Cyber Security Labs For Beginners: PFSense Firewall Setup on VirtualBox

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
hey guys it's dc here and today we're going to be going over the next part of the lab series which is how to set up a pf sense firewall in this lab that we have been building before we get started let's have a quick word from our sponsor vpn ranks are you looking for a vpn software but you're not too sure which one to use well let me introduce you to vpn ranks vpn ranks is the best place to start to look for a vpn software with an easy to understand comparison each different vpn software has a different set of reviews from users as well as the team at vpn ranks themselves and sometimes they even offer special deals just for the vpn software that you choose to use so head on over to vpnranks.com and check it out today alrighty with that out of the way let's get started and let's uh have a look at what we were talking about last time with the general design of this network so as you can see here we have the lab diagram that we're building and today we're doing this pf sense firewall section for each of the downloads that i have there are links in the description so that you can follow along as well as any additional documentation that i was reading through to make sure i was getting my facts right in this video now just a quick note on uh setting up a pf sends fireball within virtualbox it is good for a lab setup like this one that we're doing but to set up a virtual box pfcent firewall to replace your router is probably not going to work too well this is because the throughput is going to rely on the resources assigned to that machine that you you build the pf centrifugal with which is going to affect the throughput this is going to then eventually add latency to the network which is going to cause a lot of lag in you know various different things a better way to do this would be to set it up as a kvm with pci passthrough which will give it a better performance and and just let it run a little bit nicer but for this lab setup it's it's perfectly fine um this is just as an example of an enterprise network and and how that would be set up the only difference is this is set up on my computer whereas a enterprise system is set up with multiple different servers that have you know tons and tons of resources and that's that's what they're designed for so anyway i just wanted to to throw that out there at the start just in case people are saying i've set this up as my router and it's now really slow that's why all righty now the first thing you want to be doing is going to the pfsense website pfsense.org forward slash download and grabbing the latest stable version the community version you just click on download and that is pretty much it to download it now it does take a little while to download depending on your internet connection speed i know with my beautiful australian nbn uh internet super fast speed it took about 45 minutes to download so if that's um if you're trying to do this in a rush maybe take that into consideration alrighty i have my downloaded file here i've extracted the file from the raw file or gzip or whatever it was file that i had and i've put it on my desktop so it's easy to reference here now what i'm going to do here is i'm going to click on new i'm going to give it the name uh pf sense uh firewall always one word going to change the type to bsd and i want it to be running as the 64-bit freebsd now for the memory allocation i'm going to give it a 2 gig of ram so that's 2048 and we'll click next on that now for this section i'm just going to leave this as is a creative virtual hard disk now yep all good and here i'm going to select vm dk now for this one i'm just going to go with dynamically allocated size for the disk space because i don't want to give it um too little or too much i i sort of want it to have a limit but on this computer i know i have a fair amount of space i'm just going to go with dynamically allocated but you can choose to set a fixed size if you want that's up to you alrighty so i'm going to give it uh 20 gigabytes here to start off with but like it is dynamic so it will um extend and shrink as it needs to all right now on to the uh the trickier part which is setting up the network interfaces or nicks for this design it's it's only tricky because you need to set up two different network interfaces one is the outside network that connects to the internet and the other one is on the lan side which is you know for the local machines and stuff on the network so you need one to come in and one to sort of i guess go out and and spread locally now because this uh this computer i have only has one physical network interface i'm going to have to split this by setting up vlans a vlan is essentially a virtual network within this virtual network which is it's kind of i mean it's like virtual network inception but um that's okay it's it's basically going to be like a virtual network nick connected to a physical nic with two vlans or you know other virtual lands off the back of that and that's how i'm going to split out my local and internet traffic so