Scribd Logo
Upload

Welcome to Scribd!

  • Configuring The Pfsense Firewall

    Uploaded by

    api-418424782
    242 views24 pages

    Original Title

    configuring the pfsense firewall

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    242 views24 pages

    Configuring The Pfsense Firewall

    Uploaded by

    api-418424782

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 24

    Stephen Dick

    CVF1083 System Security

    2/17/18

    Lab 2 configuring ICMP on the firewall

    Section 1.1 Blocking ICMP Requests on pfsense

    1.

    Went to the ubuntu machine and typed ping -c4 203.0.113.2 to ping 4 times to the kali linux machine.

    2.
    I used the command ping -c4 192.168.1.50 to capture the 4 packets to the ubuntu machine.

    3.
    Go to the ubuntu machine and type the ip 192.168.1.1 and view type the username admin and password
    of pfsense and login. Go to Firewall>rules>add new rule.

    4.
    Modified action to Block, Protocol to ICMP, and source to a network of 203.0.113.0

    5.
    Select all defaults and this is the results

    6.

    Couldn’t ping the ubuntu machine due to the firewall.

    Section 2 Redirecting Traffic to internal hosts on the network

    2.1 Configuring pfsense to allow a port and redirect requests

    1.
    Used the command nmap 203.0.113.1 to scan for any open ports on the kali network.

    2.

    Go to the ubuntu, go to firewall>nat> add a new rule

    3.
    On the fireall change destination port range to ssh on both

    Redirect target ip to 192.168.1.50

    Redirect target port to ssh

    Save it afterwards.

    4.

    Results of above. Apply and save the changes.


    Section 2.2 Retargeted SSH Connection

    1.

    Went to kali machine, typed the command nmap 203.0.113.1 and sniffed the ports, they were closed of,
    but now are open.

    2.
    Type the command ssh 203.0.113.1 to gain access to the ubuntu machine, and it was successful.

    3.
    I am on the correct machine because I now own the ip address of the ubuntu machine.

    4.

    Used the command route to confirm the default gateway of the ubuntu machine.

    5.

    Used the command nmap 192.168.1.1 to sniff out the firewall of the machine and ssh isn’t opened on it.

    Section 3. Configuring VPN on a pfsense

    3.1 configuring vpn server


    1.

    While in pfsense, go to system> cert manager. Then click add a new CA

    2.
    Configure the CA with the following

    Desc nam: MyCA

    Method: Create an internal CA

    Key length: 2048 bits

    Lifetime: 3650 days

    State/province: Texas

    City: Austin

    Org: XYZ

    Email: admin@xyz.corp

    Common name: internal-ca

    Save afterwards.
    3.

    Go to certificates>add a new cert> and use the following:

    Method: Create an internal cert

    Desc name: VPNServerCert

    Cert authority: MyCA

    Key length: 2048 bits

    Cert type: Server certificate

    Lifetime: 3650

    Country code: US

    State/prov: Texas

    City: Austin
    Org: XYA

    Email: admin@xyz.corp

    Common name: openvpn.xyz.corp

    Then save afterwards.

    4.

    Go to system>user manager and create a new user

    5.
    Use the username bob

    Password: bpassx

    Full name: bob

    Certify the user using the check box.

    Descriptive name: bob_cert

    Certificate authority: MyCA

    Key length: 2048 bits

    Lifetime: 3650 days

    Save afterwards.

    6.

    Go to vpn>openvpn>go to the wizards tab.

    7.
    Go through the wizard and select the defaults
    8.
    Use the following: interface: internal_GW

    Protocol: UDP

    Locap Port: 1194

    Desc: myVPNServer

    Tunnel Network: 172.16.1.0.24

    Force all traffic to tunnel

    Local Network: 10.1.1.0/28

    Concurrent connection: 10

    Compression enabled without adaptive compression

    Rest are defaults and save.

    9.
    Accept the firewall rules and click next.

    Section 3.2 Exporting VPN Client Data.

    1.

    Navigate to vpn>open VPN and click on the export tab: edit the following and leave everything default

    Use random local port: check the box


    Certification Export options: check the pkcs12 password and use bpassx as a password.

    2.

    Scroll down and select archive in the bob account>and save it.

    Sectopm 3.3 vonfiguring the vpn client

    1.

    Open a terminal, type cd /home/student/downloads

    Next type unzip pfsense-udp-1194-bob-config.zip to unzip the udp pfsense file from port 1194 in the bob
    configuration folder.
    2.

    Go to networks>configure VPN>VPN>click add

    3.

    Navigate to downloads and open the bob folder.


    4.

    Open the bob ovpn file next.

    5.

    Configure the vpn with the following:


    Gateway: 192.168.1.1

    Password with TLS

    User name: bob

    Password: bpassx

    Private key: bpassx

    6.

    Vpn with the tunneling works without problems.

    Section 3.5: managing VPN Connections

    1.
    Go to pfsense>status>system logs>open vpn tab.

    Results of the bob vpn above.

    2.

    Go to status>openvpn and we can see the current vpn connections.

    Results

    You might also like