Announcement

Collapse
No announcement yet.

How to configure a PFSense Firewall

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    How to configure a PFSense Firewall

    Click image for larger version

Name:	image_62242.jpg
Views:	2204
Size:	34.1 KB
ID:	1211219

    We can start with a short video introduction to PFSense.

    It is part of a series located here:

    Comprehensive Guide To pfSense 2.3
    Mark Furneaux 13 videos 79,773 views
    Last updated on Jul 3, 2017


    Thank you Logbuilder for providing the links to PFSense.


    Comprehensive Guide to pfSense 2.3 Part 1: The What and Why

    Mark Furneaux
    Published on Nov 29, 2015



    Comprehensive Guide to pfSense 2.3 Part 2: Hardware

    Mark Furneaux
    Published on Dec 23, 2015



    Comprehensive Guide to pfSense 2.3 Part 3: Installation

    Mark Furneaux
    Published on Jan 12, 2016



    Comprehensive Guide to pfSense 2.3 Part 4: Networking Crash Course

    Mark Furneaux
    Published on Jan 31, 2016



    Comprehensive Guide to pfSense 2.3 Part 5.1: General Configuration and WebUI Tour

    Mark Furneaux
    Published on Feb 21, 2016



    Will post an easy peasey DIY here with pictures.

    Following is a basic step by step with no plugins and default firewall rules which work fine.

    Note that you can download a USB stick image or an ISO image and write it to a USB stick.

    1 - Download PFSense here:

    PFSense Download

    2 - extract the compressed file whether it is an image or ISO

    3 - Write the iso or img file to a USB stick

    4 - boot up the USB stick.

    Note here will combine images to be able to fit them here. Note that everything is default except for a couple of choices. One important choice is whether you want to install via a VGA console or Serial console.

    Here I have SSH enabled for access to the command line menu. Note that if you make changes to your LAN/WAN stuff here you will most likely lock yourself out of your PFSense box Web GUI.

    For some more testing here will enable serial access to this menu via a serial port (#2) on my PFSense box. This terminal will be connected to the Homeseer Pro box running Ubuntu such that will configure a drop down menu in the Main Homeseer GUI for terminal access to the PFSense box. This will create a total headless environment for running PFSense.

    New 4 port micro routers also have a serial port. You can install PFSense headless via the serial port connecting a serial cable to a terminal session on a laptop if you want. I am currently utilizing the serial port on my PFSense box for an NTP server documented below.

    Note here I have 4 NAS boxes here and 3 are headless and utilize the serial port. One is a Windows server embedded 1U four drive NAS box running windows embedded headless. This one was installed and configured via a serial port.

    The default PFSense configuration needs no tweaks and will function as a firewall by default.

    1 - ISP Modem ==> PFSense WAN port ==> PFSense LAN port

    Note here I labeled my ports for use (currently have 6). When configuring the WAN port for DHCP (very common) unless you are utilizing a static internet IP address. DNS by default is provided by your ISP provider. Over the years here have disabled the use of the ISP provider DNS.

    Why?

    Read this: DNS spoofing

    A few folks on the forum utilize Satellite for their internet. I know of two services (there are probably more). These are HughsNet and Excede.

    Relative to Excede ISP service...they provide a guaranteed download / upload rate by using their servers. That said you can only utilize their DNS servers (port 53) for their service. They block the use of common DNS servers (port 53). With this unique DNS methodology you cannot enable two of the PFSense features of: DNS Forwarder and DNS Resolver. Note that the default installation of PFSense enables DNS Resolver. YOU MUST DISABLE THIS to utilize PFSense with Excede Satellite services. I am not sure on the configuration of HughsNet.

    A thank you to Logbuilder (Robert) for providing / testing PFSense with the Excede Satellite Provider.

    Testing for ISP only DNS spoofing (I guess this can be called this). ALL ISP's today mostly utilize their DNS servers by default. It is preferred here not to do this.

    The following stuff came from the Excede Forum post ==>Has anyone found a way around the Exede DNS hijacking?

    Test by using a google DNS server

    nslookup upload.facebook.com 8.8.8.8
    Server: 8.8.8.8
    Address: 8.8.8.8#53


    ** server can't find upload.facebook.com: NXDOMAIN

    nslookup upload.facebook.com 8.8.8.8
    Server: 8.8.8.8
    Address: 8.8.8.8#53

    Non-authoritative answer:
    upload.facebook.com canonical name = star.c10r.facebook.com.
    Name: star.c10r.facebook.com
    Address: 31.13.77.6



    I can't query Exede DNS externally - because that's blocked.

    # nslookup upload.facebook.com 99.196.99.99
    ;; connection timed out; no servers could be reached

    One fix is:

    OpenDNS and use the alternate port number 5353. It should look like this:

    forwarders {
    208.67.222.222 port 5353;
    208.67.222.220 port 5353;
    }


    Now everything resolves for me.

