Remotely Managing pfsense via SSH Tunneling

Поділитися
Вставка
  • Опубліковано 29 гру 2024

КОМЕНТАРІ • 45

  • @iHelpUTechEffingham
    @iHelpUTechEffingham 4 роки тому +2

    "If they find an issue with public key encryption, we're all in trouble and your firewall will be the least of your concerns." Something about that made me chuckle in fear lol.

  • @nreitcheck
    @nreitcheck 5 років тому +3

    Just a note, do not use port 222 or 5555 as given in the example. Both ports are commonly scanned for as well as many many others. For the most 10 most common scanned ports watch AT&T ThreatTraq Internet Weather Report ua-cam.com/play/PLq4ic8ODT5PfsdQ7XBnKqIa2FBLmwjanL.html . Also remember to use best security practices for SSH as it can allow access to any computer on any connected network not just the localhost.

  • @wormchickenwizard
    @wormchickenwizard 3 роки тому +1

    How do you centrally manage and monitor your entire fleet of pfsense devices for outages and other issues? Also with public/private keys for SSH, how do you keep up with with all the keys on each firewall that's specific to each of your technicians? Is there a way you can orchestrate changes like for example if a technician had their computer stolen would you have to remote into each firewall individually and revoke the key or could you do it with a couple of clicks and push that change to every firewall at once?

  • @anyheck
    @anyheck 5 років тому +3

    That seems like a solid idea. I've used openvpn to have a remote router "phone home" and it's stable but certainly a more involved setup.
    How are you setting up the remote sites to deal with dynamic IPs and what do you do for your password management as all of the remote sites are at localhost:port?
    is there an autossh package on pfsense to get it to phone home to you with a reverse tunnel setup?

  • @MirkWoot
    @MirkWoot 5 років тому +5

    Thats pretty neat, actually had no idea that was possible, the way to get the webconfigurator thru ssh.

  • @clomok
    @clomok 11 місяців тому

    Perfect, this is exactly the answer I needed.
    Thank you!

  • @ITHowToAsap
    @ITHowToAsap 4 роки тому

    If pfSense is in a virtual machine and the WAN IP of it is a private, example 192.168.1.23, you must disable "Block private networks and loopback addresses" under Interfaces/Wan in order to have the Firewall rules to work.

  • @PileofKyle
    @PileofKyle 5 років тому +2

    You’re a great teacher.

  • @linuxpc4me555
    @linuxpc4me555 5 років тому

    Just saw this video.. what a great tutorial! Thank you so much. One question... how would you use this with putty?

    • @LAWRENCESYSTEMS
      @LAWRENCESYSTEMS  5 років тому

      I don't use putty anymore but it is supported this site has a write up www.akadia.com/services/ssh_putty.html

  • @marcvanberkel8512
    @marcvanberkel8512 5 років тому

    We made a central management system for pfsense, based on SSH port forwarding. To be able to view all kind of information in one dashboard. Uptime states CPU mem backups, live icmp etc

  • @jasonperry6046
    @jasonperry6046 5 років тому +1

    !!! Ho Li $#! +. There goes any hesitation I had for going all in on pfSense. I obviously don't know what I don't know. Any suggestions for an overview of things past the basics that Linux can do?

  • @ERolando78
    @ERolando78 5 років тому

    Excellent video. A query how can I limit the amount of digital certificate for client devices on an Openvpn server from PfSense

  • @booradlly
    @booradlly 4 роки тому

    Does anyone know what BASH that is ?
    It is awesome looking, lots of detail.

  • @TaRaZ_AST
    @TaRaZ_AST 3 роки тому

    if you configure a rule that allows access to https, it will allow anyway, despite ssh rule. I mean I can connect via browser before(without) connecting via ssh

  • @nurhafizah210
    @nurhafizah210 4 роки тому

    hello sir, i cannot access my pfsense web gui.i installed them in virtualbox.do you know how to solve this?thank you.

  • @marklharmon
    @marklharmon 4 місяці тому

    FYI, from the start it's a good idea to temporarily disable SSHGuard/Login Protection before too many failed SSH logins happen. Don't ask me how I know. 🙂

  • @someyounggamer
    @someyounggamer 5 років тому +1

    Is his main OS parrot ? Great Video helped a lot with my syslog machine!

  • @BradleyHerbst
    @BradleyHerbst 4 роки тому

    Great video. Did you end up ever making a video on ssh port forwarding with pfsense?

