I used pfSense a lot in the past 6 months, but I never got any chance to write about it. So, for my 100th post, I’ll talk about it a bit and this will be a placeholder for future reference.
At my home, I was using a Netgear Nighthawk AC1900 (R7000), but this Wi-Fi router has a lot of limitations. I’ve decided to go with a full blown PC, but I needed a one that’s not a desktop/laptop size. After some research I’ve decided to buy Qotom-Q180S from Amazon. It’s about $150 and it arrived in 3 days from Hong Kong. It’s great because there are no moving parts (no fan, no HDD).
First, go to https://www.pfsense.org/download/ and download the ISO.
Use something like Rufus to transfer the image to an USB stick.
Go to the BIOS and choose to boot from USB. You can also see how big is the unit compared to a pen.
When pfSense boots up, you’ll see something like this.
Use the default.
Choose Custom install.
Choose the SSD drive (32GB) that comes with the unit, not the USB drive.
Format the disk, the unit comes with Windows 7 that’s not activated.
Just use the defaults.
Tab to Accept and Create and hit Enter.
Same thing, Accept and Install Bootblocks.
Use the default.
It’s all defaults, 4GB of swap because I have 2GB RAM.
Use a standard kernel.
Hit reboot and remove the USB stick.
Once it comes back, choose no for VLANs.
At this point, you’ll have to know where you plugged your cable from your cable/DSL modem into the unit. You should plug your external cable to the NIC that’s marked as 1 and your internal switch or Wi-Fi router to NIC2. pfSense marks them as re0 and re1. re0 is the NIC1, re1 is NIC2. I used re0 because my cable modem is connected to NIC1.
Use re1 for the internal LAN.
Hit Enter key.
Verify all is OK and type y to proceed.
At this point you are all set. The IP for the internal interface is set to 192.168.1.1/24.
All you have to do is to point all your internal devices to use 192.168.1.1 as gateway and be on the same subnet.
You can log in to http://192.168.1.1, use admin/pfsense as password.
In my next posts I’ll go over VPN, squid etc…