Announcement

Collapse
No announcement yet.

How to configure a PFSense Firewall

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    #16
    can homeseer control pfsense. for example if I wanted to issue a voice command to restart the appliance?

    Comment


      #17
      Yes.

      You can with PHP, Python, ssh in Windows or Linux......list goes on an on.
      - Pete

      Auto mator
      Homeseer 3 Pro - 3.0.0.548 (Linux) - Ubuntu 18.04/W7e 64 bit Intel Haswell CPU 16Gb
      Homeseer Zee2 (Lite) - 3.0.0.548 (Linux) - Ubuntu 18.04/W7e - CherryTrail x5-Z8350 BeeLink 4Gb BT3 Pro
      HS4 Lite - Ubuntu 22.04 / Lenovo Tiny M900 / 32Gb Ram

      HS4 Pro - V4.1.18.1 - Ubuntu 22.04 / Lenova Tiny M900 / 32Gb Ram
      HSTouch on Intel tabletop tablets (Jogglers) - Asus AIO - Windows 11

      X10, UPB, Zigbee, ZWave and Wifi MQTT automation-Tasmota-Espurna. OmniPro 2, Russound zoned audio, Alexa, Cheaper RFID, W800 and Home Assistant

      Comment


        #18
        Originally posted by Pete View Post
        Yes.

        You can with PHP, Python, ssh in Windows or Linux......list goes on an on.
        okay. so how could I do it via ssh? what plugin would I use?

        Comment


          #19
          You would just utilize the PFSense command line. No plugins needed. Just one liner events.
          - Pete

          Auto mator
          Homeseer 3 Pro - 3.0.0.548 (Linux) - Ubuntu 18.04/W7e 64 bit Intel Haswell CPU 16Gb
          Homeseer Zee2 (Lite) - 3.0.0.548 (Linux) - Ubuntu 18.04/W7e - CherryTrail x5-Z8350 BeeLink 4Gb BT3 Pro
          HS4 Lite - Ubuntu 22.04 / Lenovo Tiny M900 / 32Gb Ram

          HS4 Pro - V4.1.18.1 - Ubuntu 22.04 / Lenova Tiny M900 / 32Gb Ram
          HSTouch on Intel tabletop tablets (Jogglers) - Asus AIO - Windows 11

          X10, UPB, Zigbee, ZWave and Wifi MQTT automation-Tasmota-Espurna. OmniPro 2, Russound zoned audio, Alexa, Cheaper RFID, W800 and Home Assistant

          Comment


            #20
            Originally posted by Pete View Post
            You would just utilize the PFSense command line. No plugins needed. Just one liner events.
            so how do I setup an event in homeseer to open an ssh session with login to my pfsense box?

            Comment


              #21
              @Matthew,

              PFSense is very tight on purpose and really not made to remote control from another device.

              You can circumvent the security on it to remote control it say with Homeseer.

              I would not recommend this.

              Personally I use Linux for my HomeSeer box here. Historically I have used scripts to SSH to my RPi to run stuff there or to move files et al. It was a kludge doing this and I used an exchange of the encryption keys between Homeseer and the RPi. That said google the command lines used for development on PFSense for a list of what you can do via command line. (just about anything).

              The other way mentioned was to use php. The PFSense box is running on BSD and uses php. You would have to write a script that logs in to your PFSense box from Homeseer then have the script execute php commands directly on the PFSense box.

              I have not attempted this. You can give it a try logging in to your PFSense box from the Homeseer box and doing a source look up of the page you are accessing to see the specific php command you are executing.

              can homeseer control pfsense. for example if I wanted to issue a voice command to restart the appliance?

              Yes but you will be circumventing PFSense punching a hole in to it for remote management which I would not recommend.
              - Pete

              Auto mator
              Homeseer 3 Pro - 3.0.0.548 (Linux) - Ubuntu 18.04/W7e 64 bit Intel Haswell CPU 16Gb
              Homeseer Zee2 (Lite) - 3.0.0.548 (Linux) - Ubuntu 18.04/W7e - CherryTrail x5-Z8350 BeeLink 4Gb BT3 Pro
              HS4 Lite - Ubuntu 22.04 / Lenovo Tiny M900 / 32Gb Ram

              HS4 Pro - V4.1.18.1 - Ubuntu 22.04 / Lenova Tiny M900 / 32Gb Ram
              HSTouch on Intel tabletop tablets (Jogglers) - Asus AIO - Windows 11

              X10, UPB, Zigbee, ZWave and Wifi MQTT automation-Tasmota-Espurna. OmniPro 2, Russound zoned audio, Alexa, Cheaper RFID, W800 and Home Assistant

              Comment


                #22
                Originally posted by Pete View Post
                @Matthew,

                PFSense is very tight on purpose and really not made to remote control from another device.

