BetaIT-Hub is in early access — your feedback helps us improve. Use the chat or email [email protected]

Tutorials/FIREWALLS/Configure pfSense Firewall for a Small Network
IntermediateFIREWALLS5 min read33 views

Configure pfSense Firewall for a Small Network

Step-by-step guide to setting up pfSense as your network firewall. Covers installation, WAN/LAN configuration, firewall rules, NAT, and VPN setup.

A
adminEliteStaff
Published 65d ago
Sign in to vote & bookmark💬 0 comments

Configure pfSense Firewall for a Small Network

pfSense is a powerful open-source firewall/router that can protect your network. This guide walks through a complete setup for a small office or home lab.

Prerequisites

  • A dedicated machine or VM with 2 NICs (WAN + LAN)
  • pfSense ISO downloaded from pfsense.org
  • Basic networking knowledge (IP addressing, subnets)

Step 1: Install pfSense

  1. Boot from the pfSense ISO
  2. Accept the license agreement
  3. Choose Install pfSense
  4. Select your disk and partition scheme (Auto UFS recommended)
  5. Wait for installation to complete and reboot

Step 2: Initial Configuration

After reboot, the console menu appears. Assign interfaces:

  • WAN — Your internet-facing NIC (e.g., em0)
  • LAN — Your internal network NIC (e.g., em1)

pfSense will auto-assign:

  • WAN: DHCP from your ISP
  • LAN: 192.168.1.1/24

Step 3: Access the Web Interface

  1. Connect a PC to the LAN port
  2. Open https://192.168.1.1 in your browser
  3. Default credentials: admin / pfsense
  4. Complete the setup wizard:
- Set hostname and domain - Configure DNS servers (e.g., 1.1.1.1, 8.8.8.8) - Set timezone - Change the default password

Step 4: Configure Firewall Rules

Go to Firewall > Rules > LAN:

Rule 1: Allow LAN to any (default — lets internal traffic out)
Rule 2: Block specific ports if needed

Go to Firewall > Rules > WAN:

Default: Block all inbound (already set)
Add rules only for services you need exposed

Example — Allow SSH from specific IP:

  • Action: Pass
  • Interface: WAN
  • Source: Single host (your IP)
  • Destination: WAN address
  • Destination Port: 22

Step 5: Set Up DHCP

Go to Services > DHCP Server > LAN:

  • Enable DHCP server
  • Range: 192.168.1.100 — 192.168.1.254
  • DNS servers: 192.168.1.1 (pfSense itself)
  • Gateway: 192.168.1.1

Step 6: Port Forwarding (NAT)

Go to Firewall > NAT > Port Forward:

Example — Forward port 443 to internal web server:

  • Interface: WAN
  • Protocol: TCP
  • Destination port: 443
  • Redirect target IP: 192.168.1.50
  • Redirect target port: 443

Step 7: Set Up OpenVPN

  1. Go to VPN > OpenVPN > Wizards
  2. Choose "Local User Access"
  3. Create a CA and server certificate
  4. Configure the VPN subnet (e.g., 10.0.8.0/24)
  5. Set DNS and routing options
  6. Export client configs via the OpenVPN Client Export package

Step 8: Enable Logging and Monitoring

  • Status > System Logs — View firewall, DHCP, and system logs
  • Status > Traffic Graph — Real-time bandwidth
  • Install ntopng package for detailed traffic analysis

Conclusion

Your pfSense firewall is now protecting your network with proper rules, DHCP, NAT, and VPN access. Consider enabling Snort or Suricata IDS/IPS packages for additional security.

Comments (0)

Sign in to leave a comment

No comments yet. Be the first to share your thoughts.