Basic Setup and Configuring pfsense Firewall Rules For Home

Подписаться 331 тыс.

Просмотров 350 тыс.

50% 1

lawrence.video/pfsense
Official Netgate pfsense documentation on firewall rules
docs.netgate.com/pfsense/en/l...
Getting Stared with pfsense firewall rules
• Getting Started With p...
How To Setup VLANS With pfsense & UniFI. Also how to build for firewall rules for VLANS in pfsense
• How To Setup VLANS Wit...
Office Network Design and Planning with VLANs, LLDP, Rules, IoT, Guest using UniFi & pfsense
• Office Network Design ...
How To Setup pfsense OpenVPN Policy Routing With Kill Switch Using A Privacy VPN
• How To Setup pfsense O...
Tutorial: pfsense Wireguard For Remote Access
• Tutorial: pfsense Wire...
Connecting With Us
---------------------------------------------------
+ Hire Us For A Project: lawrencesystems.com/hire-us/
+ Tom Twitter 🐦 / tomlawrencetech
+ Our Web Site www.lawrencesystems.com/
+ Our Forums forums.lawrencesystems.com/
+ Instagram / lawrencesystems
+ Facebook / lawrencesystems
+ GitHub github.com/lawrencesystems/
+ Discord / discord
Lawrence Systems Shirts and Swag
---------------------------------------------------
►👕 lawrence.video/swag
AFFILIATES & REFERRAL LINKS
---------------------------------------------------
Amazon Affiliate Store
🛒 www.amazon.com/shop/lawrences...
UniFi Affiliate Link
🛒 store.ui.com?a_aid=LTS
All Of Our Affiliates that help us out and can get you discounts!
🛒 lawrencesystems.com/partners-...
Gear we use on Kit
🛒 kit.co/lawrencesystems
Use OfferCode LTSERVICES to get 5% off your order at
🛒 lawrence.video/techsupplydirect
Digital Ocean Offer Code
🛒 m.do.co/c/85de8d181725
HostiFi UniFi Cloud Hosting Service
🛒 hostifi.net/?via=lawrencesystems
Protect you privacy with a VPN from Private Internet Access
🛒 www.privateinternetaccess.com...
Patreon
💰 / lawrencesystems
⏱️ Timestamps ⏱️
00:00 pfsense Home Firewall Rules
02:00 Diagrams.net Devices & Networks
06:30 pfsense NAT rules
07:04 WAN Firewall Rules
08:16 IOT & LAN Rules
#pfsense #Firewall #Security

Наука

Опубликовано:

28 июн 2024

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист

Посмотреть позже

Комментарии : 343

@LAWRENCESYSTEMS 2 года назад

Official Netgate pfsense documentation on firewall rules docs.netgate.com/pfsense/en/latest/firewall/rule-methodology.html LTS Curated pfsense Tutorials lawrence.technology/pfsense/ Getting Stared with pfsense firewall rules ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE-eb1pTs7XamA.html How To Setup VLANS With pfsense & UniFI. Also how to build for firewall rules for VLANS in pfsense ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE-b2w1Ywt081o.html Office Network Design and Planning with VLANs, LLDP, Rules, IoT, Guest using UniFi & pfsense ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE-ouARr-4chJ8.html How To Setup pfsense OpenVPN Policy Routing With Kill Switch Using A Privacy VPN ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE-ulRgecz0UsQ.html Tutorial: pfsense Wireguard For Remote Access ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE-8jQ5UE_7xds.html ⏱ Timestamps ⏱ 00:00 pfsense Home Firewall Rules 02:00 Diagrams.net Devices & Networks 06:30 pfsense NAT rules 07:04 WAN Firewall Rules 08:16 IOT & LAN Rules

@thegrimreever 2 года назад

Just wanted to drop a comment and thank you for all of your content. You are consistently putting out relevant, detailed videos and I hope it never slows down. This channel is a wealth of information and it just keeps coming. I’m blown away at how much content you are able to put out, and it’s all SO good! Thanks so much for all that you do. It has helped me take my home network and homelab to a whole new level!

