Tutorial pfsense

Disponível somente no TrabalhosFeitos
  • Páginas : 14 (3430 palavras )
  • Download(s) : 0
  • Publicado : 22 de novembro de 2011
Ler documento completo
Amostra do texto
pfSense Tutorial BSDCan 2008
From zero to hero with pfSense May 13, 2008 Chris Buechler Scott Ullrich

History of pfSense
Started as a work project 13 years ago when we needed a internal firewall Originally Linux, switched to FreeBSD 2.2 Evolution of this path shrunk the firewall down to a Soekris size Moatware was started Met Chris Buechler during this time Sell a number of productsSales guy moves to Florida Moatware fails Chris and myself debate starting over fresh pfSense is forked from m0n0wall roughly 4 years ago Still going strong today

pfSense Overview
Customized FreeBSD distribution tailored for use as a firewall and router. pfSense has many base features and can be extended with the package system including one touch installations of popular 3rd party packages suchas SpamD (spam filter) and Squid (web caching). Includes many features found in commercial products such as Cisco PIX, Sonicwall, Watchguard, etc. Many support avenues available, mailing lists, forum and commercial support. Has the best price on the planet.... Free!

pfSense Platforms
Live CD Full Install Embedded Developers

pfSense Stable Versions

1.0 - October 4, 2006 * 1.0.1 -October 20, 2006 * 1.2 - RELENG_1_2 - February 25, 2008 Downloaded more than 500,000 times to date

* Not branched in CVS

pfSense Development Versions
Current Development Versions 1.3-ALPHA - RELENG_1 2.0-ALPHA-ALPHA-ALPHA - HEAD Snapshots are built every two hours available at http://snapshots.pfsense.org Bonus for attendees - 1.3 snapshots available

Minimum Hardware Requirements
CPU -100 MHz (500+ MHz for best experience) RAM - 128 MB (256 MB or more is encouraged)

Platform Specific
Live CD CD-ROM drive (currently USB CD-ROM devices are not supported) USB flash drive or floppy drive to store configuration Full Installation CD-ROM for initial installation 1 GB hard drive Embedded 128 MB CF serial port for console null modem cable

Popular hardware
NICs - Intel Pro/100and Pro/1000 Embedded hardware PC Engines WRAP and ALIX Soekris Nexcom Hacom Mini ITX Most Dell servers work well Many HP and Compaq servers work well VMware - entire product line

Hardware Sizing Guidance
Throughput Considerations
Packets per second Bandwidth required 10-20 Mbps - No less than 266 MHz CPU 21-50 Mbps - No less than 500 MHz CPU 51-200 Mbps - No less than 1.0 GHz CPU 201-500Mbps - server class or newer desktop hardware PCI-x or PCI-e network adapters No less than 2.0 GHz CPU 501+ Mbps - server class hardware PCI-x or PCI-e network adapters No less than 3.0 GHz CPU

Hardware Sizing Guidance

Feature Considerations VPN Number of connections not much of a factor Very CPU intensive Throughput 4 Mb - 266 MHz 10 Mb - 500 MHz

Hardware Sizing Guidance

FeatureConsiderations Large and busy Captive Portal deployments Increased CPU requirements Large state tables 1 KB per state RAM requirement 100,000 states = ~97 MB RAM 500,000 states = ~488 MB RAM 1,000,000 states = ~976 MB RAM etc...

One million states!

Hardware Sizing Guidance

Feature Considerations Packages RAM hungry ntop Snort Disk I/O Squid

Common Deployments
(that we're aware of)Perimeter firewall BGP router LAN router VLAN Multiple interfaces WAN router for Ethernet WAN services

Common Deployments
(that we're aware of) Appliance deployments DHCP server VPN server Packet capture appliance Portable monitoring and incident response

Organizations Using pfSense
(that we're aware of)
Advertising Agencies Application service providers Banks Credit unions Churches Coffeeshops Co-location facilities Clothing/Apparel manufacturers Homes Hospitals Hotels Libraries Cable TV networks Small to mid sized ISPs Movie studios Restaurants Schools Universities WISPs Wineries ... and many more!

Classless InterDomain Routing (CIDR)

CIDR Summarization
Allows specification of IP ranges Firewall rules NAT IPsec Must fall in subnet boundaries Examples -...