Scribd Logo
Upload

Welcome to Scribd!

  • PF Sense

    Uploaded by

    Cao Huy Loc
    119 views34 pages

    Original Title

    Pf Sense

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    119 views34 pages

    PF Sense

    Uploaded by

    Cao Huy Loc

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 34

    I .

    Gii thiu Pfsense :


    - PFSense l mt phn mm chy trn nn open source.
    - Pfsense khng i hi phi cao nh nhng phn mm mi hin nay. Cu hnh p ng .

    CPU 100Mhz
    RAM 128MB
    HDD 4GB
    CD PFsense

    II .M Hnh



    III Ci t v mt s ng dng .

    1 .Ci t v cu hnh pfsense :
    Trn my tnh ci Pfsense chng ta b a pfSense LiveCD Installer.. vo CD/DVD tin hnh ci t

    Mn hnh Welcom to FreeBSD!

    Chn 99 bt u qu trnh ci t Pfsense ln my tnh

    Chn Accept these settings chp nhn vic ci t Pfsense

    Chn Quick/Easy Install hoc Custom Install ci t vo cng

    Giao din textmode pfsense sau khi ci xong

    2 .Cu hnh card mng :

    Enter an Option : 1 v Chn s 1 bt u thit lp cc Interface
    Do you want to setup VLANs now -> Chn N

    Da vo a ch MAC phn bit card mng Internal v External
    G le0 thit lp Interface LAN , le1 thit lp Interface WAN .Nu my c 2 card mng WAN th
    chn thm le2 thit lp Interface WAN2
    Sau khi thit lp Interface th trng v n Enter khi c hi Enter the Optional
    Chn Y tin hnh qu trnh thit lp card mng.


    Thng tin card mng ca pfsense sau khi c thit lp





    3. t IP v thit lp DHCP cp pht vo bn trong mng LAN .

    Thit lp IP cho card mng LAN chn 2 ,Nhp IP m mnh mun t v Enter the new LAN subnet bit
    count : 24 v Enter .


    Chn Y thit lp DHCP cp pht IP cho cc my Client (Network Internal).
    To di IP cp pht cho Client (Nh trong hnh t 192.168.100.10 192.168.100.100 ) .


    Kim tra my client nhn ip ng nh Pfsense cp hay khng .



    4. Cu hnh Pfsense qua giao din web - WebGUI
    Ti my Client -> Vo trnh duyt v g vo IP internal ca pfsense v ng nhp
    bng ti khon v mt khu mc nh : admin pfsense .



    Nhn Next .

    Khai bo DNS Server cho my Pfsense -> Next.

    Chn mi gi cho pfsense > Next.

    Trong giao din WAN, c th chn gia nhiu kt ni khc nhau nh Static, Dynamic Host Configuration
    Protocol (DHCP), Point-to-Point Protocol v PPPoE.
    Chn kt ni thch hp nh c cu hnh bi ISP . y mnh chn static . Next


    Cu hnh LAN hon ton. Nu mnh cha thc hin trc khi ci t, th ch cn thit lp a ch IP li .

    Thit lp li mt khu admin truy cp vo pfsense .









    Giao din cu hnh Pfsense trn nn web.

    5 .Cu hnh DHCP cho mng Lan nng cao . (Dynamic Host Configuration
    Protocol)



    Vo services DHCP Server chn Card mng ta mun cu hnh , y ta c th thit lp li dy Ip m
    mnh mun cung cp .
    Thit lp cng mi mac address s lun nhn mt ip c nh bng cch cun xung pha cui trang
    phn DHCP Static Mapping for this interface chn du + .



    Nhp vo a ch Mac v Ip.
    ly Mac Address m khng mt cng ti cc my client ly ta chn phn nh hnh sau ly a
    ch Mac , sau coppy sang .

    Ch : Ip c add l ip khng thuc range DHCP cp .
    6. Ci t Packages
    Ngi dng c nhu cu thm cc chc nng m rng ca chng trnh ci t pfSense ,ta c th thm
    cc gi t mt la chn cc phn mm .

    Gi c th c ci t bng cch s dng Package Manager, nm ti menu System. Package Manager
    s hin th tt c cc gi c sn bao gm mt m t ngn gn v chc nng ca n.
    ci t mt gi phn mm, hy nhp vo "Add" biu tng trn bn phi ca trang.

    Sau khi hon thnh ci t , gi mi s hin th trong "Installed packages" ca pfSense Package Manager

    Loi b mt Packages pfSense. Chn biu tng du nhn t phn bn phi ca trang.
    7 . Firewall Rule .
    - M cng SSH.
    m SSH vo c Pfsense ta to Rule nh sau .

    Sau chn Interace Wan click vo biu tng Add .


    - Cho php ping ti server Pfsense .
    cho php bn ngoi Ping vo c Pfsense ta to Rule nh sau .


    8. Nat :

    V d ta c mt Web server vi a ch Private nh sau : 192.168.100.151 . Khi truy cp ti local hoc ti
    mng Lan th ta c kt qu nh hnh di .