@gonace 2 года назад

To be fair "what rules you need" is depending on what you do on your network, love these videos, you guys explains things in an easy way to understand.

@tranthien3932 2 года назад

NSFW LAN as the most important category. You truly a man of culture. Thank you Tom

@sriran1588 2 года назад

Most awaited video especially after the pandemic where most of us started WFH. Watching your videos I have setup a home brew pfsense box and UAP AC Pro with multi WiFi VLANs for IOT, Work, Study and Guest. This video will help us to fine tune the rules.

@MactelecomNetworks 2 года назад

Great video Tom . Love seeing how others do their rules

@loco_latino1498 2 года назад

Excellent video. Entering the networking and security analyst field, this has been an interesting experience setting pfsense up for home. Great to see I'm on the right path. 😁

@CmdrStukov 2 года назад

Thanks! I will be watching and re-watching this video as I scale out my network. I am running Suricata and pfBlockerNG but sometimes feel overwhelmed with all the activity - your other videos have been very helpful Tom. Again, many thanks

@ag100pct 2 года назад

Another excellent video. I like how you covered your segmentation and the rationale behind it also. I picked up a few things just in how you used all the aliases to make life easier. Thank you for sharing.

@mysticsilent 2 года назад

Nice video, this confirms my same thought about securing my own home network the same way. Thanks for your great content and best wishes for 2022!

@Dreamshadow1977 Год назад

Thank you for this. Was struggling with configuring pfsense because my only firewall experience was with corporate firewall software. Seeing your rule configuration just made it click!

@HHX_H 2 года назад

Thanks you updating this !!! Absolute Pfsense Guru !

@Deraco1 2 года назад

Always like your videos. I created some test phone servers and decided to be best on its own network. Happy that I did especially when I was wanting to do some port forwards (I know, not the best) to call my phone system from anywhere. Now I got OpenVPN setup and toying with it. Your one of the main guys that got me looking more into pfSense coming from a EdgeRouter-X, loving it

@marcvasey2123 2 года назад

Very interesting to see how your rules are configured! One thing I noted that I'd do differently would be the rules for the NSFW lan - personally I configure an alias for RFC1918 subnets and create an allow rule to the inverse of that alias, rather than creating block rules for each network and having an allow all. Just means if you add any other networks in future you don't need to specifically block them as they're already covered in that private address space. Great video either way! -Marc

@davejoseph5615 Год назад

Isn't the RFC1918 rule only applied to the WAN port? There is a checkbox at the bottom of the Interfaces/WAN page.

@IndyColts1987 Год назад

he means creating his own alias based on that RFC so he can reference it in his firewall rules.

@wernerdebijl1885 2 года назад

LOve that you pickup these pfsense series with more interesting video's. Keep 'm coming. Thanks

@vitorhugobarbosa2456 6 месяцев назад

Hi Laurence you are a reference abroad for me, your knowledge is precious, and exactly that the fact that you explain things easily and right to the point.

@RedBlueLabs 2 года назад

I really appreciate the content that you make. It is straight forward and you do a great job of explaining. Thanks :)

@davidbrowningCodeMix 2 года назад

Hi Tom, I was way overthinking this! Thanks so much for freeing my mind.

@gegounaris 2 года назад

Another to the point video from Lawrence! Great stuff... Thank you!

@DrewMarshall0750 2 года назад

Thanks for another great video! It helped me setting some things I was mulling over with my current setup!

@iJamesGC 2 года назад

WOW! You are good! I was just looking at another video for setting up pfsense firewall rules.

@BillyDickson 2 года назад

Thanks Tom, great video, looking forward to more in 2021.

@turcoscorner 2 года назад

Tom, you can setup the Synology NAS to act as a NTP server, and configure the cameras to use the Synology for NTP. That's how I have setup for customers and my house. Thank you for your videos btw!

@LAWRENCESYSTEMS 2 года назад

Yes, that is correct, but I chose to use pfsense instead.