                You can circumvent the security on it to remote control it say with Homeseer.

                I would not recommend this.

                Personally I use Linux for my HomeSeer box here. Historically I have used scripts to SSH to my RPi to run stuff there or to move files et al. It was a kludge doing this and I used an exchange of the encryption keys between Homeseer and the RPi. That said google the command lines used for development on PFSense for a list of what you can do via command line. (just about anything).

                The other way mentioned was to use php. The PFSense box is running on BSD and uses php. You would have to write a script that logs in to your PFSense box from Homeseer then have the script execute php commands directly on the PFSense box.

                I have not attempted this. You can give it a try logging in to your PFSense box from the Homeseer box and doing a source look up of the page you are accessing to see the specific php command you are executing.

                can homeseer control pfsense. for example if I wanted to issue a voice command to restart the appliance?

                Yes but you will be circumventing PFSense punching a hole in to it for remote management which I would not recommend.


                you are misunderstanding.. I do not need to know the commands.. I do not know how to have homeseer open a SSH session to any device and run commands...
                How do you do that?

                Comment


                  #23
                  Using Windows you can write a script using Putty to SSH to the PFSense BSD box.

                  You need to know the commands in order to write a script to do this running Homeseer 3 in windows or linux. That is why Homeseer is so flexible.

                  The PuTTY command line

                  remote ssh tcl
                  - Pete

                  Auto mator
                  Homeseer 3 Pro - 3.0.0.548 (Linux) - Ubuntu 18.04/W7e 64 bit Intel Haswell CPU 16Gb
                  Homeseer Zee2 (Lite) - 3.0.0.548 (Linux) - Ubuntu 18.04/W7e - CherryTrail x5-Z8350 BeeLink 4Gb BT3 Pro
                  HS4 Lite - Ubuntu 22.04 / Lenovo Tiny M900 / 32Gb Ram

                  HS4 Pro - V4.1.18.1 - Ubuntu 22.04 / Lenova Tiny M900 / 32Gb Ram
                  HSTouch on Intel tabletop tablets (Jogglers) - Asus AIO - Windows 11

                  X10, UPB, Zigbee, ZWave and Wifi MQTT automation-Tasmota-Espurna. OmniPro 2, Russound zoned audio, Alexa, Cheaper RFID, W800 and Home Assistant

                  Comment


                    #24
                    Originally posted by Pete View Post
                    Using Windows you can write a script using Putty to SSH to the PFSense BSD box.

                    You need to know the commands in order to write a script to do this running Homeseer 3 in windows or linux. That is why Homeseer is so flexible.

                    The PuTTY command line

                    remote ssh tcl
                    interesting. Im still working on my system. I prob will not actually set it up. but good to know anyway. I have many devices that SSH can be used with.

                    Comment


                      #25
                      I am thinking of setting up pfSense at my home (although I just learned about RATtrap from another post and this looks interesting and simpler). I have been reading posts and watching YouTube videos on pfSense that Pete has linked to older posts. I am not very knowledgeable about networking, so at this time, I have one quick question. As I understand it pfSense becomes the router and the DHCP server. I have perhaps 10-20 devices (e.g., Z-Nets; computer running HomeSeer) that have static and reserved IP addresses. What happens to those device IP addresses with pfSense? Thanks.
                      "Living with technology means living in a [constant] state of flux." S. Higgenbotham, 2023
                      "Reboot and rejoice!" F. Pishotta, 1989

                      Comment


                        #26
                        OMG - I just wrote a long reply and switched apps on the iPhone - list everything- learned that lesson.

                        So here we go again -

                        I have 3 RATTraps and recommend to a friend he get one. He loves it. We are both IT guys with a lot of years. Yes, I could configure a FW and but dang I do that all day. I was looking for simpler. I’ve got three.
                        1. ​​​​​​​Simple to setup
                        2. Does a great job blocking outside
                        3. Can also block attempts going outbound
                        4. Web and iPhone access
                        5. I get Stats
                        6. can white list and black list
                        7. If I’m trying to access from the outside and it blocks me I can white list the ip and specify a period of time to allow
                        8. OK support vis email
                        9. Web browser protection
                        10. ad blocking
                        11. All devices learn from each other - a lot like most of the enterprise grade FWs I wouldn’t say it’s Zero hour protection but better than most I’ve seen.

                        i also use eeros, LogMeIn Pro, and VPN on my devices when on public wireless networks.

                        The eeros also block, I can setup groups. Pause access ECT.

                        Ive attached a pic of one of my RATtraps. This is a realtime snapshot.

                        thats my long winded assessment.
                        Attached Files

                        Comment


                          #27
                          As I understand it pfSense becomes the router and the DHCP server.

                          I have perhaps 10-20 devices (e.g., Z-Nets; computer running HomeSeer) that have static and reserved IP addresses.

