Installing the Firewall

tldr; Configure your pfSense firewall as shown here.

OR:

  1. Create the OPNSense machine from a template as directed by your teacher
    1. Don't turn it on!!! You did already? Then turn it off.
    2. Ask your instructor or TA to place your second NIC on your private VLAN see NetworkConfiguration/VlanAssignments

    3. Now turn it on
  2. Boot it to a login prompt (this will take some time)
    1. Note the LAN and WAN assignments. In the past they have tended to be: WAN=hn1, and LAN=hn0. These are probably backwards to what they should be.
  3. Login as:
    1. User=installer b. password=opnsense
  4. Select the following to install:
    1. Continue with default key map
    2. Install (UFS) //this is the default
    3. Select the larger disk (not the CDRom), OK, Yes... Install takes a while
    4. Change your root password
    5. Turn off the machine (it will likely reboot and at that point it is safe to turn off)
    6. Once it is off, edit the machine properties, hardware and set the DVD/CDRom to no media
    7. Power it back on and let it boot
  5. Login as root (you changed the password, so you should know it).
    1. IF EITHER INTERFACE DOES NOT HAVE AN IP ADDRESS, Select 1 to define the interfaces
      1. Answer no to the VLAN setup
      2. Set WAN to the opposite of what it was (it should probably be hn0)
      3. Set LAN to the opposite of what it was (it should probably be hn1)
      4. Hit enter, we are done.
  6. Check the IPs again:
    1. LAN = 192.168.1.1/24, If you need to reset it, There is no IPv6 at this time. Enable DHCP on LAN and set the range to start at 192.168.1.100 and end at 192.168.1.200.
    2. WAN = An IP assigned by DHCP. No need to change this one. If its not, ask the Instructor or TA for help.

From here on, we will be using the Windows Client Machine that is behind the firewall to complete the setup. If you haven't done so, install the Windows Client now.

  1. Use the browser on your Windows client VM behind the firewall to complete the setup using the following information:
    1. Browse to 192.168.1.1, wait for it... Next
    2. Set Primary DNS = 10.10.129.2 AND
    3. Secondary DNS = 10.10.129.3
    4. Time Zone = UTC (the default) or Your time zone. E.g. American/New York
    5. On the WAN setup page, at the bottom uncheck the following

      1. Block RFC 1918 Private Networks
      2. Block Bogan network

Hints for problems:

Problem: No access to any website at all (192.168.1.1 or the internet).

Solution: IP address may be old. Open a command prompt and issue the following commands:

Verify that you have an address from your DHCP server that works.


Problem: I can access the internet, but I can't access 192.168.1.1 and complete the setup of the firewall.

Solution: Your client VM may not be on the right network. Verify that the IP is in 192.168.1.1. If it is not, ask the instructor or TA to move the client on your VLAN.


Setting up Client for Remote Desktop

  1. Login to your firewall as above using a browser.
  2. Select Services on the menu list
  3. Select DCHPv4, LAN
  4. At the bottom, Click the + icon to add a Static mapping for DHCP.
    1. Click the copy my MAC
    2. Set IP Address to 192.168.1.10
    3. Give a description, click save

Perform the following on the client:

Verify that your IP is not 192.168.1.10.

  1. Under Firewall, NAT, Forward, Add a rule
    1. Destination is WAN address
    2. Destination port is 3389 or "MS RDP"
    3. NAT IP will be 192.168.1.10 (may be listed as forwarded to...)
    4. NAT Port is 3389 or "MS RDP" (should be already selected based on your destination port).
  2. Save and apply.

At this point, your firewall is completely setup, and you shouldn't have to play with it anymore.