    Another option is DNSCrypt. I've successfully used it to get around temporary problems with Exede's DNS resolver. Just keep in mind that using a different DNS resolver also disables the Exede accelerator.

    I see the same issues with DNS intercepts on port 53. Great idea to use the OpenDNS servers with alternate ports, of course all Exede has to do is intercept those as well...... Additionally you will actually get better performance using a caching server even with using different DNS servers as your server will keep those records on hand providing a response without having to go query the net once they have been looked up the first time.

    I use the Open DNS servers and run PFSense with Caching, Squidguard, PFBlockerNG, Snort, and a variety of other tweaks and tools and have noticed a LOT of traffic hitting my system that I wouldn't normally have thought would have been doing so.

    Thanks for the tip!


    Note that PFSense also serves as a WAN optimizer / accelerator. And with AES-NI serves as a cryptographic accelerator.

    For those wanting to test the use of PFSense inside of your network I would recommend the following settings for PFSense. Note that these settings are only for testing purposes and to get familiar with the PFSense GUI. I recommend this if you have never utilized PFSense before.

    I used Smoothwall here for many years and before switching over to PFSense I tested it to get familiar with the GUI and not affect my then current network devices.

    1 - start with command line menu.
    a - leave the WAN port to default DHCP. Configure existing firewall such that DHCP address from PFSense WAN port is in a DMZ.
    b - configure the LAN port with a small subnet or same subnet and shut off DHCP on the LAN port. Note it is your preference on IPs of you subnet.
    An example would be the following. (here utilize Online IP Subnet calculator)
    Note here for testing purposed you can make the subnet very small. Typically you may only want to access PFSense from one computer.

    IP of PFSense box is: 192.168.1.2
    Subnet mask here is: 255.255.255.0
    Bit mask: /24
    Hosts per subnet here is: 254
    Host addresses are: 192.168.1.1 - 192.168.1.254
    Subnet ID: 192.168.1.0
    Broadcast address is: 192.168.1.0

    PFSense DHCP on LAN is set to disabled.

    Typically this has worked for me OK. Now to NAT reflection (which is sometimes by default enabled or not on a variety of SOHO routers).

    NAT reflection is sometimes referred to as NAT Loopback, NAT hairpinning.

    NAT definition (read the rest of the wiki)

    Network address translation (NAT) is a method of remapping one IP address space into another by modifying network address information in Internet Protocol (IP) datagram packet headers while they are in transit across a traffic routing device. The technique was originally used for ease of rerouting traffic in IP networks without readdressing every host. In more advanced NAT implementations featuring IP masquerading, it has become a popular and essential tool in conserving global address space allocations in face of IPv4 address exhaustion by sharing one Internet-routable IP address of a NAT gateway for an entire private network.

    NAT loopback

    NAT loopback, also known as NAT hairpinning or NAT reflection, is a feature in many consumer routers which permits the access of a service via the public IP address from inside the local network. This eliminates the need for using separate domain name resolution for hosts inside the network than for the public network for a website.

    The following describes an example network:

    Public address: 203.0.113.1. This is the address of the WAN interface on the router.
    Internal address of router: 192.168.1.1
    Address of the server: 192.168.1.2
    Address of a local computer: 192.168.1.100

    If a packet is sent to the public address by a computer at 192.168.1.100, the packet would normally be routed to the default gateway (the router), unless an explicit route is set in the computer's routing tables. A router with the NAT loopback feature detects that 203.0.113.1 is the address of its WAN interface, and treats the packet as if coming from that interface. It determines the destination for that packet, based on DNAT (port forwarding) rules for the destination. If the data were sent to port 80 and a DNAT rule exists for port 80 directed to 192.168.1.2, then the host at that address receives the packet.

    If no applicable DNAT rule is available, the router drops the packet. An ICMP Destination Unreachable reply may be sent. If any DNAT rules were present, address translation is still in effect; the router still rewrites the source IP address in the packet. The local computer (192.168.1.100) sends the packet as coming from 192.168.1.100, but the server (192.168.1.2) receives it as coming from 203.0.113.1. When the server replies, the process is identical as for an external sender. Thus, two-way communication is possible between hosts inside the LAN network via the public IP address.

    PFSense NAT loopback by default is disabled.

    You have the option of turning it on or off with PFSense.

    Go to PFSense / system / advanced / Firewall and NAT to enable it.
    The setting is towards the bottom of the page and by default disabled. Just enable it there.