    • @LAWRENCESYSTEMS
      @LAWRENCESYSTEMS  4 роки тому

      ua-cam.com/video/3-DU47zDrQk/v-deo.html

    • @BradleyHerbst
      @BradleyHerbst 4 роки тому

      ​@@LAWRENCESYSTEMS I needed to expose mysql to my friend, but I didn't want to install ssh on the mysql server because I'm going to moving it to a container eventually, so I rather him authenticate thorough the pfsense box. I came up with this, ssh -L 3306:(ip-of-mysql-server):3306 -p (random-port-for-this) (non-admin-pfsense-username-with-publickey)@(my-public-ip-address), I'm sure this not the right way to do this, but it does work. I would like to know how to properly set this up so they can have to authenticate before they can get access to a port. I was going to setup a second openvpn on pfsense but I figured that was overkill since only need to expose one port. Thank You

  • @rafionroot
    @rafionroot 5 років тому

    Great video, I'm having a bit of a problem hitting the localhost:5555 cant connect at all, do I need to add other rule beside the ssh allow on the WAN ? The admin access and the wan rule have been configured correctly Thanks guys

  • @johnhumphreys2755
    @johnhumphreys2755 Рік тому

    Awesome video. Thank you

  • @CGW11
    @CGW11 5 років тому +1

    Thanks Tom! Great stuff. 👍
    Can you share your bash prompt?

    • @booradlly
      @booradlly 4 роки тому

      YES PLEASE, that was a wicked looking bash, never seen a bash so detailed. PLEASE TELL US

    • @booradlly
      @booradlly 4 роки тому +1

      I asked the same question again, and he answered! (see above)
      github.com/flipsidecreations/dotfiles

  • @jasonperry6046
    @jasonperry6046 5 років тому

    Okay, I have watched the video again and I have a question. Can I get a let's encrypt certificate for pfSense box? Will the same scripts work that I use on my debian based boxes? I do realize it is BSD based that's why I ask.

    • @LAWRENCESYSTEMS
      @LAWRENCESYSTEMS  5 років тому +1

      There is a pfsense plugin for the ACME cert system

  • @rogan466
    @rogan466 5 років тому

    This seems like a lot of work. Why not toss a ip on the loopback, create a ipsec tunnel to your network, this way you can manage the device at the far end from anywhere within your own management network. That way you can stay sanitized and not have ports opened etc. I understand the port is only opened from a particular source but this just seems like a lot of work.

    • @ronaldvaughan4117
      @ronaldvaughan4117 4 роки тому

      Rogan, Interested in your method as well. Any existing reference as to how to actualize it? Tnx!

  • @mathesonstep
    @mathesonstep 5 років тому

    So you do need the private key to login to the server correct? because if someone had your IP and your public key they shouldn't be able to do anything is that correct?

    • @LAWRENCESYSTEMS
      @LAWRENCESYSTEMS  5 років тому

      Correct, keep your private key super locked down

    • @gorillaau
      @gorillaau 4 роки тому

      @@LAWRENCESYSTEMS Yes, peehaps even to the point why if your private key is stolen on a laptop, you should revoke the existing public key from your servers and create a new the private key.
      Paranoid? Perhaps but nice to know that the servers you are responsible for are not accessible by ill-gotten means.

  • @abdelhakeljamali4101
    @abdelhakeljamali4101 5 років тому

    great video as usual. thank you

  • @josecubas9460
    @josecubas9460 5 років тому

    teacher I am from Peru. I am a student. I would like if you could teach us from the beginning snort openaddid + pfbloquers. Excuse greetings from Peru and thanks for your videos

  • @takumihikaru6055
    @takumihikaru6055 5 років тому

    Hi Tom, can you help me how to allow skype on pfsense? Thanks

    • @LAWRENCESYSTEMS
      @LAWRENCESYSTEMS  5 років тому

      It is allowed

    • @takumihikaru6055
      @takumihikaru6055 5 років тому

      Thanks for your reply, followed your tutorial on pfBlocker but Skype is blocked, just don't know where it is filtered from.

    • @LAWRENCESYSTEMS
      @LAWRENCESYSTEMS  5 років тому

      That varies with what list you are using.

    • @takumihikaru6055
      @takumihikaru6055 5 років тому

      found it, thank you.

  • @mervinmercado4755
    @mervinmercado4755 4 роки тому

    hey tom nice and great video, hoping that you have also a video on how to set up on windows command. I'm following your videos. More power and I hope sooner or later you read my comment. Keep Safe

  • @Oswee
    @Oswee 3 роки тому

    It would be nice if pfSense would support SSH Certificates