Professional Documents
Culture Documents
Pfsense - Load Balance & Failover Firewall Configuration: Pf-Sense Features
Pfsense - Load Balance & Failover Firewall Configuration: Pf-Sense Features
Defense against
SYN/ICMP Flood
Anti-Spoofing
Ability to detect and to
filter based on Operating
System in use
1
Static routes
RIP v1 and 2
Pre -Requirements:2
pfSense requires a machine with at least a 200 MHz processor, 128 MB RAM, and 128 MB CF for embedded
or 1 GB hard disk or microdrive for full installations.
Exact requirements will vary primarily depending on what features you plan to use, how much network
throughput you require, and the typical size of your state table.
start the new VM wizard using File - New - Virtual Machine or CTRl-N
On the second page, choose Custom Configuration
Check Other guest operating system, and select FreeBSD from the drop down list
Choose a suitable name and location for the VM
uncheck keep it private
Set Use Local System Account in startup / shutdown options, and set Power on Virtual Machine on host
start up
Set the number of processors (if you have the option - I only set it to 1)
256Mb RAM is more than enough in my experience (unless you run lots of extras)
leave the network type at Use Bridged Connection
leave I/Oadapter type to default
Make sure Create a new Virtual Disc is set is set
leave disc type alone (mine defaults to IDE)
6Gb is plenty of space unless you want to use squid or some other service that will need lots of disc
space, and you may as well allocate disc space now to avoid future hiccups
The VM is now created and entered in the inventory.
3
After it went through the configuration you'll end up with a shell menu and a number of options. pfSense now is
ready to be accessed at the interface you assigned as LAN with the webgui.
WAN is configured as DHCP client, all incoming connections are blocked by default.
LAN is configured at 192.168.1.1/24 and acts as DHCP-Server and offers a DNS-forwarder.
OPTx interfaces are disabled, you have to enable and configure them at the webgui.
WebGUI runs at port 80, username is "admin", password "pfsense".
SSH is disabled.
First you get some settings to localize your keyboard or change your console appearance. Change what you
need or just go one by accepting the settings
Next pfSense will present a list with detected suitable installmedias to you. Please make sure you are not
accidently overwriting data you still need. It's recommended to have a dedicated media only for your install.
Any other constelations are not officially supported. Choose your media and hit enter to continue.
You should format the disk to prepare it for the installation. Beware this will whipe your entire media!
At the next step pfSense will show you the detected drive geometry. You should leave this the way it was
detected as long as you don't run into any troubles while installing with these settings. In case you get errors try
to alter your bios settings befor manually entering values here. Setting your drive from auto to lba or chs in
bioas already might help to detect the right settings.
8
Now you are at the point of no return: Only hit "Format xxX" if you are really sure there is no valuable
data left at this media!
The media is now prepared to continue with partitioning. Just hit enter to move on.
pfSense suggests using the complete space of your drive for the installation. You usually should just keep this
setting and move on to the next step.
10
In case your partitioning was the same like before as this is a reinstall confirm the changes.
You typically can confirm the following step. If you encounter problems with the bootloader after the
installation is done rerun the installation and check "Packet mode" at this screen.
11
Confirm this step. In case you skipped the above settings this is the point where your data on the media will be
overwritten.
12
pfSense suggests a setting for your subpartitioning now which you usually should just keep.
After accepting the above settings pfSense is starting to transfer the system to the prepared media.
13
You will be asked after a short time to remove the CD and reboot the system to boot your new install.
The system is now going down for reboot and your installation is finished
14
Configuring pfSense
15
Now go to the Interfaces tab and chose the WAN-Interface. Change the type to PPPoE and enter the IP you
want to use as the management IP and your Internet-Gateway:
Scroll down to the PPPoE settings and give the username and password and hit the save button.
16
After saving is complete you go to the Interfaces tab and chose the LAN-Interface.
Bridge the LAN-Interface with the WAN-Interface and disable the FTP Helper.
The IP you enter here will be ignored when you activate the bridge mode.
For cosmetic purposes you can use the management IP, too. They will not conflict with each other.
The management IP given in the WAN-settings will be assigned to the bridge interface, which will be created
when activating the bridge.
17
After saving is complete you go to the Interfaces tab and chose the WAN A (BSNL)-Interface.
Bridge the LAN-Interface with the WAN & WAN A (BSNL)-Interface and disable the FTP Helper.
Change the type to static and enter the IP you want to use as the management IP and your Internet-Gateway:
18
It is time to set up Outgoing Load Balancing and Failover. You will not have any pools. You will create 3 pools.
Wan (Airtel) BalanceWanA (Bsnl) - used to share out all access on a round robin basis as long as both
connections are available
Wan(Airtel)FailoverWanA(Bsnl) - used when Wan(Airetl) is down - all traffic will use WanA(Bsnl)
WanA(Bsnl)FailoverWan(Airtel) - used when WanA(Bsnl) is down - all traffic will use Wan(Airtel)
19
Load Balancer:Pool:Edit
Name:Wan1BalanceWan2
Behavior:Load Balancing
Monitor IP:WANs Gateway
Interface Name:WAN
click add to pool
Monitor IP:OPT1wan2s Gateway
Interface Name:OPT1wan2
click add to pool
Save
20
21
Name:WanAFailoverWan
Behavior:Failover
Monitor IP:OPT1wanAs Gateway
Interface Name:OPT1wanA
click add to pool
Monitor IP:WANs Gateway
Interface Name:WAN
Click add to pool
Save
22
23
You should see that the WAN gateway has a different gateway address then the WAN A (BSNL) gateway. If
not then pfsense will not work correctly. You will have to put a bridge between that interface to ensure pfsense
has two different gateways. If you have trouble with this please contact me. Basically pfsense does not support
the same gateway on multiple networks right now.
24
Click Save
Now go to Status -> Load Balancer to see if everything is working fine. It should report Online.
When you go to the Firewall Rules tab now, you will first see the WAN rules.
By default no rule exists:
Once all of the active rules have been added and Applied the Dual Wan setup is complete!
25