@MichaelSmith-fg8xh 2 года назад

Is it better to have firewall rules like: Tom: specific block rule, anything else is allowed Suggestion: specific rule to allow, deny anything else (that wasn't caught by a previous rule)

@TulioCamargo179 2 года назад

This is all in my to-do-list hehe. Great video Tom.

@AngryDadTech 2 года назад

This is a great video. I have a 6100 to play with and eventually replace my UDMP once I have it setup how I want it. This will be a great starting place. Was wondering if you would do either a forum post or video on expanding this to pfsense rules to use in a multi tenant business center or SMB

@KegRaider 11 месяцев назад

Under-rated and under subscribed channel. Fixed that for myself! Liked and subscribed, looking forward to binge watching your stuff. Cheers mate.

@LAWRENCESYSTEMS 11 месяцев назад

Awesome, thank you!

@LBCAndrew 2 года назад

This is exactly what i've been needing. After being fed up with crappy consumer grade routers, I first looked into running OpenWRT on x85 hardware when someone mentioned to look at PFSense. I've been running it for two weeks now on a preliminary hardware build and have been both pleased and overwhelmed by its ability and complexity. I've got a Lenovo M900 Tiny coming tomorrow which i'll be modifying to use a second NIC, and this video will come in handy.

@jaxwylde2139 2 года назад

Is there a slot for a second Ethernet NIC on the M900 Tiny, or will you be doing this via USB 3.0 NIC? I've got a similar tiny PC (HP EliteDesk 800 G2 mini), where I use a Proxmox server (to play around with Docker, LXC's, VM's, etc.). Was considering getting another mini PC, but need one that has option for 2 ethernet NICs. Cheers!!

@clintbishop9145 2 года назад

@@jaxwylde2139 I think your overthinking the situation. Pickup a refurb'd Dell or HP SFF with an i5-4590, add in 4 or 8 GB and a 4 port nic and then enable PowerD once installed.

@jaxwylde2139 2 года назад

@@clintbishop9145 I'm not overthinking it. Depends on what you're after. I already have a Dell SFF (790), but wanted something smaller with lower power consumption (that isn't an Rpi) and is more versatile than one of those dual-nic Chinese mini pc boxes). I'll look a bit more into PowerD (haven't used it before) to see if it will provide the lower power usage I'm looking for.

@mikescott4008 2 года назад

Many thanks. Looking to review pfsense again as an alternative to Untangle / Sophos XG.

@Spfinator 2 года назад

Well, I now have work to do. Thanks, Tom!

@notta3d 2 года назад

Great video. I was hoping you would make a video like this. Thanks!

@gregsh303 2 года назад

Great content but just a warning about Wemo light switches and the block firewall rule Tom mentions. You must enable ICMP to your firewall in order for your Wemo Light Switches to stop flashing red. Thanks!

@musicinsession Год назад

I love this guy's channel!! Subbed!!

@LAWRENCESYSTEMS Год назад

THanks

@hnguk 2 года назад

Interesting that you put the IoT, Guest and Standard Home devices on the same network. For my setup I have IoT on it's own network with very limited connectivity and QoS setup so that it can't use all my bandwidth.

@GrishTech 2 года назад

Do you use limiters or ATLQ?

@samsampier7147 2 года назад

Ubiquiti wireless is really nice. You can create bandwidth limits on each ssid no qos required.

@GrishTech 2 года назад

@@samsampier7147 what if you want dynamic QoS? Being able to provide bandwidth when it’s available instead of limiting it to a fixed number?

@hnguk 2 года назад

@@GrishTech For the IoT network specifically I use limiters as I never want it to saturate my whole network. 50 down and 3 up. 10% of my provided speed.

@hnguk 2 года назад

@@samsampier7147 That's great for wireless but does not limit wired

@jimpanse6556 2 года назад

Good sum up, thanks alot! How would you handle a home network PC that is gaming machine and admin PC for home and other family networks (external) at the same time?

@SyberPrepper 2 года назад

Excellent video Tom. This information is very appreciated. I would love to hear more about you binding your admin interfaces. I didn't really understand how you do that. Thanks!

@LAWRENCESYSTEMS 2 года назад

That is done on a per device basis, I will be making one on Synology soon because they have a more complex way of doing it.