    Click image for larger version

Name:	image_63187.jpg
Views:	1590
Size:	60.3 KB
ID:	1211388
    Last edited by Pete; June 2, 2019, 04:08 PM.
    - Pete

    Auto mator
    Homeseer 3 Pro - 3.0.0.548 (Linux) - Ubuntu 18.04/W7e 64 bit Intel Haswell CPU 16Gb
    Homeseer Zee2 (Lite) - 3.0.0.548 (Linux) - Ubuntu 18.04/W7e - CherryTrail x5-Z8350 BeeLink 4Gb BT3 Pro
    HS4 Lite - Ubuntu 22.04 / Lenovo Tiny M900 / 32Gb Ram

    HS4 Pro - V4.1.18.1 - Ubuntu 22.04 / Lenova Tiny M900 / 32Gb Ram
    HSTouch on Intel tabletop tablets (Jogglers) - Asus AIO - Windows 11

    X10, UPB, Zigbee, ZWave and Wifi MQTT automation-Tasmota-Espurna. OmniPro 2, Russound zoned audio, Alexa, Cheaper RFID, W800 and Home Assistant

    #2
    Click image for larger version

Name:	image_62550.jpg
Views:	1703
Size:	32.7 KB
ID:	1191751

    Modifying this piece and dividing it up a bit.

    Here have used an NTP server since the 1990's. Very first NTP server used a Trimble GPS (surplus from a Tank).
    Today NTP can be spoofed which is a bad thing.

    Network Time Protocol (NTP): Threats and Countermeasures

    This is purely optional and involves the addition of modified hardware and soldering skills.

    You are making an NTP server with PPS. The PPS (pulse per second) part configures near perfect time sync from multiple GPS satellites.

    While a GPS receiver can send a complete timestamp upstream (via NMEA etc), the amount of time it'd take for the timestamp to make it way over to the host would render the timestamp inaccurate. A 1PPS signal is the GPS receiver equivalent of "at the tone the time will be twelve thirty three and 35 seconds ... [beep]". The assumption here is that the host's clock can stay accurate for 1 sec, and every second it gets a correction via the 1PPS.

    If not using PPS then your time will be similar to that of an NTP server on the internet.

    The purpose of the patches is to provide a true RS-232 level PPS signal on pin 1 (DCD line) of the connector.* Whilst the PPS signal on test point TP9 could be used, it is at CMOS level and not RS-232 level, and may not be recognised correctly by the RS-232 receiver chip in your PC.* You can try it if you like, of course.* I have provided a Serial Port LEDs program to show the status of the RS-232 control lines.* Fortunately, there is an unused CMOS-to-RS-232 level converter gate available in U6, with its input on pin 11 and its output on pin 14.* However, as this is an inverting gate, and we want a positive going PPS signal, it should be driven with a negative going PPS signal.* That available at TP9 is positive going, however it is also used to drive the ridiculously bright blue LED through a CMOS inverter gate in U5, so by taking the output from that inverter on pin 8 of U5 we have the required negative-going PPS signal to drive U6.

    Historically purchased the first portable GPS when they were first available and a bit of a tinker toy. Later in the late 1990's build a GPS NTP server using an exteriorly mounted GPS antenna, a made for a tank sealed GPS and a PC for time sync. Over the years used smaller GPSs and moved the antenna to the attic. OS for GPS went from Windows to Linux to BSD (with PFSense). The antenna now is near a basement window, sees up to 12 GPS satellites and syncs on 7-8 satellites. First Pfsense installations used my GPS. Over time the Guru's at PFSense added multiple hardware interfaces for NTP / GPS.

    Wrote about this with PFSense on Cocoontech in 2013 here: ===> From: Anyone using PFSense as a firewall?

    Hardware for NTP server with GPS-PPS - Note I am in to time here and have used a GPS for NTP since the early 2000's.

    1 - Sure GPS evaluation board - Built in bluetooth, usb and serial connection
    Available on Ebay with antenna for less than $50.00
    2 - Serial port on PFSense firewall - SERIAL only not USB port for this feature.
    3 - USB to Power cable - 5VDC power supply
    4 - Standard RS-232 serial cable - from Sure GPS board to PFSense box

    Click image for larger version

Name:	image_62551.jpg
Views:	1614
Size:	84.9 KB
ID:	1191752

    PPS patch wiring - note utilize thin wire - solder connections.

    There are two patch wires shown here. The first, which is purely on the top side of the board, is from U5, pin 8, carrying the negative-going PPS signal to U6 pin 11. The second goes from pin 14 of U6, through an existing hole in the the board (no connection), to pin 1 of the RS-232 connector.

    Original GPS/PPS was located in the attic and I used a long cat5e cable / RS-232 baluns to connect to the PFSense box in the basement. New configuration has the Sure GPS located in the Leviton media can with the GPS antenna located near a basement window (covered well).

    PFSense connection and testing.

