Install & Configure Pfsense Using 1Nic & Vlans

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
hey guys got another video for you guys so a lot of people use a lot of different firewalls and pfsense is really well known i've read it before and there's been a couple questions on the forums there on reddit saying can you run pfsense without two network cards and yes you can it's pretty easy actually you need a computer with one network card preferably intel but you could use others i find intel network cards are the best because they have really good support and the drivers are very good for them and a managed switch so in this video i have a hp prodesk g3 just a little i5 6500 with eight gigs of ram and a hard drive in it and a hp 1810 24 port gigabit switch so to make this work you have to set up vlans and assign them so i'm going to do is i'm going to show you in the video here how to do that on hp switch it's really easy it's a lot of people get scared of doing vlans and i used to be scared when i started doing them and now it's like they're is pretty easy after that we'll hook up pf sense i've got a default install on this box of 2.5.2 i think or 2.5 i can't remember we'll look at it in the video and we'll show how to do that so for now what i'm going to do is in a video here i'll get my screen recording here i will assign my computer to a network address now the default ip on this switch is 182 168 2.10 so we'll go ahead and do that uh dcp4 we'll give it to 192 to 168.2.50 we'll give it a subnet our dns just for now so that way i have to come back and change it after we'll see if we can ping it yep there it is there's no password on a default um hp switch so we'll just go 192.168.2.10 and there it is so no password for this lab i'll say right now there will be no rules in psns and there will be no uh special um setups it's just gonna be a plain piece of sense working since i have a basic uh lab behind our basic network behind me i'm going to double nap this but for the purpose of this video is just this ethernet cable that's coming from over there will be my wan address and it will work in the port so on this i'm going to set up a couple vlans on the switch first and then we'll go from there so port 24 is going to be the port that goes to the psense build the hp and 23 is going to be my network port in we're going to call that the wan port so in the video here we'll go to vlans and we're going to create vlans so the first one i'm going to create the first one that comes with the switch is port or vlan one that's a default of all almost all switches the second one i'm going to call is 99 i'm going to call it 99 and i'm going to use that for the wan port so we'll push reply so now we have 99 and one but i'm also going to create two more just for later because in the video i'm going to show you how to make more vlans and psense for like iot and your camera networks and stuff like that so i wrote it down here so we're going to create 44. apply and then we're going to create 66 and then apply that's done now we have to do the tagging which is very easy i used to be scared of doing vlans on switches and stuff that just took me forever and i mean cisco aruba hp um microtech i got a edge switch over here unified they all have some different way of uh tagging and untagging and stuff like that but they're all pretty common so in here we're gonna call this dissipating right now i have the computer plugged into port 11 and you can see that because it's green right here right and then we have the computer it's sleeping right now it's not even on but it knows there's something there because it's got um wake on land and all that stuff enabled and there's never some network activity so the first thing we're going to do is we're going to go to vlan 99 and i said in there we're going to call vlan 99 23 and 24 so tagged port 24 and then untagged port will go 23 that will be the port that's going to have all the that's going to have the traffic coming into it and then that'll work right then we'll apply that and then for simplicity for me to keep track of the video we're going to go like this and we're going to go to port 44 we're going to tag that so that's going to be the trap coming on 24 from the um pfsense box and then i'm going to go to port 4 so that way i can keep track of that we're gonna tag or we're gonna untag that so all the traffic that goes throughout that will give it the ip address of that uh and then we'll go apply and we'll go through the list and then let's go 66 we'll do the same thing so we'll go 24 oops tag and then we'll go to port 6 and we'll untag that so all the traffic goes through that e is exclude so anything that's e got an e in it it will exclude any traffic and won't do anything with it so we'll go apply and then we'll go okay now the default port one is all untagged and 23 is exclude because it already did that because it's already in the group and then we'll apply it so the next part of the video i'll set up here and go through this if we plug in something and i set up the d or the vlans on the pf sense anything that is one two three five and the rest except 23 and 24 will give me an ip address from the psense for the first vlan for vlan 1. so 192.168.2.1 if we go to port 4 on this which is untagged but the other 24 24th port is tagged it will give us the subnet and i'm going to set it up to 192.168.4.24.1 and for 66 for my small brain we'll go 66 192 to 168. 