@SyberPrepper 2 года назад

@@LAWRENCESYSTEMS That would be great. I'll do some research myself as well. Sometimes it's hard to know what question to ask, so your videos are very helpful.

@mynightoff 2 года назад

@@LAWRENCESYSTEMS Great video Tom - I have a similar set up to the one you described and had the same question about Synology admin interfaces (want to make Plex available to IoT but not the admin interfaces of course). Many thanks for what you're doing.

@jasonperry6046 2 года назад

Thanks for the video Tom. Every time I watch a video like this it always seems to be on a dream machine, and every time I think I wish someone would do one on pfsense, so thank you. My question though do you have a different SSID for each vlan? Also you mentioned locking down the admin interfaces, I would be interested in seeing the steps you go through to make sure it is locked down.

@LAWRENCESYSTEMS 2 года назад

Yes, separate SSID and simply pinging from each network to see if it can hit other networks.

@scbtripwire 2 года назад

I recently bought myself an SG-2100, quite happy so far. 🙂 I realized when setting it up that I don't need to bog it down with Snort or Suricata if all I'm doing is blocking, so pfBlockerNG has been good enough for me. 🙂 My connection seems a bit slower than it used to be though, at least when establishing connections, but I'm guessing that's pfBlockerNG doing its job.

@IndianaDiy 2 года назад

I was looking at getting the 2100 for my home office network. I was curious how good they really are? Any hardware failures?

@michaelp.caputo8190 2 года назад

Another great video. Since this was a home network setup where would you put the other family member pc’s and also what if you have cloud based cameras like wyze. They would need internet access

@muchada1 2 года назад

Pure entertainment and informative 👏🏿👏🏿👏🏿

@JeppoTheWrecker 2 года назад

Hi Tom, I would be interested in a video on your Synology setup you mentioned. I currently have my Synology on the trusted network, but would like to have the video and music content available on the IOT network. I have setup a netgate and unify network using your videos, but the Synology side would be helpful as well. Steven

@rcobsesssed 2 года назад

I second this request!

@wernerdebijl1885 2 года назад

me too

@pgtt2008 2 года назад

I never thought of a Phone as an IoT device but I see your point.

@Phelper99 2 года назад

Imagine at work if your entire desktop support and IT support infrastructure went away. That's what will happen when I spontaneously combust. My poor wife and kids, my servers, my vlans, my homeassistant, my smart home... I love the hobby, tinkering with all this stuff, but at middle age, I do seriously wonder what will happen to it all when I'm gone. I spent months getting my Sh1+ out of the cloud, mostly hosted locally. Hope I can teach my kids how it all works. Not meant to be morbid or anything, but something I am cognizant of. Tom, thanks for these videos. I learned on M. Furneaux's videos, and you've keep me current since. Thanks so much. Edit: I'm sure they'll recover. They'll have it all hosted on Amazon in the cloud :)

@TumescentPuma 2 года назад

Very big Doh moment seeing your Separator with Documentation WAN rules. I have been using PFSense for about 6 years and never thought of this.

@LAWRENCESYSTEMS 2 года назад

We use them a lot with larger more complex firewall configurations.

@chrisbaksa 2 года назад

Great video Tom. I always learn something new whenever I watch one of your Videos. Question do you have any issues with pfSense and wi-fi calling (from your cell)?

@jamesbelding2950 2 года назад

This was great. I would love to see this using untangle

@rkhanso 2 года назад

Tom, would you make a video like this for Untangle? I know the theory would it be pretty much the same, but it may be helpful for many using Untangle.

@chaostv3795 Год назад

This Video helped me a lot. Thank you

@nonkelsue 2 года назад

Great video, thanks! Would love to know more on how you combine pfSense with a Unifi Controller such as a UDM Pro. I have been using pfSense in the past, and now using the UDM Pro as router, however would like to reverse that without losing the UDM Pro in my network. A video on that would be appreciated!

