related features and a package system allowing further expandability without adding bloat and potential security vulnerabilities to the base distribution.
Chris Buechler emailed the following update for 2011:
“2011 looks to be the best year yet for the project. We’ll have 2.0 release candidate 1 out this month. Final release soon after though it’s hard to put a timeline on that.
After that, we’ll be adding IPv6 support this year for the 2.1 release. That may be the only major new feature or change in the 2.1 release, which we expect by the end of 2011 at latest and probably sooner. We’re speeding up our release cycles and adding far fewer
things on each release, so we’ll have major releases out much more frequently going forward (in addition to any needed maintenance releases). The 2.0 release brings major enhancements to virtually every single piece of the system, and hence has taken a while to get through the release cycle. It’s looking very good now though.”
Thanks, Chris, for the update. Whishing you, Scott and the team a successful 2011. pfSense 2.0 is set to rock the routing/firewalling world and we’re all looking forward to its release.
If you, blog readers, have any requests, ideas or general views on pfSense, let us know via the comments below.
Some links to recent project updates and howtos.
- GhostBSD’s future in doubt. PC-BSD 9.0 will be available as Gnome (and other window managers as well), so Gnome lovers, don’t fear.
Setting up FreeBSD Wireless
Successful businesses do it with BSD!
The hidden underbelly of Mac OS X is; yep you guessed it BSD. Originally based on OpenBSD however since 10.2 or shortly there after FreeBSD. So this begs the question why do some many manufacturers rally behind Linux when Apple has clearly demonstrated beyond a shadow of any doubt that if you wish to be truly commercially successful building on the back of Open Source you’ve got to do it with a BSD. Consider all of those netbook producers out there with deploying Windows XP in most cases or some flavorless Linux distribution. …. Contintues