Install and setup my LAN with pfSense v2.4.2

Much time after I bought my APU1D4 I could install pfSense on it and I’d like to share some notes about this process with you. Let’s start with router hardware specifications:

APU1D4 specifications

Mainboard: APU ALIX Engines APU.1D4

CPU: 1 GHz AMD G-Series T40E APU Dual core

RAM: 4GB DDR3

Network: 3 x 1 Gbps Ethernet ports

Wireless

Compex WLE200NX a/b/g/n miniPCI Express radio card

2 x Wireless LAN omni antennas 2dBi 802.11 b and g with RP SMA connector (Reverse Polarity) for indoor use

Ports: 1 x mSATA, 1 x SD Card, 2 x Mini PCIe, 1 x SATA

Storage: Transcend 32 GB mSATA Solid State Drive, MSA370

PCEngines link

The first and best advice which a friend of mine give me to finish successfully pfSense installation (if you’re not a Network Engineer like me) was: draw LAN-WAN network schema on a paper (or in your computer). Once you’re happy with your design you’ll have the first step to achieve your target.

After reading a lot of web pages I decide enable DMZ on my FTTH ISP router pointing to my internal pfSense IP address, this approach was the simplest way to access from The Internet to my LAN because my FTTH has an ONT integrated in the same box, NOT in a separated one.

The installation process was simple I just followed these instructions:

$ gunzip -c pfSense-CE-2.4.2-RELEASE-4g-amd64-nanobsd.img.gz | sudo dd of=/dev/sdc bs=4M
 0+121433 records in
 0+121433 records out
 3989970432 bytes (4.0 GB, 3.7 GiB) copied, 26.8437 s, 149 MB/s
 # fdisk -l /dev/sdc
 Disk /dev/sdc: 3.7 GiB, 3989970432 bytes, 7792911 sectors
 Units: sectors of 1 * 512 = 512 bytes
 Sector size (logical/physical): 512 bytes / 512 bytes
 I/O size (minimum/optimal): 512 bytes / 512 bytes
 Disklabel type: dos
 Disk identifier: 0x90909090
 Device     Boot   Start     End Sectors  Size Id Type
 /dev/sdc1  *         63 3844511 3844449  1.9G a5 FreeBSD
 /dev/sdc2       3844575 7689023 3844449  1.9G a5 FreeBSD
 /dev/sdc3       7689024 7791839  102816 50.2M a5 FreeBSD

The device in which I write the pfSense image it was a SD card, /dev/sdc in my case.

Once pfSense is installed I just want to mention that I used the following wire to connect with router, also notice that the wire has to be null RS232 modem.

To connect to APU I use the following command:

# minicom -D /dev/ttyS0 -b 115200

With pfSense installed I continued my reading about these topics and I found this option OPNsense which would a great alternative to pfSense but I haven’t much free time so at least for a while I’m going to continue with pfSense.

Considering how to connect from Internet to my LAN I had to decide if I was going to use VPN or SSH. Due to performance reasons I’ve chosen SSH access using RSA keys but when I’ll have time I would like to setup a VPN access also and take my own timing comparing two solutions. You could also take a look to this blog entry to know better the differences between VPN and SSH.

The external access it’s needed to be able to boot through iLO interface of my HP G8 Microserver, once I setup RSA keys properly I have to use I a command like this one:

$ ssh -p NON_PRIVILEGED_PORT -l PFSENSE_USER -L OTHER_NON_PRIVILEGED_PORT:iLO_INTERNAL_IP_ADDRESS:443 DYNAMIC_HOSTNAME

DYNAMIC_HOSTNAME: is the public name (hostname, thanks to noip.com) associated with my dynamic public IP address associated to the ISP FTTH router which I’m using.

I also have configured my FTTH router with an embedded client so this

Once SSH session is opened you can browser to web login page from the client SSH computer using the following URL:

https://localhost:OTHER_NON_PRIVILEGED_PORT

Obviously this setup is a personal choice and it depends completely on my hardware, but I hope you find this approach useful in some way to cover your needs.

That’s all, folks!


“Persistence is the twin sister of excellence. One is a matter of quality; the other, a matter of time”
— Marabel Morgan.

4 thoughts on “Install and setup my LAN with pfSense v2.4.2

  1. Hello, i think thаt i saw you visiteâ…¾ my web site so i came to “return the favor”. I am attempting to find things to enhance my website!I suppß‹sе its ok to use some of your ideas!!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s