- PFSense l mt phn mm chy trn nn open source. - Pfsense khng i hi phi cao nh nhng phn mm mi hin nay. Cu hnh p ng .
CPU 100Mhz RAM 128MB HDD 4GB CD PFsense
II .M Hnh
III Ci t v mt s ng dng .
1 .Ci t v cu hnh pfsense : Trn my tnh ci Pfsense chng ta b a pfSense LiveCD Installer.. vo CD/DVD tin hnh ci t
Mn hnh Welcom to FreeBSD!
Chn 99 bt u qu trnh ci t Pfsense ln my tnh
Chn Accept these settings chp nhn vic ci t Pfsense
Chn Quick/Easy Install hoc Custom Install ci t vo cng
Giao din textmode pfsense sau khi ci xong
2 .Cu hnh card mng :
Enter an Option : 1 v Chn s 1 bt u thit lp cc Interface Do you want to setup VLANs now -> Chn N
Da vo a ch MAC phn bit card mng Internal v External G le0 thit lp Interface LAN , le1 thit lp Interface WAN .Nu my c 2 card mng WAN th chn thm le2 thit lp Interface WAN2 Sau khi thit lp Interface th trng v n Enter khi c hi Enter the Optional Chn Y tin hnh qu trnh thit lp card mng.
Thng tin card mng ca pfsense sau khi c thit lp
3. t IP v thit lp DHCP cp pht vo bn trong mng LAN .
Thit lp IP cho card mng LAN chn 2 ,Nhp IP m mnh mun t v Enter the new LAN subnet bit count : 24 v Enter .
Chn Y thit lp DHCP cp pht IP cho cc my Client (Network Internal). To di IP cp pht cho Client (Nh trong hnh t 192.168.100.10 192.168.100.100 ) .
Kim tra my client nhn ip ng nh Pfsense cp hay khng .
4. Cu hnh Pfsense qua giao din web - WebGUI Ti my Client -> Vo trnh duyt v g vo IP internal ca pfsense v ng nhp bng ti khon v mt khu mc nh : admin pfsense .
Nhn Next .
Khai bo DNS Server cho my Pfsense -> Next.
Chn mi gi cho pfsense > Next.
Trong giao din WAN, c th chn gia nhiu kt ni khc nhau nh Static, Dynamic Host Configuration Protocol (DHCP), Point-to-Point Protocol v PPPoE. Chn kt ni thch hp nh c cu hnh bi ISP . y mnh chn static . Next
Cu hnh LAN hon ton. Nu mnh cha thc hin trc khi ci t, th ch cn thit lp a ch IP li .
Thit lp li mt khu admin truy cp vo pfsense .
Giao din cu hnh Pfsense trn nn web.
5 .Cu hnh DHCP cho mng Lan nng cao . (Dynamic Host Configuration Protocol)
Vo services DHCP Server chn Card mng ta mun cu hnh , y ta c th thit lp li dy Ip m mnh mun cung cp . Thit lp cng mi mac address s lun nhn mt ip c nh bng cch cun xung pha cui trang phn DHCP Static Mapping for this interface chn du + .
Nhp vo a ch Mac v Ip. ly Mac Address m khng mt cng ti cc my client ly ta chn phn nh hnh sau ly a ch Mac , sau coppy sang .
Ch : Ip c add l ip khng thuc range DHCP cp . 6. Ci t Packages Ngi dng c nhu cu thm cc chc nng m rng ca chng trnh ci t pfSense ,ta c th thm cc gi t mt la chn cc phn mm .
Gi c th c ci t bng cch s dng Package Manager, nm ti menu System. Package Manager s hin th tt c cc gi c sn bao gm mt m t ngn gn v chc nng ca n. ci t mt gi phn mm, hy nhp vo "Add" biu tng trn bn phi ca trang.
Sau khi hon thnh ci t , gi mi s hin th trong "Installed packages" ca pfSense Package Manager
Loi b mt Packages pfSense. Chn biu tng du nhn t phn bn phi ca trang. 7 . Firewall Rule . - M cng SSH. m SSH vo c Pfsense ta to Rule nh sau .
Sau chn Interace Wan click vo biu tng Add .
- Cho php ping ti server Pfsense . cho php bn ngoi Ping vo c Pfsense ta to Rule nh sau .
8. Nat :
V d ta c mt Web server vi a ch Private nh sau : 192.168.100.151 . Khi truy cp ti local hoc ti mng Lan th ta c kt qu nh hnh di .
