Scribd
Upload
150 views7 pages

PF Sense

- pfSense is a customized distribution of FreeBSD adapted for use as a Firewall and Router. It requires installing a pfSense ISO, setting up client and server virtual machines, and configuring the pfSense machine with two network adapters for WAN and LAN. - The document then provides step-by-step instructions for installing pfSense, configuring the network interfaces and DHCP server, and configuring a client machine on the LAN segment. - It further details the configuration of the pfSense web interface for things like DNS, firewall settings, and installing and configuring the Squid and SquidGuard proxy packages to enable content filtering and authentication against an Active Directory

Uploaded by

Reino Animal
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
150 views7 pages

PF Sense

- pfSense is a customized distribution of FreeBSD adapted for use as a Firewall and Router. It requires installing a pfSense ISO, setting up client and server virtual machines, and configuring the pfSense machine with two network adapters for WAN and LAN. - The document then provides step-by-step instructions for installing pfSense, configuring the network interfaces and DHCP server, and configuring a client machine on the LAN segment. - It further details the configuration of the pfSense web interface for things like DNS, firewall settings, and installing and configuring the Squid and SquidGuard proxy packages to enable content filtering and authentication against an Active Directory

Uploaded by

Reino Animal
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 7

---> pfSense <---

pfSense es una distribución personalizada de


FreeBSD adaptado para su uso como
Firewall y Router.

Requerimientos:
ISO pfsense
Maquina Virtual cliente (win 7)
Maquina Virtual Windows Server (Active Directory)

Maquina Virtual pfSense:


1er Adaptador = WAN -> NAT / Bridge
2do Adaptador = LAN

Maquina Cliente:
Un solo adaptador = Segmento de red LAN

Maquina Windows Seerver:


En segmento de red LAN

-------------------------------------------------------

* INSTALACION *

Maquina pfSense:

Condiciones pfsense = Acept


Welcome Install = Install pfsense
keymap = continue (idioma elegido)
partitioning = Auto (UFS)
Manual Configuracion = NO
Complete Instalation = reboot

Configurar red LAN:

opcion 2 - set interfaces


elegir interfaz correspondiente - 2
ingresar ip seleccionada (192.168.14.1)
ingresar mascara de red - 24
<enter> - se selecciona LAN
<enter> - sin ipv6
se habilita dhcp server - marcar " Y "
ingresar primer ip del rango (192.168.14.2)
ingresar ultima ip del rango (192.168.14.20)
revert to http = " Y "
se observa LAN con nueva IP

Maquina Cliente:

Instalacion tradicional

Configurar adaptador VMware en Segmento


de red local

-----------------------------------------------------
* CONFIGURACION *

Maquina Cliente:

opcion 1 = se configura red automatica


dns = 8.8.8.8
dns = 8.8.4.4

opcion 2 = ip del rango del servidor pfsense (1ra del rango)


mascara = 255.255.255.0
gateway = ip de servidor pfsense
dns = 8.8.8.8
dns = 8.8.4.4

Configurar Servidor pfSense:

Abrir en Explorador de Internet


en maquina cliente

sign in:
usuario = admin
pass = pfsense
<sign in>

<next>
<next>
hostname = (iniciales)
domain = (iniciales.com)
primary DNS = 8.8.8.8
secondary DNS = 8.8.4.4
<next>
timezone = america/mexico_city
<next>
<next> - configuracion WAN
<next> - configuracion LAN (verificaion de IP)
ingresar NUEVA contraseña
<next>
<reload>

Click HERE to continue on to pfSense webConfigurator


(click en "here")

System
Advanced
Firewall & NAT
firewall maximun table entries = 400000
<save>
System
General Setup
DNS servers - elegir WAN con ip de wan-pfsense
<save>

Instalacion de squid y squidguard:

System
Package Manager
Available Packages (tienda)
Search term = squid
<search>
instalar 2 paquetes
SQUID <install> <confirm>
SQUIDGUARD <install> <confirm>

----------------------------
POsible error:
No permite instalar por ser mayor version de php
Solucion:
System
Update
-----------------------------

nota:
al terminar de instalar aparece barra superior en verde y
"success" al final del detalle de instalacion

nota 2:
Verificar en System -Advanced -Firewall & NAT
el valor firewall maximun table entries = 400000

<-->
Configuracion squid:

Services
Squid Proxy Server
Local Cache
Hard Disk Cache Size = 1000
<Save>

General
Enable Squid Proxy = <Habilitar Casilla>

Transparent HTTP proxy = <Habilitar casilla>

Bypass proxy for private Address Destination = <Habilitar


casilla>

Enable access Logging = <Habilitar Casilla>

Error LAnguaje = seleccionar EN o ES


(idioma de mensaje error)

Suppress Squid Version = <Habilitar Casilla>

<SAVE>

Configuracion SquidGuard:

Services
SquidGuard Proxy Filter
General Settings
Enable GUI log <Habilitar casilla>
Enable log <Habilitar casilla>
Enable log rotation <Habilitar casilla>