to set this up we're going to go to settings and then we're going to go into network now as you can see there are a few different adapter options here and you can set up a few which is really nice and at the moment it's set to nat now when it's on nat basically how that's going to work is it's going to translate the when i p address to the host machines ip which will actually add quite a bit of extra overhead uh to each packet that goes through so that's that's where the throughput is going to sort of fail um if i wanted to set this up as a ddos susceptible machine that you know basically a machine that could be taken down with a ddos that's probably how i would do it what i want to do here though is set this to bridged and i can see that it's picked up my wi-fi adapter which is good that's what i want it to do now you can see here that under the advanced settings there's the empty desktop promiscuous mode is on deny and cable connected is ticked now basically what this is doing is bridged interfaces will act as a switch between the local network and the bridged interface because i have a dhcp server set up on my router what this is going to do is basically bridge the dhcp directly from the router through to this machine and then it will assign from there it will then use that to also go directly back out to the internet alright so on to adapter number two we're going to enable this adapter we're going to attach it to the internal network and i'll leave the advanced settings here all exactly the same and that is uh that's pretty much it for the network it sounds a lot harder than it is but i wanted to explain um sort of what's happening in the background instead of just you know clicking through it and going through so now we're going to uh mount the iso here that i've downloaded so that it starts by booting off that iso and you know will install off that so we click on storage on the left hand side here we select empty on the disk here and then we click on this button here to choose a file to to upload into here so i'm going to go with uh choose a disk file i'll go to my desktop and i'll grab this now we'll click on ok and we can see the two network adapters we can see the storage is going to boot off this device here we've got the vmdk which is uh dynamic but 20 gigabytes and those settings are all just standard as as part of it so we click on start and in a second it should ask me uh if i want to boot off the iso that i just set up it's actually gone straight into it which is kind of cool i'm going to close some of these little alerts at the top because i know about that already we'll expand this to make it a bit you know easier and we have made it okay so we're going to initiate the setup press enter on that screen now we we want to install pf send so we click enter again and continue with default key map we'll press enter again now there are a few different options here that you can choose from the one i want is the auto ufs bios which is a guided disk setup using bios boot method so we'll select that one and click ok and the installation will begin um it's going to go through a whole bunch of steps here but um i'll cut to the end of this because this can take a little bit of time to complete so fast forward all righty we have come to the end of this uh installation section um on this page we're going to click the no button for manual configuration now it's going to ask me here if i want to reboot or go into the shell but before i do that i just want to go into the optical drives here remove disk from optical drive and then i'll click on force unmount now there's an area here which is perfectly fine and that's it that's uh that's that section done now i'm just going to click on uh machine up the top here click on reset and we'll click the reset button and the machine will reboot alrighty we've finally booted into the firewall system it took a little while to go through there um but that's okay as you can see here i have uh my ip address of 192.168.1.1 um on a slash 24 subnet which is correct that has been given from the uh peer sense firewall here to the to the lan which is fine it didn't seem to pick up my when interface which i'll i'll have to fix up soon but that's a good start we have the uh firewall set up and ready to go we need to configure some rules and uh obviously we also need to fix up this when interface so that it actually talks to the internet now i'm going to do this by uh i'll type in number two to set interfaces ip address so what i want to do here is go to one for the wan interface and configure ipv4 for wayne interface via dhcp we'll select yes configure ipv6 we don't want ipv6 because that's going to get far too confusing enter for none do you want to revert to http http as the web configurator protocol um we'll go yes because we'll we'll play with that a little bit later alrighty so the changes are being saved this should allow the firewall to pick up a dhcp ip address from my home router alrighty it has completed so i'll click enter here and it still doesn't seem to have picked up a when i pee address which is interesting i think that might be because of my other firewall