66.1 and then we'll submit it on there so for now i have okay so the next part of the configuration is setting up vlans on on psense so it can communicate so we have a fresh install of pfsense we've set up the switch over here to accept all the vlans and tagging and where the traffic is supposed to go now we just have to set up the interface on pf sense so when we come to the stage we've only got one network card down here if there was two we would get a different menu but since we've only got one it's asking us should vlans be set up now yes or no we want to click yes enter the parent interface so it's saying it sees one interface here's our mac address and here's our the name of the network card which is re0 so we want to type in re 0 we want to push enter enter the vlan number we want to set up so remember we set up a whole bunch of them but we're only going to set up two at this time so we're going to set up one enter and then it's asking do you want to set up another one so we want to go re 0 again enter and then the vlan we want to set up is 99 and then we want to press enter enter the parent name so we are now done so we have our two interfaces we have the wan and the lan push enter now it says which one on here would you like to use for the when so we already said we're going to use 99 so we see down here re0.99 so we type in re0.99 enter enter the lan interface name you would like to use so we want to use re0 so it says right here re0. r e 0.1 for vlan so the point anything after the decimal is the vln tag number okay we push enter and then we're done so now we just have to push enter again do you want to proceed yes enter once this goes through the uh changing the interface and applying all the interface addresses and stuff like that we will see an address oh there it is right there it shows us right here but we'll wait for the next interface now for this lab i'm just using one of my um over here i'll point at the switch down here so this is the we're gonna pretend this is your modem uh ip address from your modem that you get when you set up your uh home network uh and use this for your wan address but for my state in for my lab we're just going to use this cable here what i would do when you set this up on your home interface and your home connection is put a label here so that way you know that this is for only one thing the rest of it you could use for whatever you want okay so we're now back now the address down here says our wan address is my one of my addresses in my subnet here so 172 16016 153 and our lan address is 182.168.1.1 okay so we have that all set so now what we could do is jump to the laptop and continue continue on configuring and before i go too far i'll just do a little bit of information down here and point out what we have set up so we have our switch we have the laptop plugged into this one right here we have our wan address plugged into port 23 and 24 is our tagged port for all our traffic dual core across with pf sense pretty simple we'll see that we've got a full connection and now what we can do is we can go to now what we can do is we can go to 192.168.1.1 and we're at the pf sense now remember our switch is at 192 to 168 to 2.10 but we're on a one data address so we're gonna walk through the wizard here and then we'll change our subnet and then we'll go from there so admin default password is p of sense and it's now going to walk us through the wizard so welcome to psense uh we'll go next next we'll call this lab primary servers we'll go eight at eight secondaries we'll do one to one and we'll call this oh we'll call this sorry p of sense and then we'll call this lab simple jason's lab ca okay next no thanks and we're in canada so let's change this to pacific okay dhcp for the when interface yes we're gonna use dhcp i don't know if if your isp uses static or dhcp this is where you would change this right here and so right here now it's asking us to configure the lan interface so let's change this to 2.1 and we'll go next admin password and then we'll go next and reload usually what i do is give it about 30 seconds or so then we unplug the cable wait two seconds we'll plug it back in we'll run cmd see if we get a new ip address nope not yet let's change the address up here oh we got network connection down here oh we had it but now we'll just change this back to 2.1 there we go we're back to pfsense so we'll log back in admin there we go so now we have the you related accept and we're now configured and working so as you can see we have one network port on a p of sense box and it's working so now let's just check something here so it shows we have a network connection down here and if we go to fast.com what do we get now don't forget we're double knotting right now so it's gonna be a little bit slower 600 megabits per second 630 we're going to go up a little bit higher 630 megabits