    1 - connect the antenna, power and serial cable to your PFSense box.
    2 - there is a bluetooth module on the Sure GPS board. When synced to satellites the blue light blinks.



    3 - testing GPS / NTP connection before configuration with PFSense.
    It is sort of plug n play with BSD. The device is automagically created. So via SSH you can see it function.

    cat gps0
    $GPGGA,....
    $GPGLL,.....
    $GPRMC,....
    $GPZDA,....
    $GPGGA,...
    $GPGLL,....
    $GPRMC,....
    $GPZDA,....

    ntpq -c clockvar * This is to confirm that you are connected and see the GPSs

    associd=0 status=00f2 15 events, clk_bad_format,
    device="NMEA GPS Clock",
    timecode="$GPGGA,......",
    poll=20930, noreply=0, badformat=130, baddata=0, fudgetime2=407.000,
    stratum=0, refid=GPS, flags=5

    4 - PFSense NTP/GPS-PPS configuration. Note there are many options - easiest to just configure as you see in the attached pictures.

    A quick video relating to configuring the NTP Server (default with no GPS). For default PFSense NTP Basically configure first tab to defaults, save and exit.

    Comprehensive Guide to pfSense 2.3 Part 5.4: NTP Server



    Note that if you have one legacy serial port it will be usually serial port 1. You can set this in the bios also.
    Choose SureGPS and defaults and save. Note the the group buy mentioned device will have one legacy serial port.
    The new 4 port nITX boards have a 5th RJ45 jack called console. This can be used as a serial port or console connection to the PFSense box.

    Click image for larger version

Name:	image_62560.jpg
Views:	1614
Size:	68.0 KB
ID:	1191759
    Last edited by Pete; June 2, 2019, 04:09 PM.
    - Pete

    Auto mator
    Homeseer 3 Pro - 3.0.0.548 (Linux) - Ubuntu 18.04/W7e 64 bit Intel Haswell CPU 16Gb
    Homeseer Zee2 (Lite) - 3.0.0.548 (Linux) - Ubuntu 18.04/W7e - CherryTrail x5-Z8350 BeeLink 4Gb BT3 Pro
    HS4 Lite - Ubuntu 22.04 / Lenovo Tiny M900 / 32Gb Ram

    HS4 Pro - V4.1.18.1 - Ubuntu 22.04 / Lenova Tiny M900 / 32Gb Ram
    HSTouch on Intel tabletop tablets (Jogglers) - Asus AIO - Windows 11

    X10, UPB, Zigbee, ZWave and Wifi MQTT automation-Tasmota-Espurna. OmniPro 2, Russound zoned audio, Alexa, Cheaper RFID, W800 and Home Assistant

    Comment


      #3
      Click image for larger version

Name:	image_62549.jpg
Views:	1582
Size:	83.8 KB
ID:	1191750

      Modifying this piece and dividing it up a bit.

      1 - Installation of PFSense PFBlocker

      PFSense 2.3.x Firewall - PfBlocker NG - Next Generation



      2 - Step by step installation

      A - Install the PFBlocker plugin



      3 - Creating a white list for blocked / managed Homeseer plugins.

      Here I have three sites being blocked by the main geoblocking pieces of PFBlocker NG. I had done this a while ago and it was working well. Recently reset my settings and had forgotten one piece of this configuration. Basically you set up your white list then make sure that the default configuration of PFBlocker puts you white list at the top of the firewall rules. Note that this is configured only as an outbound rule and will automagically create an alias in your firewall rules.

      A - creating white list for outbound rules. Note you will see that you need this when updating Homeseer plugins and seeing the three web sites being blocked. This set of rules is relating to August 2017 timeframe.
      1. Go to Firewall / pfBlockerNG / IPv4 / add
      2. Alias Name: Homeseer
      3. All defaults except for list action which is permit outbound
      4. Very bottom you do a copy and paste of the IP's or DNS entries of the Homeseer blocked domains. (IP4 Custom List).

        My Homeseer updating whitelist of DNS names is the following.
      • websitehome.co.uk
      • homeseer.du-pre.com
      • dubdubdub.domogeek.ca
      • bbmessenger.hobby-site.com


      * Note I updated the list September, 2017

      B - make sure that your white list is always on the top of your PFBlocker auto generated rules.

      Go to Firewall / pfBlockerNG / General / Rule order setting to:

      PFSense Pass/Match | pfB_Pass/Match | pfB_Block/Reject | PFSense Block/Reject.

      Note this is important. If you leave it at default then your white list will automagically be on the bottom of the firewall rules test.

