Install PFsense at gridscale
Create a router, DNS server, gateway server and a firewall in just a few steps with PFsense.
With gridscale you have the possibility to create private networks. These are pure Layer2 networks without IP management or access to the Internet. This is deliberately chosen in order to offer you as a customer maximum flexibility. To still connect servers from this network to the Internet or to create a central IP management, a gateway server with integrated firewall, DNS and DHCP services as well as a VPN remote station is suitable. There are several ways to achieve this. One of them is PFsense. The OpenBSD based operating system is designed exactly for this purpose and is easy to install.
Alternatively you can use the OPNsense for example. How to build your own gateway server from a normal Debian is explained in this tutorial.
Prepare your server
In this article I describe the installation of a server that has two network cards. One is connected to the Internet (e.g. directly with a modem or with gridscale with the Public Network) and the second is connected to the private network. You can also connect the server to the networks via a network card but different VLANs. You can find out how to do this from the official documentation.
Create two servers at gridscale or a cloud provider of your choice.
One server becomes our PFsense. It will be connected to the public network and to a private network. 1 Core and 1 GB Ram as well as 1 GB Storage are more than enough.
The second server becomes a client. For this example I take a Windows Server 2016. PFsense is of course also compatible with Linux servers or other operating systems that support DHCP.
This server only serves to check the function at the end. If you want to integrate the PFsense directly into an existing network, you can skip this step.
(1) Public IP addresses of the PFsense server
(2) PFsense is connected to both networks, Public Network and the private network
(3) Windows Server is only connected to the private network and has no public IP address.
Tip: When creating the server, please make sure that the default option is selected under the menu item “Hardware Profile” in the advanced settings.
Then attach the PFsense ISO to the first server and start it up. Then open the VNC console. You can find the ISO among the Public ISOs.
PFsense 2.4.1 ISO is connected to the server.
Open VNC console
If you want to use this tutorial on another platform, you can download the ISO.
After the server has booted the ISO, various boot options are displayed. The default is the multi-user boot. This will be selected automatically after a few seconds and is exactly the right option for the situation described in this article.
I summarize the next 10 steps in short points:
1) License Agreement
In the first step you will be asked to accept PFsense’s license. Just confirm with <Accept>.
2) Welcome Screen
In the Welcome screen you can choose Recovery Options
Select. However, since you want to install PFsense, choose and
confirm again with Enter.
In this menu, choose the appropriate keyboard layout and continue with the installation.
Here you can change the partition table according to your needs.
adapt. The default settings are again perfect.
sufficient. So you can choose and confirm.
5) Manual Configuration
The installation is already finished at this point. PFsense offers you
but once again to open a shell to hand yourself once more
to create. But you can also make all changes afterwards,
so select here.
And again, exactly the same. You will be asked if you want to use the server
reboot or want to open a shell again. Choose
here >Reboot< off.
After the server has been restarted, the ISO will be rebooted automatically. Then you can turn off the server. Here you can also use the “Power off” button in the gridscale GUI. Remove the ISO and restart the server again.
After some loading time you can continue with the setup.
7) Should VLANs be set up now [y:n]?
As already mentioned at the beginning, you can also use different VLANs. Because you are working with a sufficient number of network cards at gridscale you don’t need to deal with this for now – so confirm with “n”, for no.
8) Enter the WAN interface name or ‘a’ for auto-detection
(vtnet0 vtnet1 or a):
At gridscale the first network is always the Public Network. All private Networks are in the order in which you assign the networks to the server. . So the WAN network is “vtnet0”.
9) Enter the LAN interface name or ‘a’ for auto-detection
NOTE: this enables full Firewalling/NAT mode.
(vtnet1 or a):
In this step, you select the interface that is connected to the private network. is connected. So here is “vtnet1”.
10) The interfaces will be assigned as follows:
WAN -> vtnet0
LAN -> vtnet1
Do you want to proceed [y:n]?
If the settings are correct, then select “y” for yes. The Server will load some time now and restart afterwards.
After the server has restarted, the following picture awaits you:
(1) PFsense has received the public IP addresses via DHCP and linked them to the interface accordingly.
(2) This is the IP address at which the PFsense can be reached in the internal network, as well as the CIDR of the addresses that the DHCP makes available to the network.
The PFsense is now fully installed. I’ll show you how to configure different port shares using RDP for the Windows client.
First start the Windows client, open the console again and log in. You will notice that the server is already connected to the Internet. If you look at the network configuration, you will see that the client got the IP 192.168.1.100 from the DHCP server with the IP 192.168.1.1 of PFsense.
Open a browser and open the page 192.168.1.1. Log in here with the default user. Username: “admin” and password: “pfsense”.
Afterwards an installer dialog follows. Here you can change the settings according to your needs. If you are not sure, you can leave all settings at their default values. When you are finished with the dialog, the dashboard follows.
To pass RDP through to the Windows client, click on Firewall, then on NAT and on “Add”. Here is a short summary of the necessary settings:
Destination port range From port: MS RDP
Destination port range To port: MS RDP
Redirect target IP: 192.168.1.100 (IP of the Windows servers)
Redirect target Port: MS RDP
Then confirm everything with a click on “Save”. In the next step the changes have to be “applied”.
Test RDP connection
Establish an RDP connection to the public IP address of the PFsense. The credentials are those of the Windows server.
With these few steps you now have a gateway server with which you can secure your private network – a gateway server with which you can establish VPN connections, centralize firewalls and also provide your network with a DNS and DHCP server.Zurück zur Tutorial Übersicht Back to Tutorial Overview
Why PFsense Create a router, DNS server, gateway server and a firewall in just a few steps with PFsense. With gridscale you have the possibility to create private networks. These are pure Layer2 networks without IP management or access to the Internet. This is deliberately chosen in order to offer you as a customer maximum […]
Thank you for your feedback!
We will get back to you as soon as the article is finished.