An Introduction to Firewalls and Routers Using...
Transcript of An Introduction to Firewalls and Routers Using...
![Page 1: An Introduction to Firewalls and Routers Using pfSensewnylug.org/wp-content/uploads/2009/08/firewall_introduction.pdf · Topics To Cover The Firewall And The Router pfSense - Overview](https://reader030.fdocuments.us/reader030/viewer/2022020120/5a7bb4457f8b9a0a668c4b86/html5/thumbnails/1.jpg)
An Introduction to Firewalls and Routers Using pfSense
Created for WNYLUG By Neal Chapman
08/12/2009
![Page 2: An Introduction to Firewalls and Routers Using pfSensewnylug.org/wp-content/uploads/2009/08/firewall_introduction.pdf · Topics To Cover The Firewall And The Router pfSense - Overview](https://reader030.fdocuments.us/reader030/viewer/2022020120/5a7bb4457f8b9a0a668c4b86/html5/thumbnails/2.jpg)
Topics To Cover
The Firewall And The RouterpfSense - OverviewWAN, LAN, DMZpfSense - Interfaces Blocking PortspfSense - RulesNetwork Address TranslationpfSense - NAT
Services - DHCPServices - Dynamic DNSServices - Load BalancerServices - PPTPServices - OpenVPNServices - Traffic ShapingDiagnosticsPackages
![Page 3: An Introduction to Firewalls and Routers Using pfSensewnylug.org/wp-content/uploads/2009/08/firewall_introduction.pdf · Topics To Cover The Firewall And The Router pfSense - Overview](https://reader030.fdocuments.us/reader030/viewer/2022020120/5a7bb4457f8b9a0a668c4b86/html5/thumbnails/3.jpg)
The Firewall And The Router
The Internet and complex private networks consist of many different smaller networksEven simple networks need a router Router moves data in and out of networksFocusing on routing networks to privateProtecting private networks with a firewallFiltering inbound trafficFiltering outbound trafficMonitoring traffic
![Page 4: An Introduction to Firewalls and Routers Using pfSensewnylug.org/wp-content/uploads/2009/08/firewall_introduction.pdf · Topics To Cover The Firewall And The Router pfSense - Overview](https://reader030.fdocuments.us/reader030/viewer/2022020120/5a7bb4457f8b9a0a668c4b86/html5/thumbnails/4.jpg)
![Page 5: An Introduction to Firewalls and Routers Using pfSensewnylug.org/wp-content/uploads/2009/08/firewall_introduction.pdf · Topics To Cover The Firewall And The Router pfSense - Overview](https://reader030.fdocuments.us/reader030/viewer/2022020120/5a7bb4457f8b9a0a668c4b86/html5/thumbnails/5.jpg)
pfSense - Overview
Features:Combined firewall and routerAdditional servicesInstalls on common hardware Console interface Web interface (first time setup)
General Setup Advanced Setup
![Page 6: An Introduction to Firewalls and Routers Using pfSensewnylug.org/wp-content/uploads/2009/08/firewall_introduction.pdf · Topics To Cover The Firewall And The Router pfSense - Overview](https://reader030.fdocuments.us/reader030/viewer/2022020120/5a7bb4457f8b9a0a668c4b86/html5/thumbnails/6.jpg)
pfSense - Console Interface
![Page 7: An Introduction to Firewalls and Routers Using pfSensewnylug.org/wp-content/uploads/2009/08/firewall_introduction.pdf · Topics To Cover The Firewall And The Router pfSense - Overview](https://reader030.fdocuments.us/reader030/viewer/2022020120/5a7bb4457f8b9a0a668c4b86/html5/thumbnails/7.jpg)
pfSense - Web Interface
![Page 8: An Introduction to Firewalls and Routers Using pfSensewnylug.org/wp-content/uploads/2009/08/firewall_introduction.pdf · Topics To Cover The Firewall And The Router pfSense - Overview](https://reader030.fdocuments.us/reader030/viewer/2022020120/5a7bb4457f8b9a0a668c4b86/html5/thumbnails/8.jpg)
WAN, LAN and DMZ
![Page 9: An Introduction to Firewalls and Routers Using pfSensewnylug.org/wp-content/uploads/2009/08/firewall_introduction.pdf · Topics To Cover The Firewall And The Router pfSense - Overview](https://reader030.fdocuments.us/reader030/viewer/2022020120/5a7bb4457f8b9a0a668c4b86/html5/thumbnails/9.jpg)
pfSense - Interfaces
![Page 10: An Introduction to Firewalls and Routers Using pfSensewnylug.org/wp-content/uploads/2009/08/firewall_introduction.pdf · Topics To Cover The Firewall And The Router pfSense - Overview](https://reader030.fdocuments.us/reader030/viewer/2022020120/5a7bb4457f8b9a0a668c4b86/html5/thumbnails/10.jpg)
Blocking Ports
What are ports?Inbound vs. outboundSome common ports:
20 FTP Data21 FTP Control22 SSH23 Telnet25 SMTP80 HTTP443 HTTPS3389 RDP/Terminal Services5900 VNC
Why block ports?