      C - Test it with HomeSeer. You should not see any errors downloading the updates.
      Last edited by Pete; June 1, 2019, 06:44 PM.
      - Pete

      Auto mator
      Homeseer 3 Pro - 3.0.0.548 (Linux) - Ubuntu 18.04/W7e 64 bit Intel Haswell CPU 16Gb
      Homeseer Zee2 (Lite) - 3.0.0.548 (Linux) - Ubuntu 18.04/W7e - CherryTrail x5-Z8350 BeeLink 4Gb BT3 Pro
      HS4 Lite - Ubuntu 22.04 / Lenovo Tiny M900 / 32Gb Ram

      HS4 Pro - V4.1.18.1 - Ubuntu 22.04 / Lenova Tiny M900 / 32Gb Ram
      HSTouch on Intel tabletop tablets (Jogglers) - Asus AIO - Windows 11

      X10, UPB, Zigbee, ZWave and Wifi MQTT automation-Tasmota-Espurna. OmniPro 2, Russound zoned audio, Alexa, Cheaper RFID, W800 and Home Assistant

      Comment


        #4
        Click image for larger version

Name:	image_63248.jpg
Views:	1502
Size:	29.2 KB
ID:	1192232

        PFSense offers IPSec, L2TP and OpenVPN.

        Personally have only used PFSense IPSec VPN here.

        The L2TP (Layer 2 Tunneling Protocol) VPN protocol allows L2TP-only clients to connect remotely. It works much like the PPTP server, in that it tunnels Layer 2 Traffic.
        Note that by itself, L2TP is not a secure protocol; it only provides tunneling, but not any encryption.

        A quickie overview on VPN in general (from Wiki).

        Virtual private network

        Click image for larger version

Name:	image_63250.jpg
Views:	1454
Size:	62.7 KB
ID:	1192233



        A virtual private network (VPN) extends a private network across a public network, and enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network. Applications running across the VPN may therefore benefit from the functionality, security, and management of the private network.

        VPNs may allow employees to securely access a corporate intranet while located outside the office. They are used to securely connect geographically separated offices of an organization, creating one cohesive network. Individual Internet users may secure their wireless transactions with a VPN, to circumvent geo-restrictions and censorship, or to connect to proxy servers for the purpose of protecting personal identity and location. However, some Internet sites block access to known VPN technology to prevent the circumvention of their geo-restrictions.

        A VPN is created by establishing a virtual point-to-point connection through the use of dedicated connections, virtual tunneling protocols, or traffic encryption. A VPN available from the public Internet can provide some of the benefits of a wide area network (WAN). From a user perspective, the resources available within the private network can be accessed remotely.

        Traditional VPNs are characterized by a point-to-point topology, and they do not tend to support or connect broadcast domains, so services such as Microsoft Windows NetBIOS may not be fully supported or work as they would on a local area network (LAN). Designers have developed VPN variants, such as Virtual Private LAN Service (VPLS), and layer-2 tunneling protocols, to overcome this limitation.

        Some VPNs have been banned in China and Russia.
        Last edited by Pete; June 2, 2019, 04:10 PM.
        - Pete

        Auto mator
        Homeseer 3 Pro - 3.0.0.548 (Linux) - Ubuntu 18.04/W7e 64 bit Intel Haswell CPU 16Gb
        Homeseer Zee2 (Lite) - 3.0.0.548 (Linux) - Ubuntu 18.04/W7e - CherryTrail x5-Z8350 BeeLink 4Gb BT3 Pro
        HS4 Lite - Ubuntu 22.04 / Lenovo Tiny M900 / 32Gb Ram

        HS4 Pro - V4.1.18.1 - Ubuntu 22.04 / Lenova Tiny M900 / 32Gb Ram
        HSTouch on Intel tabletop tablets (Jogglers) - Asus AIO - Windows 11

        X10, UPB, Zigbee, ZWave and Wifi MQTT automation-Tasmota-Espurna. OmniPro 2, Russound zoned audio, Alexa, Cheaper RFID, W800 and Home Assistant

        Comment


          #5
          PFSense dual WAN - load balancing or failover

          Click image for larger version  Name:	image_68553.jpg Views:	74 Size:	34.3 KB ID:	1196617

          pfSense Dual Wan Failover setup guide for redundant WAN connections



          1 - Hardware for fail over WAN

          Adding the dual wan pieces here...the way I do it today. The supposition here is that you have a free network port on your PFSense box.

          Currently utilize a secondary WAN via a combo Ericsson modem.

          Its been a few years now and initially tested a product called the Nexus Hawk

          It is made as an automotive style emergency combo dual SIM / GPS mobile modem with a wireless AP and built in switch and firewall. It does not have RJ-11 ports for analog telephone connectivity. It is no longer manufactured and did a bulk purchase of these for around $30 each.