@Cole987Turner 10 месяцев назад

Just create new networks and use "vlan only" so theese are networks, where the "router" inside the UDM is not involved. But keep in mind, that the unify accesspoints can only forward "udm" routed networks OR vlan netsworks. Not both. Just for test: choose an ap, remove all associated networks from it. Select a VLAN only network and create a new switch profile with mit! Make sure, that only tagged networks are selected. assign that network to your accesspoint and assign the "only tagged" switchprofile on the SWITCH pointing to your pfsense. Create that VLAN in PFSENSE, assign interface, enable dhcp server, make rules. Done :)

@christostsekas8795 Год назад

Hello Tom! Thank you for your great content! What would be the best method to block anydesk, teamviewer & other remote access aps using pfsense?

@mr.needmoremhz4148 2 года назад

Great Video ! I'm going to get Pfsense and a netgate box probably (or build something).Fibre to the home has finally arrived where i live with symmetric Gigabit and 10 Gigabit (later) speeds. So i might as well upgrade my router and configure my switches and AP's for it. I have a Netgear select partnered retailer in the street i live and with a future SOHO in mind this may be the best option. Any advice regarding netgate appliances (6100 or 1537 or ...) ?

@geoncic 2 года назад

Great video and content, I've learned loads from you. I really appreciate it. Do you have any videos of how you manage the routing on the devices themselves? How you bind certain traffic to a specific interface?

@wernerdebijl1885 2 года назад

I would love to see that too. Example configuring Synology etc.

@LAWRENCESYSTEMS 2 года назад

Each device has heir own way of doing it.

@devopshelper Год назад

I'm a fan of pfsense, hands down best in the Industry U can use it in ISPs, IXPs, and simple home networks, but for a home network, that sophos home edition is also a nice piece

@mrcrackerist 2 года назад

I generally split the wifi, cable and tv on to there on lan as I am the only one using the cable lan.

@PowerUsr1 2 года назад

Just to add to this, at the end of my rules for my Wifi network or DMZ network I have a deny any to destination 'RFC1918'. RFC1918 is an alias that has all 3x private networks in there. I do have a mixture of denies mixed in with my permits so this is really just a catch all. Then the last rule in my policy is a permit any/any.

@houseeverything 2 года назад

I would sure love to know how to setup a rule from openVPN to my emby server! I am assuming I am missing a port forwarding from 1194 to 8096. My openVPN works great and can connect to my NAS and everything, but cannot connect to my emby server! Love your videos by the way!

@hwansu_ 2 года назад

Super informative video, thank you! Curious about your thoughts on notifications for cameras? If there's movement or something, would you still get notified if you're out of the house? Would love to learn more about the Synology rules you have set up as well. Thank you!

@LAWRENCESYSTEMS 2 года назад

The Synology does the notifications ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE-x-Ju4UM0Gfg.html

@BrianThomas 2 года назад

@@LAWRENCESYSTEMS What you don't have Synology? What if it's a Reolink NVR? Would the same thing apply?

@ChristopherDopp 2 года назад

Thanks Tom!

@MrGAZZAband 2 года назад

Hi Lawrence this was a great video and very helpful. I have just set up the latest version of pfsense in my home using a custom built PC and am playing with rules, schedules, OpenVPN etc. I have a specific question about content filtering especially for mobile phones and tablets connected to wifi and also Amazon Echo devices. I want to be able to filter content specifically spotify from playing adult content. I know I can block RU-vid but is there any way I can still allow these streaming services but pfsense can detect if the content is of an adult nature and prevent this streaming? In other words I still want the kids to be able to access RU-vid, Spotify etc. but be able to set a rule to make sure the content is not explicit. I hope that makes sense. Thanks

@thorflea2 3 месяца назад

I love your videos. My question is how to prevent devices like my refrigerator and TVs from scanning the netowork for other devices and information the same interface.

@evancatlin1839 2 года назад

Do you have a video showing this same information but for UDM or UDMP? I’m running a UDM at home and would love to know how someone who lives in that world would set them up.

