I have to setup several firewalls for my offside data center. So we bought this 1U machine,NSA; that come with 4 network cards and one extra PCI slot (WAN,LAN,DMZ,CARP). I planned to setup 2 firewalls powered by OpenBSD PF and using CARP function for High Avaibility. But during the implementation process, we made some adjustment and settle for PFSense without CARP(PFsense do have CARP capabilities) . Below are the summary of installation process.
1. Take out the harddisk from the NSA
2. Connect to windows machine using IDE-USB cable.
3. write image to harddisk -> physdiskwrite -u image ( follow the prompted question).
4. Put the hardisk back into NSA.
5. Turn on the NSA and configure the interface ip using null modem cable F/F( normal config like baud rate 9600).
6. After configuring through console, you can start browsing to PFSense web base configurator.
7. The default login is admin:pfsense
8. What i did was, turn on bridge mode firewall by bridging WAN interface with OPT1(named as bridge)
9. LAN interface is used for management.
10. The rules is quite simple though (actually not for me, since i'm kind of lazy to read the PFSense RTFM). Allow everything on WAN interface, allow several thing on OPT1(Bridge) and the last rule is to disable all(deny explicit) on OPT1 interface.
11. Thats it.. Very simple process but took my whole weekend to setup the firewall due to my laziness in reading the RTFM.
Some good referance to read:
http://www.pfsense.com/index.php?id=36
http://www.benzedrine.cx/pf.html
No comments:
Post a Comment