                          What happens to those device IP addresses with pfSense? Thanks.


                          PFSense is a router, DHCP server, Firewall with numerous "plugins" which protect your home network.

                          Your home network as with any combo router / firewall can be configured in a variety of ways. The push here is to protect your home network with a bit more powerfull CPU / RAM than a combination SOHO box.

                          You can configure your home network devices with static IPs or DHCP reservation. It is up to you what you want to do. Here have a bit over 100 network devices. Mostly still utilize static IPs here with a sprinkling of DHCP and DHCP reserved IPs.

                          There is really no maintainance once configured to your liking. You can configure a status default dashboard.

                          The transport flow is as follows...

                          Home LAN IPs (whether static or DHCP) ===> point to an internet gateway IP and DNS (provided by PFSense) ==> multiple addresses use NAT (network address translation) ==> get "processed" or checked before and after going out to the internet.

                          PFSense community edition is free and has an intuitive interface. You can test it on any computer with two network interfaces.

                          - Pete

                          Auto mator
                          Homeseer 3 Pro - 3.0.0.548 (Linux) - Ubuntu 18.04/W7e 64 bit Intel Haswell CPU 16Gb
                          Homeseer Zee2 (Lite) - 3.0.0.548 (Linux) - Ubuntu 18.04/W7e - CherryTrail x5-Z8350 BeeLink 4Gb BT3 Pro
                          HS4 Lite - Ubuntu 22.04 / Lenovo Tiny M900 / 32Gb Ram

                          HS4 Pro - V4.1.18.1 - Ubuntu 22.04 / Lenova Tiny M900 / 32Gb Ram
                          HSTouch on Intel tabletop tablets (Jogglers) - Asus AIO - Windows 11

                          X10, UPB, Zigbee, ZWave and Wifi MQTT automation-Tasmota-Espurna. OmniPro 2, Russound zoned audio, Alexa, Cheaper RFID, W800 and Home Assistant

                          Comment


                            #28
                            Note that I only documented the use of PFSense because I use it. I do not work for the folks.

                            Mostly as mentioned above it is one of many methods to protect your home network from the Internet while continuing to utilize the Internet.

                            Historically here the work side comes from before the intenet and then later creating standards of use for a private global enterprise network of 140K users (and other global enterprise transport). IE: I had a public IP address on my work desktop, there were no firewalls back then and at the time had to manage the public address space utilized (much bean counting). NAT was new back then and managed on a router the size of a refrigerator and used manually entered tables (text files) to do NAT.

                            - Pete

                            Auto mator
                            Homeseer 3 Pro - 3.0.0.548 (Linux) - Ubuntu 18.04/W7e 64 bit Intel Haswell CPU 16Gb
                            Homeseer Zee2 (Lite) - 3.0.0.548 (Linux) - Ubuntu 18.04/W7e - CherryTrail x5-Z8350 BeeLink 4Gb BT3 Pro
                            HS4 Lite - Ubuntu 22.04 / Lenovo Tiny M900 / 32Gb Ram

                            HS4 Pro - V4.1.18.1 - Ubuntu 22.04 / Lenova Tiny M900 / 32Gb Ram
                            HSTouch on Intel tabletop tablets (Jogglers) - Asus AIO - Windows 11

                            X10, UPB, Zigbee, ZWave and Wifi MQTT automation-Tasmota-Espurna. OmniPro 2, Russound zoned audio, Alexa, Cheaper RFID, W800 and Home Assistant

                            Comment


                              #29
                              Pete:
                              Thanks for this information. My main issue was how to change the default IP address of PFSense. I learned from a YouTube video how to do this (SSH via serial connection to get to the set up for the PFSense computer), so that the subnet of PFSense will match my current subnet.
                              "Living with technology means living in a [constant] state of flux." S. Higgenbotham, 2023
                              "Reboot and rejoice!" F. Pishotta, 1989

                              Comment


                                #30
                                Originally posted by Pete View Post
                                [I][B]
                                There is really no maintainance once configured to your liking.
                                Yea sure.. just like events. Get it working and then never touch it again. Not in my world!

                                These days I spend as much time tuning the network (pfSense) as I do with HS3 management. Hey, I'm not complaining. I like the control that pfSense gives. I use the 3 router strategy and the rules between the three have become robust. I currently have open ports and the rules to protect those has been a recent focus and I'm to a place I feel comfortable. I need to implement openVPN to take it to the next level.

                                Pete, you were my mentor in getting pfSense installed. I'm very appreciative of your direction and help. It has been a great addition to my toolbox however it is likely overkill for my basic needs. But the product is a joy to use. Once you get over the learning curve (it is steep at first), it makes sense.

                                Thanks Pete!

                                Comment

                                Working...
                                X