now if i do the show more show more information we'll see more we'll see the upload better than the download because we're double natting so we're having some issues there so that's pretty good off of one network card so the next thing i want to show you guys is to add more vlans now if we go back to our switch 192.168.2.10 we'll log in with our no password and we have vlans configuration we have four vlans technically we only have three vlans because the 99 you don't want to touch anymore because that's going to be your you only have two ports tagged for that which is your in and out and for your pf sense and so now we want to create two more vlans for the network say you want to have like an iot network for like all your gadgets around the house highly recommended and then another camera network so another highly recommended for setup for your house so you what we want to do now is we've already tagged these two ports on this switch so they're ready to go but we haven't done anything in pf sense so technically all we have to do is go interfaces assignments and we have to create them in here first we have to go vlans and we want to create say vlan so we want to create 44. description we're going to call that 44 what should we call the iot sure and then we're going to create another one you then tag 66 and we'll call that cameras okay now we have that done now what we have to do is go back to interfaces and assignments and we have to sign those so what we want to do is we want to select available port and now we'll see vlan 44 and vlan 66 so 44 we'll go add and then we'll go down here again we'll go 66 and then we'll go add and then we'll save that now we have all of our network interfaces so now if we click on option one we can rename this so 44 is the iot so we'll just call we'll enable it and we'll call this iot uh we'll give it an address we have to go to static ipv4 address we'll give it 192.168.44.1 we'll give it a 24 address and we'll go save we'll apply the changes uh oh chatting's already applied because i push saved at the bottom so now we'll go back to interfaces assignments see we've changed the name over here to iot so we have that let's do the same thing so we'll go enable we'll call this cameras cameras we'll go static so the static address is what we're giving to this um card 192.168.66 we make sure we give it a 24 subnet depending on your configuration we'll go save apply give it a couple seconds done ah we still got more setups to do now we've got to create a dhcp scope so we go to sir services dhcp server now we over here we have these two other dhcp servers so we go iot uh we want to enable that so i usually just make them small so my iot stuff only give them like maybe 10 or 15 depending on how many devices you have it's not really good practice to leave it wide open there's just no point so put in mind how many you can change this at any time also you want so you can start from five and go all the way up so let's give this 192 to 168.44. uh so let's go 42 because i'm lazy today copy this to here and we'll go to 80. okay dns servers will give it 1.1.101 and this is going to hand the dhcp or the dns servers out so 8.8.8 and then we'll go like this and go save okay now we'll do the same thing for cameras so we want to enable the service let's go 192.168.66. say 100 copy this and then we'll oh control c not v and say we'll give it like 20 120 we'll give it 20 addresses uh we'll allow and we'll give the same dns 101 888 then we'll save it now this part of the video we have to create rules now so we have our dhcp and we have our iot and we have our vlans and all stuff now all you have to do is make a rule because technically all we're going to get is an address but we can't do anything so this is the part of the video where i say there is no security in this you'll have to play with your own security and create rules to go and jump across vlans and all that kind of stuff but for this sake all i'm going to do is create the rule so we can get an address and go out and surf the internet and show you an ip address okay so we'll go to firewall rules and at the top here we'll see that we have a bunch of rules so lan has already got a rule because it's already surfing the internet iot will create a new rule so we'll go add pass tcp any and we'll give it any any any so this will give us our what are we in here this is iot so this is iot any rule it's always good to label stuff so that we know what you're doing so when you go to change stuff if you have lots of rules you can go what do they call that again so you can find it so we'll do that apply it okay so that one's done let's do cameras we'll do the exact same thing because there's gonna be no security on this right now later on i'll do some more videos how to lock stuff down uh iot stuff you basically want that stuff to go out to the internet and not do any snooping for this sake we're just getting it to work so we'll go any it's going to have any we're going to call this cameras any rule okay save done now since we've got all that done we should be able to take this ethernet cable that i have here from the laptop and plug it into four okay