![Page 11: An Introduction to Firewalls and Routers Using pfSensewnylug.org/wp-content/uploads/2009/08/firewall_introduction.pdf · Topics To Cover The Firewall And The Router pfSense - Overview](https://reader030.fdocuments.us/reader030/viewer/2022020120/5a7bb4457f8b9a0a668c4b86/html5/thumbnails/11.jpg)
pfSense - Rules
![Page 12: An Introduction to Firewalls and Routers Using pfSensewnylug.org/wp-content/uploads/2009/08/firewall_introduction.pdf · Topics To Cover The Firewall And The Router pfSense - Overview](https://reader030.fdocuments.us/reader030/viewer/2022020120/5a7bb4457f8b9a0a668c4b86/html5/thumbnails/12.jpg)
Network Address Translation (NAT)
In computer networking, network address translation (NAT) is the process of modifying network address information in datagram packet headers while in transit across a traffic routing device for the purpose of remapping a given address space into another.Port forwarding1:1 Outbound
![Page 13: An Introduction to Firewalls and Routers Using pfSensewnylug.org/wp-content/uploads/2009/08/firewall_introduction.pdf · Topics To Cover The Firewall And The Router pfSense - Overview](https://reader030.fdocuments.us/reader030/viewer/2022020120/5a7bb4457f8b9a0a668c4b86/html5/thumbnails/13.jpg)
pfSense - Port Forward NAT
![Page 14: An Introduction to Firewalls and Routers Using pfSensewnylug.org/wp-content/uploads/2009/08/firewall_introduction.pdf · Topics To Cover The Firewall And The Router pfSense - Overview](https://reader030.fdocuments.us/reader030/viewer/2022020120/5a7bb4457f8b9a0a668c4b86/html5/thumbnails/14.jpg)
pfSense - Port Forward Rules
![Page 15: An Introduction to Firewalls and Routers Using pfSensewnylug.org/wp-content/uploads/2009/08/firewall_introduction.pdf · Topics To Cover The Firewall And The Router pfSense - Overview](https://reader030.fdocuments.us/reader030/viewer/2022020120/5a7bb4457f8b9a0a668c4b86/html5/thumbnails/15.jpg)
Services - DHCP
![Page 16: An Introduction to Firewalls and Routers Using pfSensewnylug.org/wp-content/uploads/2009/08/firewall_introduction.pdf · Topics To Cover The Firewall And The Router pfSense - Overview](https://reader030.fdocuments.us/reader030/viewer/2022020120/5a7bb4457f8b9a0a668c4b86/html5/thumbnails/16.jpg)
Services - Dynamic DNS
Configure dynamic DNS service such as DynDNSWork around for using a public host name on an ISP that provides dynamic IP addresses (DHCP)
![Page 17: An Introduction to Firewalls and Routers Using pfSensewnylug.org/wp-content/uploads/2009/08/firewall_introduction.pdf · Topics To Cover The Firewall And The Router pfSense - Overview](https://reader030.fdocuments.us/reader030/viewer/2022020120/5a7bb4457f8b9a0a668c4b86/html5/thumbnails/17.jpg)
Services - Load Balancing
Method for using multiple WAN connectionsSingle or multiple pfSense systemsLoad balancing - Traffic shared across multiple WAN connectionsFailover - WAN connection to switch to when a WAN connection fails
![Page 18: An Introduction to Firewalls and Routers Using pfSensewnylug.org/wp-content/uploads/2009/08/firewall_introduction.pdf · Topics To Cover The Firewall And The Router pfSense - Overview](https://reader030.fdocuments.us/reader030/viewer/2022020120/5a7bb4457f8b9a0a668c4b86/html5/thumbnails/18.jpg)
Services - VPN PPTP
The Point-to-Point Tunneling Protocol (PPTP) is a method for implementing virtual private networks. PPTP does not provide confidentiality or encryption; It relies on the protocol being tunneled to provide privacy. PPTP has been made obsolete by Layer 2 Tunneling Protocol (L2TP) and IPSec.
![Page 19: An Introduction to Firewalls and Routers Using pfSensewnylug.org/wp-content/uploads/2009/08/firewall_introduction.pdf · Topics To Cover The Firewall And The Router pfSense - Overview](https://reader030.fdocuments.us/reader030/viewer/2022020120/5a7bb4457f8b9a0a668c4b86/html5/thumbnails/19.jpg)
Services - VPN OpenVPN
OpenVPN is a free and open source virtual private network (VPN) program for creating point-to-point or server-to-multiclient encrypted tunnels between host computers. It is capable of establishing direct links between computers across network address translators (NATs) and firewalls. It was written by James Yonan and is published under the GNU General Public License (GPL).
![Page 20: An Introduction to Firewalls and Routers Using pfSensewnylug.org/wp-content/uploads/2009/08/firewall_introduction.pdf · Topics To Cover The Firewall And The Router pfSense - Overview](https://reader030.fdocuments.us/reader030/viewer/2022020120/5a7bb4457f8b9a0a668c4b86/html5/thumbnails/20.jpg)
Services - Traffic Shaper
Traffic shaping (also known as "packet shaping") is the control of computer network traffic in order to optimize or guarantee performance, lower latency, and/or increase usable bandwidth by delaying packets that meet certain criteria.Practicality
![Page 21: An Introduction to Firewalls and Routers Using pfSensewnylug.org/wp-content/uploads/2009/08/firewall_introduction.pdf · Topics To Cover The Firewall And The Router pfSense - Overview](https://reader030.fdocuments.us/reader030/viewer/2022020120/5a7bb4457f8b9a0a668c4b86/html5/thumbnails/21.jpg)
pfSense - Diagnostic Tools
DHCP leasesInterfacesLoad balencerQueues (traffic shaper)ServicesSystemARP tablePingTraceroutePacket capture RRD graphsTraffic graph
![Page 22: An Introduction to Firewalls and Routers Using pfSensewnylug.org/wp-content/uploads/2009/08/firewall_introduction.pdf · Topics To Cover The Firewall And The Router pfSense - Overview](https://reader030.fdocuments.us/reader030/viewer/2022020120/5a7bb4457f8b9a0a668c4b86/html5/thumbnails/22.jpg)
pfSense - Packages
pfSense can be expanded using packagesUseful packages:
Dashboard - Adds pfSense dashboardDarkstat - Network statistics gatherNTOP - Network probeSnort - Lightweight intrusion detection Squid - High performance web proxy