@CHLEE-ou6ub 2 года назад

Great Video Tom Quick question @9:15 if I may, since we are inside "NSFW_LAN" Rules, is it necessary to specify "Source=NSFW_LAN" for this Block rule? or we can leave it as "Source= *" ? Thanks you Tom, and an advance Happy New Year

@LAWRENCESYSTEMS 2 года назад

There is a difference in specific use cases www.reddit.com/r/PFSENSE/comments/rn0nej/firewall_rules_source_ip_any_vs_interface_name_net/

@samo9288 2 года назад

Could you please do a tutorial on binding interfaces the way you did with the synology server?

@LAWRENCESYSTEMS 2 года назад

On my to-do list

@frankkesel7252 2 года назад

it would have been nice to add a printer that needs to be accessed by guess and work network

@pstgh 3 месяца назад

Pretty cool setup- I guess you run separate switches and a separate wifi access point(s) connected to separate interfaces for each of these networks, right? I am running a Protectli 4-port box and have an interface designated for PIA in addition to WAN and LAN. Thanks.

@Cowclops 2 года назад

Not identical but your setup is surprisingly similar to my home network (pfsense, truenas, most stuff goes on the "IoT" network, but my personal desktop and server/management interfaces are on a separate network. I also have my openvpn subnet which you land on when you vpn in, basically has open access but since it needs authentication thats ok.

@asis-vo1rx 2 года назад

Thank you very much for the video Tom. Is there any reason in particular why you put the "NSFW_LAN net" as the source for blocks instead of using any/wildcard?

@LAWRENCESYSTEMS 2 года назад

Because it's sourcing from that network, and yes I know it will work without it.

@susugar3338 2 года назад

I really recommend that you should have a home firewall. I already set up a pfsense router after Hikvision's Camera exploit. Hardware to run pfsense is very cheap and popular. If you want to know about my set up, there's some details: I boutght an old itx mainboard (for just 35$) that has: dual-gigabit ethernet port: just enought CPU Atom D2550 2 cores 1.86Ghz 4 threads : Its OK for a internet connection below 500Mbps! RAM 2GB DDR3: the fact it just use 16%. Configuration: Firewall block all connections from Access points, IP cameras and DVR to Internet( i dont want them become a part of a botnet or expose camera records to internet), OpenVPN Server for viewing cameras from internet, opening 2 port for OpenVPN and HomeAssistant. Guest's Network is on subnet of IPS's router. If you think that "IPS's router is also has firewall...". NO, they are really bad, lack of advanced configuration, never get firmware update and God know that whether they are safe from log4j exploit or something like that :)

@LeeSteventon 2 года назад

@Lawrence Systems - great video as always Tom. A quick question on ISP modems and Bridging - if an ISP offers to provide their modem in bridging mode, it's my understanding that this essentially "disables" all NAT and firewall functions on the modem and it just passes through without any checks the public IP address. Is that correct? If so, then connecting this bridged modem to a port of a Netgate device would mean that the public IP (assume for this discussion it's a static one) is directly applied to the port (configured then as WAN) on the Netgate device, and the Netgate device now needs to handle the NATting and all other functions that the modem would usually handle. Is that right?

@LAWRENCESYSTEMS 2 года назад

Yes

@dimaj1 2 года назад

Yet another awesome video! Thanks Tom! One question: why would you have the same "block access to firewall" on all interfaces instead of creating a floating rule that'll cover all interfaces?

@LAWRENCESYSTEMS 2 года назад

The use of inbound and outbound floating filtering makes designing the rules more complex and prone to user error. docs.netgate.com/pfsense/en/latest/firewall/floating-rules.html

@dimaj1 2 года назад

Thanks! Happy New Year!

@daninmanchester 2 года назад

Interesting I have slightly different approach. I put my cameras in my IoT network (whihc has no internet) and then have a "requires internet" alias for specific devices that I allow internet access (e.g. TV, Roku, etc). I find this easier as then I have a separate SSID / VLAN for guests and anyone who gets the password can then just access the internet and nothing else and it requires little to no management. I am however routing over pfSense for everything. It's not too taxing (even SMB easily hits 1Gig) but I think I need to add VLANS to my XCP-NG servers so I can create multiple interfaces like you have for synology to avoid unnecessary pfSense traffic. It would likely only be an issue if I went to 10Gb .... which would be a nice problem to have.