so let's minimize this if we go to four which is down here technically we should have a network connection and it should route so we'll go cmd and we'll go ipconfig we'll scroll up there's our address remember we started we started the scope to start at 40. so we got the first address in the scope can we surf the internet let's see we sure can let's try the other one what did we do we did number six let me just verify that six because it's probably for my little p brain to remember oh can't get into the switch because i have that blocked down so let's play number six so we plug in a six we should get a one nine two one six eight uh sixty six dot address let's close the browser we'll wait a couple seconds because down here it will show that we have a network there we go so let's go ipconfig what do we have now 66. see creating vlans and doing it with one network card doesn't really require much and if we go back to port one i'll put that back there and we'll go back to our pf sense here 1922. one we'll log back in i have a really powerful box actually i don't know if it's i would say it's really powerful there's probably way more powerful boxes out there than what i'm using but this um little i5 will handle everything as you can see right here we got an i5 6500 3.2 gigahertz um it's got four cpus four cores and it's got aes and nice crypto you could pick these up excuse me on ebay for like 50 or 30 dollars or if you're like me and scratch almost everything possibly out of the garbage can to take home and play with it that's why i have stuff right now to play with a lab because i always tell the boss hey can i have this why because i want to take it home and i'm going to use it for lab stuff to do exam uh demos and stuff this is what i'm doing right in this box before was with my luck i didn't put the network card back on my desk it was sitting right here put it somewhere else but anyways i had this box running uh psense before and it had dual network cards in it and i had a really good setup it was pretty good i've moved around so many firewalls i can't even keep up so this shows everything how to use a manage switch a simple box some guys can get those little um there's a form on there people were buying that i think they're called lenovo tinys or the m93s the little little tiny boxes that would be perfect for this low power plenty of power to push the traffic and stuff like that um as you get more and more rules on here things might slow down have an experiment with that but that could be another video for later on um for now this is what i have if you have any questions let me know if you have any um recommendations for videos or stuff you want me to show you in pf sense stuff that's probably been done by tom lawrence a million times or network chuck who's an awesome guy there's lots of guys to do the psense box i'm going to be focusing mostly on um untangle stuff because that's what i really really like and that's what i'm running currently at home in my network here because i really like it i'm really good at it i can walk through it i've been using it since 2010 and i always go back to it i've had lots of virals so anyways hopefully this video helps you guys out like and subscribe all that kind of jazz that people do and if you have any questions shoot me an email put a link to my email address on the page when i edit the video to jason jason's lab.ca and we'll go from there you guys have a good day i'm going to finish up this video do some video editing and razer for you guys see you guys later
Info
Channel: Jason's Lab
Views: 11,519
Rating: undefined out of 5
Keywords: Pfsense, Hp, Networking, Switch, Vlans, Security, Install
Id: 7WHkuG76oBc
Channel Id: undefined
Length: 25min 48sec (1548 seconds)
Published: Tue Nov 30 2021
Related Videos
✅ pfsense on 1 network/ethernet port PC using VLANS
Mr. Nick's Hardware & Food
157K
How To Install And Configure pfSense Firewall Pt1
Tech Tutorials - David McKone
14K
Nvidia Loves The RX 7900 XTX, RTX 4070 Ti Benchmark Leaked, RTX 4060 Ti Underwhelming Specs
DannyzReviews
65K
DO NOT Build Your Own Router! Get This $50 Thin Client Instead...
Wolfgang's Channel
259K
DO NOT design your network like this!! // FREE CCNA // EP 6
NetworkChuck
2.2M
OPNsense Install & Setup Pt.2 Sunny Valley Network Zenarmor !!
Jason's Lab
587
Inexpensive Budget Switch: TP Link TL-SG108E HW Rev. 3.0 With VLANS & pfsense Review
Lawrence Systems
406K
Configuring Vlans in pfSense (And How to Use Them)
Tech Me Out
12K
Firewall Comparison, Which Ones We Use and Why We Use Them: Untangle / pfsense / Ubiquiti
Lawrence Systems
581K
you need to learn Virtual Machines RIGHT NOW!! (Kali Linux VM, Ubuntu, Windows)
NetworkChuck
6.1M
Tour of Home Network 2020
The 8-Bit Guy
2.9M
Best Practice pfSense Initial Setup w/Netgate 4100
Crosstalk Solutions
40K
pfsense VS OPNSense
Lawrence Systems
211K
2018 Getting started with pfsense 2.4 from install to secure! including multiple separate networks
Lawrence Systems
530K
Home Networking 101 - How to Hook It All Up!
Budget Nerd
3.9M
How to Virtualize Your Home Router / Firewall Using pfSense
Techno Tim
184K
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.