          Next purchased an unlocked ZTE combo wireless only portable AP (years ago). Worked fine but with only in wireless / mobile AP mode. The USB port on it is disabled for direct connectivity to a computer such that it would not help me for my PFSense fail over

          Next went searching for a combination multiple function modem. Today there are many available 3G and 4G unlocked. The issue here though is that most domestic cellular providers will not let you utilize an LTE combo device. (thinking in Canada rules are different). So I settled here on a 3 G Modem. Note the download / upload speeds are much slower but functional none the less. I purchased a Ericsson 3G W.25 modem for around $30 from Australia. I did upgrade and edit the firmware for use domestically.

          Click image for larger version  Name:	image_68568.jpg Views:	54 Size:	36.4 KB ID:	1196624

          Note at the time only Comcast and a Wireless ISP was available. Then later AT&T came but was using the same coaxial cable as CC. Now noticed that A&TT is available locally using the old telephone copper (never updated though to fiber in the area).

          W25 Combo ==> Phone and FAX line, Ethernet Switch, Firewall, WAP.

          Recently added a cellular repeater for LTE and 3G and it is working fine these days.

          I utilize the phone line as a backup and ethernet switch to WAN as secondary WAN to the PFSense Firewall.

          This is a double NAT thing as I cannot bridge the LAN port to the WAN port so I have the LAN port open or DMZ like.

          2 - Hardware / PFSense WAN 2 configuration

          Here is current status of WAN links and Modem signal. For failover internet and telephone it works fine.

          Click image for larger version  Name:	image_68569.jpg Views:	54 Size:	90.4 KB ID:	1196625

          Modem network configuration:

          DHCP configured and enabled.
          Gateway: 192.168.250.249
          Subnet mask: 255.255.255.248 or /29
          DNS - defaults

          Hosts address range: 192.168.250.249 - 192.168.250.254

          There is only NAT and port forwarding available for Internet use. I have no port forwards enabled.

          1 - PFSense adding a second gateway.

          Add an interface. Here called it WAN2

          Click image for larger version

Name:	image_68616.jpg
Views:	1444
Size:	27.5 KB
ID:	1196657
          Last edited by Pete; June 2, 2019, 04:14 PM.
          - Pete

          Auto mator
          Homeseer 3 Pro - 3.0.0.548 (Linux) - Ubuntu 18.04/W7e 64 bit Intel Haswell CPU 16Gb
          Homeseer Zee2 (Lite) - 3.0.0.548 (Linux) - Ubuntu 18.04/W7e - CherryTrail x5-Z8350 BeeLink 4Gb BT3 Pro
          HS4 Lite - Ubuntu 22.04 / Lenovo Tiny M900 / 32Gb Ram

          HS4 Pro - V4.1.18.1 - Ubuntu 22.04 / Lenova Tiny M900 / 32Gb Ram
          HSTouch on Intel tabletop tablets (Jogglers) - Asus AIO - Windows 11

          X10, UPB, Zigbee, ZWave and Wifi MQTT automation-Tasmota-Espurna. OmniPro 2, Russound zoned audio, Alexa, Cheaper RFID, W800 and Home Assistant

          Comment


            #6
            Saved-5
            - Pete

            Auto mator
            Homeseer 3 Pro - 3.0.0.548 (Linux) - Ubuntu 18.04/W7e 64 bit Intel Haswell CPU 16Gb
            Homeseer Zee2 (Lite) - 3.0.0.548 (Linux) - Ubuntu 18.04/W7e - CherryTrail x5-Z8350 BeeLink 4Gb BT3 Pro
            HS4 Lite - Ubuntu 22.04 / Lenovo Tiny M900 / 32Gb Ram

            HS4 Pro - V4.1.18.1 - Ubuntu 22.04 / Lenova Tiny M900 / 32Gb Ram
            HSTouch on Intel tabletop tablets (Jogglers) - Asus AIO - Windows 11

            X10, UPB, Zigbee, ZWave and Wifi MQTT automation-Tasmota-Espurna. OmniPro 2, Russound zoned audio, Alexa, Cheaper RFID, W800 and Home Assistant

            Comment


              #7
              Saved-6
              - Pete

              Auto mator
              Homeseer 3 Pro - 3.0.0.548 (Linux) - Ubuntu 18.04/W7e 64 bit Intel Haswell CPU 16Gb
              Homeseer Zee2 (Lite) - 3.0.0.548 (Linux) - Ubuntu 18.04/W7e - CherryTrail x5-Z8350 BeeLink 4Gb BT3 Pro
              HS4 Lite - Ubuntu 22.04 / Lenovo Tiny M900 / 32Gb Ram

              HS4 Pro - V4.1.18.1 - Ubuntu 22.04 / Lenova Tiny M900 / 32Gb Ram
              HSTouch on Intel tabletop tablets (Jogglers) - Asus AIO - Windows 11