By gi vi Ip private th trn internet khng th truy cp web vi ip Private c nn ta s nat ip private ra ip Public 192.168.1.152 ip ny trong v d ny cng lp mng vi Ip cng Wan ca Pfsense . Nn y c 2 cch Nat trn internet c th truy cp web . - Cch 1 Nat 1:1 Nat ip 192.168.100.152 (Private) ip 192.168.1.152 (public) Bc 1: To ip Alias :
Sau Click vo du + Nhp ip Public vo sao Save li.
Bc 2 : To nat 1:1 Vo Firewall Nat
Chn Tab 1:1 Chn Add .
Bc 3 : To Rules.
Lc ny ta truy cp bng ip Public 192.168.1.152 s c nh sau .
- Cch 2 : Nat port forward . Bc 1 : Vo Firewall chn Nat
Sau chn Tab Port Forward Click vo Add .
Bc 2 . Vo Firewall Rule xem to ra cha .
Bc 3 : Truy cp bng a ch Public IP 192.168.1.7 ca cng Wan xem kt qu .
- V d : Nat port Remote vo server Web . Vo Firewall Nat
Click vo Add .
- c th remote vo nhiu my tnh trong mng Lan ta c th Nat Port Forward nh sau :
9. Gii hn Bandwith cho ton b mng Lan hoc mt host no . 9.1 Gii hn mt host . Bng thng ca my 192.168.100.152 lc cha gii hn .
Bc 1 : Vo Firewall Traffic Shaper
Sau chon Tab Limiter .
Gioi hn Bandwith chiu out .
Gioi hn Bandwith chiu in .
Bc 2 : To Rule .
Chn Card Lan ta mun to .
Kim tra my 192.168.100.152 vi trang web http://www.speedtest.net/
Ta thy y tc download v upload l ~ 3Mbps do lc ny ta gii hn ti a l 3Mbps. Lu : Ta phi sp xp Rule .
9.2 Gii hn ton b mng Lan nhng ch cho php mt vi ip khng gii hn . Bc 1 : To Alias cho php my no c php s dng full Bandwith.
Bc 2 to rule cho php ip thuc alias full bandwith.
Ch : Sp xp Rule . 9.3 Gii hn ton b mng Lan v d mi ip cho php up /down 2Mbps ,cn nhng phng php trn l gii hn ton b tng traffic ca mng Lan.
Sau to Rule trn Lan .
10 . Cative portal . y cng l mt tnh nng qun l ngi dng .Ta vo Services Captive Portal click chon Enable . .
- Maximum concurrent connections:Gii hn cc connection trn mi ip/user/mac - Idle timeout:Nu mi ip khng cn truy cp mng trong 1 thi gian xc nh th s ngt kt ni ca ip/user/mac. - Hard timeout: Gii hn thi gian kt ni ca mi ip/users/mac. - Logout popup windows: Xut hin 1 popup thng bo cho ip/user/mac - Redirect URL: a ch URL m ngi dng s c direct ti sau khi ng nhp - Pass-though MAC: Cc MAC address c cu hnh trong mc ny s c b qua,khng authentication.
y n cng cho php ta gii hn bng thng ca tng my tnh. - Chn Tab Allowed IP addresses: Cc IP address c cu hnh s khng authentication.
in cc thng tin nh ip . y cng gii hn c Bng thng cho ip c nh .
- Ti mc Portal Contents chp on code di lu di dng file.html ri chn Duyt ti File.html ngi dng chng thc .
Pre Authentication redirect : Tc l trang web ngi dng cui chng thc . Mc nh nu ta khng chn https://www.google.com.vn th l http://192.168.100.1:8000/.
After authencation Redriect URL : Sau khi chng thc xong n s a ta ti trang Web https://www.google.com.vn C nhng loi chng thc sau .
Nu ta chn Local User Manager /Voucher .Th sau khi ng nhp ta phi g user /pass .
Nu ta check vo Enable Pass-through Mac automatic additions .
Th sau khi chng thc a ch Mac s t ng vo Tab Pass-throught Mac lu li.
11 .Tao user v phn quyn cho user :Vo System User Manager
in thng tin user cn to .
Phn quyn user :Chn Add trong phn Effetive Privileges .
Chn quyn m ta mun cp cho user ri Save li.
13 . Backup and Recovery Sao lu hay khi phc cu hnh pfsense vo Diagnostics/Backup/restore
Vic sao lu hay khi phc cu hnh pfsense cng tng i d dng. Mnh ch cn chn khu vc cn sao lu hay khi phc cu hnh ca Aliases, NAT, traffic ,shaper,PPTP Server,system 14 .