Locking Down the House with pfSense
Вставка
- Опубліковано 28 лип 2024
- If you're tired of dealing with terrible ISP equipment and off-the-shelf wifi routers, pfSense is the cure to your ailment. In this video, we start at the very beginning and step through the initial setup process of securing your home. But this is just the tip of the iceberg for pfSense. It is an incredibly capable router, VPN appliance, firewall, and much more through it's Package Mgr of 3rd party addons. This is the first in a series of videos dedicated to protecting the modern home[lab] while providing an insane amount of functionality I'll be showcasing in future videos.
👏 Thanks for Watching and 🔴 Subscribing! New videos coming each week!
------------------------------------------------------------------------
🔨 Gear in Video 🔨
► pfSense Download ►►► pfsense.org/download
► Rufus ►►► rufus.ie
► Lawrence Systems pfSense playlist ►►► • pfsense Tutorials
------------------------------------------------------------------------
💬 Social Media 💬
► Nick Howell Twitter ►►► / datacenterdude
► Community Discord ►►► / discord
► NetApp Discord ►►► netappdiscord.com
-------------------------------------------------------------------------
► CHAPTERS ►
0:00 Intro
1:15 Why pfSense?
2:25 Download pfSense & USB Imaging
3:57 First Boot of Installer
4:15 Cabling Overview
5:02 pfSense Installation
7:04 Initial Configuration
10:51 WebGUI Basic Setup Wizard
14:01 Testing Internet Connectivity
14:53 Outro & Bloopers
-------------------------------------------------------------------------
DISCLOSURE ► The views, beliefs, or opinions expressed during this program are solely those of the individuals involved and do not necessarily represent those of NetApp, NetApp employees, NetApp Affiliates or NetApp Clients or Partners. This video is intended for educational purposes only and does not replace independent professional judgment. All Trademarks and Copyrights mentioned in this video remain the property of their respective owners.
-------------------------------------------------------------------------
#pfSense #Firewall #homenetwork #DCDDC #homelab - Наука та технологія
In IT, the longer the beard, the wiser the man. Keep it up man, just subscribed to your channel
Thanks! And welcome to the party! 🤘
Lol in my day (90s-2000s) the long beard signified a MAC or Unix head. And yes the longer the beard... The wiser the man.
Just a tip: you could use Ventoy instead of Rufus to put all your ISOs onto one big USB stick. That's what I do and it's great. Otherwise, great video!
I’ve heard about that but never got around to trying it! Will check it out! Thanks for the nudge! 🤘
@@datacntrdude It really helps a lot if you have many ISOs you boot from time to time. Also got into homelabbing a year ago and I myself have a lot going on. Might do some videos down the line.
For example, I run pfSense on an old Lenovo M920s (i3-8100) with an Intel i350-T4. Amazing performance and also a really low idle power consumption, ~14W. I used to virtualize my pfSense in Proxmox, but it's not fun getting Internet down for everyone in the house when you wanna fool around with hardware or just updating the kernel.
I came to recommend this as well. I begrudgingly started using it a few months ago. I’m mad at myself for not using it sooner. I can’t recommend it enough.
Great video on getting the system installed!
Ventoy is the superior solution to over any other live USB softwares
Ventoy has known issues booting proxmox, and bsd os's
wow great content!! congrats!
Voila !!! :):) Big up from France
Merci!
Looking forward to the future videos on splitting the vlans
For the storage and servers etc
Me too! It’s coming up in the next week or so because it needs to be done before I get too much further down the road!
HELL YEAH !!!!
I am looking forward to more videos because I am curious how a datacenter person sets up pfsense.
Question: how did you handle the pass-through from you ISP's cable-modem/fiber-modem?
This is great!
I have been using a pfSense/Netgate virtual appliance in the cloud for work and it's SO incredibly configurable. So many things you can configure to secure your network, monitor traffic, IDS, routing, VPNs, CA, Certificates, etc.
I replaced their modem with my own CPE. An ARRIS Surfboard 8200. Everything ya need, nothing you don’t. Its entire job is to fetch and hold a public IP from the ISP and hand it to the outside interface of the firewall.
@@datacntrdude perfect! I used an ARRIS at home previously and back the. Was doing security appliance with a WRT+Ubiquiti setup. PfSense seems way better a fit now.
Thanks for all that you do!!!!
I see it’s running Broadcom NICs. I’ve never had a problem, but people always say Intel NICs etc. I expect the NIC issues re Broadcom Vs Intel only rear their heads on bigger installs / enterprise traffic levels.
There is a Broadcom tuning “guide” in the pfsense documentation. I like pfsense, but back running Sophos XG Home.
Great video. Seems like you have a lot of fun with this stuff - which is great! I like that you gave a big shout out to Tommy at Lawrence Systems too. I watch many of his videos and learned a ton about pfSense and related topics. Keep up the great work, and I look forward to watching more of your videos. Quick side note, when I go full screen with your videos the screens are almost too pixelated and grainy to read. Wondering if you need to bump up your format, or is it just me?
I have 32” monitors in 4K. I try to zoom in on Chrome to compensate for that but thanks for letting me know. I’ll pay more attention to that in the future. ❤️
@@datacntrdude Not a big deal and thanks for the quick reply. I'm new to your videos, so looking forward to watching more.
Any solution like pfsense but for switching?
Thought that was Robb Flynn in the thumbnail :)
Ironically, Machine Head is my fav band, and I’ve met him several times. 🤘
@@datacntrdude Rock on! Hope they come in our town someday...
Dude that server is WAY overkill for a home Pfsense server. I have mine on a i5 7100T, 4GB of RAM and booting off a 100GB NVME. With the gear you got, you could easily virtualize it.
You’re about three steps ahead of me… that’s definitely coming!
How are those Mikrotik switches working for you?
I just recently built a new PfSense server( might end up switching to OPNSense) and looking to replace my Cisco switches for faster network performance. [2 SFP+ and 10gbe onboard) Likely going to take a similar approach. These are the ones I'm planning to get:
Top of rack switch [CRS309-1G-8S+IN]
CRS310-8G+2S+IN-
POE- CSS610-8P-2S+IN
Hands off the CSS which only run SwOS with limited feature set. The CRS3xx are the way to go for everything and are feature packed, rocking standard RouterOS (with support for WinBox).
Why did you choose UFS instead of ZFS?
Great question! I love ZFS, but considering this was on a server with a raid controller already, in a mirrored RAID-1, I didn’t really need any of the fancy stuff ZFS offers. Just wanted simple. The intention is to downscale this to a smaller microPC or appliance in the future.
Yes, used ZFS
@@ascot4000 really, which do?
Hi Nick
Nice Beard!
Would you look at that, a fellow XCP-Ng user!
🤘😎🤘
COX communication?
The one, The only...
@@datacntrdude lol, i was bored. It was the ip of your dns and the speedtest ads confirmed it. Nice job getting it up and running. Wait till you set up a carp configuration. Pfsense in the cloud and at home. Definitely a fan.
8:53 reboot the modem to get wan ip 99% of the time.
(That's what actually happened, I just cut around it to keep things moving)
did not show us HOW to lock down the house within pfsense
just how to install it
clickbait
we don't want to wait for your next advanced video, it should have been this video
:(
Thanks for watching and for the feedback. Of course, it’s arguable that just doing what I did in the video (installing the appliance at all) and running the setup wizard improves the security posture 10-fold over not having it. Plus the quality of life of simply enabling pfBlockerNG. The devs themselves have said, “if there were more secure practices, those would be the defaults.” I left out the more complicated stuff as that’s coming in a deeper video around VLAN tags and routing that is bigger than just pfSense.