    By gi vi Ip private th trn internet khng th truy cp web vi ip Private c nn ta s nat ip
    private ra ip Public 192.168.1.152 ip ny trong v d ny cng lp mng vi Ip cng Wan ca Pfsense .
    Nn y c 2 cch Nat trn internet c th truy cp web .
    - Cch 1 Nat 1:1
    Nat ip 192.168.100.152 (Private) ip 192.168.1.152 (public)
    Bc 1: To ip Alias :

    Sau Click vo du + Nhp ip Public vo sao Save li.

    Bc 2 : To nat 1:1
    Vo Firewall Nat

    Chn Tab 1:1 Chn Add .

    Bc 3 : To Rules.


    Lc ny ta truy cp bng ip Public 192.168.1.152 s c nh sau .


    - Cch 2 : Nat port forward .
    Bc 1 : Vo Firewall chn Nat

    Sau chn Tab Port Forward Click vo Add .

    Bc 2 . Vo Firewall Rule xem to ra cha .



    Bc 3 : Truy cp bng a ch Public IP 192.168.1.7 ca cng Wan xem kt qu .


    - V d : Nat port Remote vo server Web .
    Vo Firewall Nat

    Click vo Add .

    - c th remote vo nhiu my tnh trong mng Lan ta c th Nat Port Forward nh sau :


    9. Gii hn Bandwith cho ton b mng Lan hoc mt host no .
    9.1 Gii hn mt host .
    Bng thng ca my 192.168.100.152 lc cha gii hn .



    Bc 1 : Vo Firewall Traffic Shaper

    Sau chon Tab Limiter .

    Gioi hn Bandwith chiu out .

    Gioi hn Bandwith chiu in .

    Bc 2 : To Rule .


    Chn Card Lan ta mun to .


    Kim tra my 192.168.100.152 vi trang web http://www.speedtest.net/

    Ta thy y tc download v upload l ~ 3Mbps do lc ny ta gii hn ti a l 3Mbps.
    Lu : Ta phi sp xp Rule .


    9.2 Gii hn ton b mng Lan nhng ch cho php mt vi ip khng gii hn .
    Bc 1 : To Alias cho php my no c php s dng full Bandwith.


    Bc 2 to rule cho php ip thuc alias full bandwith.

    Ch : Sp xp Rule .
    9.3 Gii hn ton b mng Lan v d mi ip cho php up /down 2Mbps ,cn nhng phng php trn l
    gii hn ton b tng traffic ca mng Lan.




    Sau to Rule trn Lan .



    10 . Cative portal .
    y cng l mt tnh nng qun l ngi dng .Ta vo Services Captive Portal click chon Enable .
    .

    - Maximum concurrent connections:Gii hn cc connection trn mi ip/user/mac
    - Idle timeout:Nu mi ip khng cn truy cp mng trong 1 thi gian xc nh th s
    ngt kt ni ca ip/user/mac.
    - Hard timeout: Gii hn thi gian kt ni ca mi ip/users/mac.
    - Logout popup windows: Xut hin 1 popup thng bo cho ip/user/mac
    - Redirect URL: a ch URL m ngi dng s c direct ti sau khi ng nhp
    - Pass-though MAC: Cc MAC address c cu hnh trong mc ny s c b qua,khng
    authentication.


    y n cng cho php ta gii hn bng thng ca tng my tnh.
    - Chn Tab Allowed IP addresses: Cc IP address c cu hnh s khng authentication.


    in cc thng tin nh ip . y cng gii hn c Bng thng cho ip c nh .

    - Ti mc Portal Contents chp on code di lu di dng file.html ri chn Duyt ti
    File.html ngi dng chng thc .




    Pre Authentication redirect : Tc l trang web ngi dng cui chng thc . Mc nh nu ta khng
    chn https://www.google.com.vn th l http://192.168.100.1:8000/.

    After authencation Redriect URL : Sau khi chng thc xong n s a ta ti trang Web
    https://www.google.com.vn
    C nhng loi chng thc sau .

    Nu ta chn Local User Manager /Voucher .Th sau khi ng nhp ta phi g user /pass .

    Nu ta check vo Enable Pass-through Mac automatic additions .


    Th sau khi chng thc a ch Mac s t ng vo Tab Pass-throught Mac lu li.

    11 .Tao user v phn quyn cho user :Vo System User Manager

    in thng tin user cn to .

    Phn quyn user :Chn Add trong phn Effetive Privileges .


    Chn quyn m ta mun cp cho user ri Save li.



    13 . Backup and Recovery
    Sao lu hay khi phc cu hnh pfsense vo Diagnostics/Backup/restore

    Vic sao lu hay khi phc cu hnh pfsense cng tng i d dng. Mnh ch cn chn khu vc cn sao
    lu hay khi phc cu hnh ca Aliases, NAT, traffic ,shaper,PPTP Server,system
    14 .

    You might also like