sitting in between my computer and my router but i'll figure that out later we'll um we'll just continue on with this lab and i'll fix my own issues here later this shouldn't happen for you so i'm going to go into number two again to set interfaces ip address what i want to do is change the lan address this time and it is a static ip address i'm going to change it to 10. uh 1.1.1 24. now for this section i'm just going to press enter for none i don't want any ipv6 do you want to enable dhcp server on lan yes i do enter the start address we're going to go 10.1.1.2 [Music] and the end will be 10.1.1. let's say 150. that's going to configure and we're good now basically we have configured pfsense successfully on uh virtualbox which is that was the aim of this piece of this lab a major advantage of using pfsense or virtualbox or both together is that it is quite easy as you've seen you don't need to configure any you know crazy policies yet you don't need to do any netting it's all uh fairly automatic to get going if you don't have a firewall in between your um router and your you know firewall that you're setting up here i'm just curious actually if i uh try to ping the host i'm just going to type in a google i just want to see if it's going to be able to ping the host so yeah that's okay there's no route to the host that's perfectly fine there's no ip address i was just sort of curious to see what it would come up with there so back to the diagram i'm just going to add in here that the ip address is 10.1.1.1 slash 24 just to keep it you know nice and and simple and yeah that's uh that's that's pretty much it for this video so i hope you enjoyed this quick little lab on how to set up pfsense in virtualbox this is a very important step for this lab because literally everything is going to be going through this network it's not crazy hard it's um it's it's just a process that you need to follow to be able to get this to work and once we have uh the log server set up which will be in the next video we will then connect up the vulnerable machine the windows 7 machine i created in the first episode and then we'll connect up the kali linux machine to attack from the outside network which is going to be interesting seeing as it's all on the same network and yeah we're going to actually start having some fun so as i said the next video is going to be the log server that's going to be a really uh interesting piece because that's where we actually see some of the traffic coming through and yeah i'm pretty excited about the rest of this lab series it should be a really enjoyable thing and it's good because it does mimic an enterprise environment just on a much smaller and simpler scale the technologies used in enterprise systems are very similar just you know not exactly the same but if you know getting into network administration or systems administration or eventually becoming a pen tester for networks and systems this is a great lab to show once you've built the entire series out which i mean once i've built the entire series out and showing you how to do it you can do it for yourself and it's going to be super fun anyway thanks for watching guys i hope you enjoyed this video please do give me a thumbs up if you enjoyed this video it really does help out the video get more exposure and help other people out there who are in a similar situation to you who want to learn how to do this sort of thing subscribe if you want to see more videos just like this one and of course comment below if you have any questions that you would like me to answer i try to get around to as many questions as i can with the time i have in each day so please do ask the questions i do read them all and if i have an answer that i can give you i will absolutely answer you as soon as i can thanks for watching guys and i'll see you all on the next video [Music] you
Info
Channel: DC CyberSec
Views: 2,194
Rating: undefined out of 5
Keywords: cybersec, cybersecurity, cyber, dccybersec, infosec, cyber security, dc cybersec, information security, ctf, a day in the life, labs, firewall, pfsense, virtualbox, virtual nic, network, cybersec lab, lab, learn
Id: nebIgRJ7mFU
Channel Id: undefined
Length: 16min 56sec (1016 seconds)
Published: Sat Oct 09 2021
Related Videos
PfSense Advanced Configuration - VM Setup, Virtual IPs, Alias, NAT, Rules
Steven Koselke
24K
Cybersecurity For Beginners LIVE Q&A
DC CyberSec
2.2K
pfsense VS OPNSense
Lawrence Systems
101K
i built a Raspberry Pi SUPER COMPUTER!! // ft. Kubernetes (k3s cluster w/ Rancher)
NetworkChuck
752K
How to Install pfSense Start to Finish!
2GuysTek
612
Self-host your home router with pfSense! | My experience setting it up
David Ilie
757
HakByte: How to find anything on the internet with Google Dorks
Hak5
470K
pfSense Setup
Willie Howe
118K
my SUPER secure Raspberry Pi Router (wifi VPN travel router)
NetworkChuck
373K
Setup Guide / Tutorial for pfBlockerNG 2.2.5 on pfsense with DNSBL & GeoIP Blocking
Lawrence Systems
117K
How to Install pfSense 2.5.2
H2DC - How to do Computers
153
Before I do anything on Proxmox, I do this first...
Techno Tim
248K
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.