              X10, UPB, Zigbee, ZWave and Wifi MQTT automation-Tasmota-Espurna. OmniPro 2, Russound zoned audio, Alexa, Cheaper RFID, W800 and Home Assistant

              Comment


                #8
                Saved-7
                - Pete

                Auto mator
                Homeseer 3 Pro - 3.0.0.548 (Linux) - Ubuntu 18.04/W7e 64 bit Intel Haswell CPU 16Gb
                Homeseer Zee2 (Lite) - 3.0.0.548 (Linux) - Ubuntu 18.04/W7e - CherryTrail x5-Z8350 BeeLink 4Gb BT3 Pro
                HS4 Lite - Ubuntu 22.04 / Lenovo Tiny M900 / 32Gb Ram

                HS4 Pro - V4.1.18.1 - Ubuntu 22.04 / Lenova Tiny M900 / 32Gb Ram
                HSTouch on Intel tabletop tablets (Jogglers) - Asus AIO - Windows 11

                X10, UPB, Zigbee, ZWave and Wifi MQTT automation-Tasmota-Espurna. OmniPro 2, Russound zoned audio, Alexa, Cheaper RFID, W800 and Home Assistant

                Comment


                  #9
                  Saved-8
                  - Pete

                  Auto mator
                  Homeseer 3 Pro - 3.0.0.548 (Linux) - Ubuntu 18.04/W7e 64 bit Intel Haswell CPU 16Gb
                  Homeseer Zee2 (Lite) - 3.0.0.548 (Linux) - Ubuntu 18.04/W7e - CherryTrail x5-Z8350 BeeLink 4Gb BT3 Pro
                  HS4 Lite - Ubuntu 22.04 / Lenovo Tiny M900 / 32Gb Ram

                  HS4 Pro - V4.1.18.1 - Ubuntu 22.04 / Lenova Tiny M900 / 32Gb Ram
                  HSTouch on Intel tabletop tablets (Jogglers) - Asus AIO - Windows 11

                  X10, UPB, Zigbee, ZWave and Wifi MQTT automation-Tasmota-Espurna. OmniPro 2, Russound zoned audio, Alexa, Cheaper RFID, W800 and Home Assistant

                  Comment


                    #10
                    Saved-9
                    - Pete

                    Auto mator
                    Homeseer 3 Pro - 3.0.0.548 (Linux) - Ubuntu 18.04/W7e 64 bit Intel Haswell CPU 16Gb
                    Homeseer Zee2 (Lite) - 3.0.0.548 (Linux) - Ubuntu 18.04/W7e - CherryTrail x5-Z8350 BeeLink 4Gb BT3 Pro
                    HS4 Lite - Ubuntu 22.04 / Lenovo Tiny M900 / 32Gb Ram

                    HS4 Pro - V4.1.18.1 - Ubuntu 22.04 / Lenova Tiny M900 / 32Gb Ram
                    HSTouch on Intel tabletop tablets (Jogglers) - Asus AIO - Windows 11

                    X10, UPB, Zigbee, ZWave and Wifi MQTT automation-Tasmota-Espurna. OmniPro 2, Russound zoned audio, Alexa, Cheaper RFID, W800 and Home Assistant

                    Comment


                      #11
                      Saved-10
                      - Pete

                      Auto mator
                      Homeseer 3 Pro - 3.0.0.548 (Linux) - Ubuntu 18.04/W7e 64 bit Intel Haswell CPU 16Gb
                      Homeseer Zee2 (Lite) - 3.0.0.548 (Linux) - Ubuntu 18.04/W7e - CherryTrail x5-Z8350 BeeLink 4Gb BT3 Pro
                      HS4 Lite - Ubuntu 22.04 / Lenovo Tiny M900 / 32Gb Ram

                      HS4 Pro - V4.1.18.1 - Ubuntu 22.04 / Lenova Tiny M900 / 32Gb Ram
                      HSTouch on Intel tabletop tablets (Jogglers) - Asus AIO - Windows 11

                      X10, UPB, Zigbee, ZWave and Wifi MQTT automation-Tasmota-Espurna. OmniPro 2, Russound zoned audio, Alexa, Cheaper RFID, W800 and Home Assistant

                      Comment


                        #12
                        29th of July 2017 Update

                        OP - will deal with a basic default installation of PFSense step by step. Note by default here means you will get primary functions of PFSense using one WAN and one LAN interface.

