Setting up a pfSense firewall on an old PC with a DMZ (Demilitarized Zone)

 



Setting up a pfSense firewall on an old PC with a DMZ (Demilitarized Zone) is a great way to enhance your home network security, especially when dealing with services that need to be exposed to the internet. Here’s a step-by-step guide to install pfSense and configure a DMZ:


Before we go any further, let's take a look at a logical diagram:




Prerequisites

  1. Old PC Specifications:

    • Processor: 64-bit compatible CPU.
    • RAM: Minimum 2 GB (4 GB recommended for better performance).
    • Storage: At least 8 GB (SSD recommended).
    • Network Interfaces: Three NICs: One for WAN, one for LAN, and one for DMZ.
  2. Network Setup:

    • WAN: Connects to your ISP modem.
    • LAN: Connects to your internal network (switch or directly to computers).
    • DMZ: Connects to a separate network for publicly accessible services.
  3. Download pfSense:

  4. Create Bootable USB:

    • Use Rufus or balenaEtcher to create a bootable USB drive with the downloaded pfSense ISO.

Installation Steps

  1. Prepare the Old PC:

    • Connect the USB drive to the PC.
    • Connect a monitor and keyboard to the PC.
    • Power on the PC and enter BIOS/UEFI settings.
    • Set the USB drive as the primary boot device.
  2. Install pfSense:

    • Boot from the USB drive. You will see the pfSense boot menu.
    • Select “Install” and press Enter to start the installation process.
    • Follow the prompts to select the keyboard layout and continue.
    • Choose “Auto (UFS)” for guided disk partitioning.
    • Confirm the installation when prompted.
    • After installation, remove the USB drive and reboot the system.
  3. Initial Configuration:

    • On first boot, pfSense will prompt you to assign interfaces:
      • WAN: Choose the NIC connected to your ISP modem.
      • LAN: Choose the NIC connected to your internal network.
      • DMZ: Choose the NIC connected to your DMZ network.
    • Confirm the assignments.
  4. Access the Web Interface:

    • Connect a computer to the LAN network.
    • Open a web browser and navigate to http://192.168.1.1.
    • Log in with the default credentials:
      • Username: admin
      • Password: pfsense
    • Run the setup wizard to configure basic settings like hostname, domain, and DNS servers.

DMZ Configuration

  1. Create DMZ Network:

    • Go to Interfaces > Assignments.
    • Click “Add” to create a new interface for the DMZ.
    • Rename the interface to “DMZ” and enable it.
    • Assign a static IP address to the DMZ interface (e.g., 192.168.2.1/24).
  2. Configure DHCP for DMZ:

    • Go to Services > DHCP Server.
    • Select the “DMZ” tab.
    • Enable DHCP and set a range for the DMZ network (e.g., 192.168.2.10 to 192.168.2.100).
  3. Set Up Firewall Rules:

    • Go to Firewall > Rules.
    • Select the “DMZ” tab and add rules to allow or restrict traffic as needed.
      • Allow outgoing traffic from DMZ to WAN if needed.
      • Allow incoming traffic from WAN to specific services in the DMZ.
  4. NAT Configuration:

    • Go to Firewall > NAT > Port Forward.
    • Set up port forwarding rules to direct specific traffic from WAN to the DMZ.

Security Considerations

  • Regular Updates: Keep pfSense and its packages updated.
  • Limit Open Ports: Only open necessary ports on the DMZ to minimize security risks.
  • Monitor Logs: Regularly check logs for any suspicious activity.

Conclusion

By following these steps, you will have a fully functional pfSense firewall with a DMZ, providing a secure and flexible network environment. This setup is particularly useful for hosting web servers, game servers, or any other services that require exposure to the internet.











Comments

Popular posts from this blog

Configuring WireGuard on a MikroTik router

A secure and cost-effective SOHO (home office) network design.

One of the best tool for designing, deploying, and optimizing Wi-Fi networks across various industries