Blacklist <Habilitar casilla>


Blacklist URL
www.squidguard.org (buscar en internet)
Blacklist
Shalla´s Blacklist
Download (copiar direccion de
enlace)
<SAVE>

Blacklist
Download - hasta que barra de estado sea verde

*******************************************************
Creacion de Categorias:

Services
SquidGuard Proxy Filter
Target Categories
<Add>
Name = nombre de su categoria
Domain list = lista de paginas a bloquear
redrect mode = none
Redirect = MEsaje que deseen mostrar
log = <habilitar casilla>
<SAVE>

*********************************************************

Habilitar Targets / otros contenidos:

Services
SquidGuard Proxy Filter
Common ACL
Target Rule List
(+) - para expandir vista de listas
seleccionar permisos
whitelist
blacklist
allow
default access (all) = allow

Do not allow ip addresses in url = <habilitar>


Redirect mode = int error page
redirect info = mensaje a mostrar
log = <habilitar casilla>
<SAVE>

******************************************************
Activar Servicio:

Services
SquidGuard Proxy Filter
Enable = <Habilitar Casilla>
<Apply>

*******************************************************
Vinculacion (Active Directory) + pfSense
Maquina Server ofsense:
Configurar para dejar 1 ip libre para windows server

Maquina Cliente: (explorador)

System
User MAnager
Authentication Server
<Add>

Descriptive Name = (Elegir nombre)


Type = LDAP
Hostname o ip = ip de windows server
Port value = 389
Transport = TCP-Standard
Protocol version = 3
Server Timeout = 25
Search scope = level -> Entire Subtree
Base DN: (buscar)

--------------------------------------------
*Win Server - ADSI - Aciones -Conectar a
<Aceptar> - expandir contexto

*Obtener :
DC=ccc,DC=com (ejemplo)

*CN = Users -> obtener nombre destino


CN=Administrador,CN=Users,DC=ccc,DC=com (ejemplo)
-----------------------------------------

Authentication COntainers =
CN=Administrador,CN=Users,DC=(dominio),DC=com

Bind credentials = dominiowinserver\Administrador


2da casilla = contraseña de win server

User naming attrbute = sAMAccountName

Group naming atribute = cn

group member attribute = memberOf

<SAVE>

Settings
Authentication Server = elegir conexion a AD
<Save & Test>
*aparecen 3 ok
<Save>

Services
Squid Proxy Server
General
Transparent HTTP proxy = <deshabilitar casilla>
<Save>

Local Cache
cache dynamic content = <Habilitar casilla>
<Save>

ACLs
Allowed Subnets = (red servidor pfsense/24)

Authentication
Authentication Method = LDAP
Authentication server = ip widows server
Authentication server port = 389
Authentication processes = 1
Authentication TTL = 480

LDAP version = 3
LDAP server users DN =
CN=Administrador,CN=Users,DC=(dominio),DC=com

LDAP password = password windows server


LDAP base domain = DC=dominio,DC=com
LDAP username DN Atribute = sAMAccountName
LDAP search filter = (sAMAccountName=%s)
<save>

Services
SquidGuard Proxy Filter
General Settings
Enable LDAP filter = <habilitar casilla>
LDAP DN : CN=Administrador,CN=Users,DC=(dominio),DC=com
LDAP DN pasww = (contraseña win server)
Strip NT domain name: <habilitar casilla>
Strip kerberos : <habilitar casilla>
LDAP version = version 3
Enable log rotation <deshabilitar casilla>
<SAVE>

*************************************************************
COnfigurar acceso por usuario:

Services
SquidGuard Proxy Filter
Groups ACL --> aqui se crean los grupos de reglas

<Add>
Name = nombre de regla
client(source) = rango ip (10.1.1.1-10.2.2.2)
'usuario'

Do not allow ip addresses in url = <habilitar>


Redirect mode = none
log = <habilitar casilla>
<SAVE>

Services
SquidGuard Proxy Filter
General Settings
<Apply>
Nota: Ante cualquier cambio en reglas, dar <APPLY>
Tarda en Aplicarse de 3 a 10 min
dependiendo de recursos de pc

*********************************************************
Maquina CLiente:

Configurar opciones de internet:


Centro de redes y recursos compartidos
opciones de internet
conexiones
configuracion de LAN
Se desabilitan las 2 casillas de configuracion automatica
se habilita casilla de servidor proxy
direccion = ip de servidor
puerto = 3128
NO usar servidor proxy = <Habilitar casilla>
Opciones Avanzadas
Excepciones = ip server pfsense
<Aceptar>
<Aceptar>

*******************************************************

Uso de pfsense:

Opcion 1 : Proxy (Squid)

Services
Squid Proxy Server
ACL´s
Allowed Subnets = ip_servidor/24
Blacklist = paginas a bloquear (dominio)
<Save>

Opcion 2 : Filtrado de Contenido (SquidGuard)

**********************************************************

Blacklist = lista de denegados


Whitelist = lista de permitidos
CIDR = ip/wildcard
proxy transparente
sAMAccountName = id de protocolo LDAP

You might also like