                        Will divide subtopics to addition of hardware and plugins.
                        - Pete

                        Auto mator
                        Homeseer 3 Pro - 3.0.0.548 (Linux) - Ubuntu 18.04/W7e 64 bit Intel Haswell CPU 16Gb
                        Homeseer Zee2 (Lite) - 3.0.0.548 (Linux) - Ubuntu 18.04/W7e - CherryTrail x5-Z8350 BeeLink 4Gb BT3 Pro
                        HS4 Lite - Ubuntu 22.04 / Lenovo Tiny M900 / 32Gb Ram

                        HS4 Pro - V4.1.18.1 - Ubuntu 22.04 / Lenova Tiny M900 / 32Gb Ram
                        HSTouch on Intel tabletop tablets (Jogglers) - Asus AIO - Windows 11

                        X10, UPB, Zigbee, ZWave and Wifi MQTT automation-Tasmota-Espurna. OmniPro 2, Russound zoned audio, Alexa, Cheaper RFID, W800 and Home Assistant

                        Comment


                          #13
                          4th of September 2017 Update

                          OP updated for a test PFSense configuration internal to a network and ISP Excede Satellite transport configuration for PFSense.
                          - Pete

                          Auto mator
                          Homeseer 3 Pro - 3.0.0.548 (Linux) - Ubuntu 18.04/W7e 64 bit Intel Haswell CPU 16Gb
                          Homeseer Zee2 (Lite) - 3.0.0.548 (Linux) - Ubuntu 18.04/W7e - CherryTrail x5-Z8350 BeeLink 4Gb BT3 Pro
                          HS4 Lite - Ubuntu 22.04 / Lenovo Tiny M900 / 32Gb Ram

                          HS4 Pro - V4.1.18.1 - Ubuntu 22.04 / Lenova Tiny M900 / 32Gb Ram
                          HSTouch on Intel tabletop tablets (Jogglers) - Asus AIO - Windows 11

                          X10, UPB, Zigbee, ZWave and Wifi MQTT automation-Tasmota-Espurna. OmniPro 2, Russound zoned audio, Alexa, Cheaper RFID, W800 and Home Assistant

                          Comment


                            #14
                            Update 2nd of April, 2018 - BSD Nano Install

                            2nd of April, 2018

                            Current version of PFSense is

                            2.4.3-RELEASE (amd64)
                            built on Mon Mar 26 18:02:04 CDT 2018
                            FreeBSD 11.1-RELEASE-p7

                            Installed BSD Nano today.

                            I do not utilize Vi much these days and always utilize Nano on my Linux boxes.

                            Very easy to install and it is included in the PFSense Repositories but not in the GUI Package manager.


                            1 - SSH to you PFSense box


                            2 - At the menu type

                            8 (shell)


                            3 - in the terminal window type:

                            <code class="bbc_code">pkg update

                            4 - in the terminal windows type:
                            </code><code class="bbc_code">pkg install nano


                            </code><code class="bbc_code"></code></pre>
                            - Pete

                            Auto mator
                            Homeseer 3 Pro - 3.0.0.548 (Linux) - Ubuntu 18.04/W7e 64 bit Intel Haswell CPU 16Gb
                            Homeseer Zee2 (Lite) - 3.0.0.548 (Linux) - Ubuntu 18.04/W7e - CherryTrail x5-Z8350 BeeLink 4Gb BT3 Pro
                            HS4 Lite - Ubuntu 22.04 / Lenovo Tiny M900 / 32Gb Ram

                            HS4 Pro - V4.1.18.1 - Ubuntu 22.04 / Lenova Tiny M900 / 32Gb Ram
                            HSTouch on Intel tabletop tablets (Jogglers) - Asus AIO - Windows 11

                            X10, UPB, Zigbee, ZWave and Wifi MQTT automation-Tasmota-Espurna. OmniPro 2, Russound zoned audio, Alexa, Cheaper RFID, W800 and Home Assistant

                            Comment


                              #15
                              3rd of May, 2018

                              Updating post #5 PFSense dual WAN - load balancing or failover.
                              - Pete

                              Auto mator
                              Homeseer 3 Pro - 3.0.0.548 (Linux) - Ubuntu 18.04/W7e 64 bit Intel Haswell CPU 16Gb
                              Homeseer Zee2 (Lite) - 3.0.0.548 (Linux) - Ubuntu 18.04/W7e - CherryTrail x5-Z8350 BeeLink 4Gb BT3 Pro
                              HS4 Lite - Ubuntu 22.04 / Lenovo Tiny M900 / 32Gb Ram

                              HS4 Pro - V4.1.18.1 - Ubuntu 22.04 / Lenova Tiny M900 / 32Gb Ram
                              HSTouch on Intel tabletop tablets (Jogglers) - Asus AIO - Windows 11

                              X10, UPB, Zigbee, ZWave and Wifi MQTT automation-Tasmota-Espurna. OmniPro 2, Russound zoned audio, Alexa, Cheaper RFID, W800 and Home Assistant

                              Comment

                              Working...
                              X