@Dwenger 2 года назад

I like your security concept. How would you reach an ubiquiti cloud key with cams connected in the cam lan with the unifi protect App from the NSFW_LAN? The Unifi Protect App scans only its own subnet.

@danberglund7785 2 года назад

Tom is talking about running cam server on a Synology (Surveillance station). Therefore he can have one interface of the Synology in cam lan. If you were to run Unifi cameras on cam lan and have Protect run on NSFW_LAN you would need to open the firewall to the specific IP address of the cloud key. If you adopt the cameras in the NSWF_LAN and then move them to the cam lan they will get correct IP addresses in the cam lan and still be found by Protect.

@FayazAnwardeen 2 года назад

Hi, just wanted to know if you need to insert a pi-hole into this network where will you place it and will routing all internet traffic through this device be a security risk?

@pascal1287 Год назад

Hello from the UK - Great video as always! question for your NSFW, would you recommend using a DNS redirect rule to avoid client machines attempting to connect to their own DNS and redirect to the router DNS? or too much bother for the potetnial benifits? Thanks

@Monarchias Год назад

Hi! My understanding, if you configure pfsense General setup menu Dns, you can still configure each Lan interface and even VLan interface in the DHCP section to give a different dns IP address then what is been configured in the General setup. Which is very handy, if you want to use a pi-hole for example on one of your subnets.

@nandurx 2 года назад

Thanks for video. Going to make some changes in VLAN. Question though, how do I put truenas management access on one vlan and sharing on other. I believe that's what you were saying. I would like to access my truenas from main pc but allow my tv to see content from NAS who is on different vlan.

@clintbishop9145 2 года назад

I think you have managed switch? If so, assign your devices to the required vlans (multiple, if needing access to different vlans) and change your pc to be trunk (access all vlans)

@tg9754 Год назад

Great video. Do you have a newer video that includes making Pfsence more secure for a small business?

@LAWRENCESYSTEMS Год назад

This applies to small biz as well.

@richardk186 Год назад

Would you consider a video detailing the connections and network configurations with your Synology NAS to your private and NSFW networks?

@LAWRENCESYSTEMS Год назад

Already have that ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE-A1I1k9Nct-A.html

@TheInternalNet 2 года назад

Long time viewer. This is the perfect video. Please expand on this. Part of the home lab series.

@wernerdebijl1885 2 года назад

I second that. Make it a series

@ForbiddenUser403 Год назад

You see to have used pfsense quite a bit, how would you say it compares to the flexibility and feature sets of Mikrotik's RouterOS?

@C650101 Год назад

Can you do a video on how to connect an external WIFI AP to PF sense router and have some wifi conected devices go to separate networks? Something is wrong with mine. I give devices a static ip on one subnet but they sometimes get a connection on the wrong one.

@cdm297 2 года назад

Excellent Video 🙂

@numberiforgot 2 года назад

I’ve had some trouble with pfsense flagging non alarming activity in the past. It can be tricky to configure if you’re on the web a lot.

@williamvangundy3358 2 года назад

Great video. Can I implement any of these rules with my UDM or do I need to upgrade to adding a PFsense to my home system?

@wernerdebijl1885 2 года назад

I think most can be done on a UDMP. But I don't think you can create rules for systems to go out through PIA VPN as Tom has done. I upgraded to pfsense from a UDMP and it works perfectly. But it has a bit of a learning curve. Tom's video's will help you.

@LAWRENCESYSTEMS 2 года назад

The UDM supports firewall rules, but not everything I did in this video.

@ianjharris 2 года назад

Just noticed that you use signal to get business messages, hey that is pretty cool.

@LAWRENCESYSTEMS 2 года назад

Best way to communicate something securely.

@ivantufa 9 месяцев назад

This is one of the best tutorials I have ever seen. Thanks a lot. I have two questions: 1. How Synology will do update? Maybe I missed that part, sorry if that is a case, 2. How your phones will sync/backup photos to Synology? Phones are on NSFW LAN and devices assigned to that interface cannot see CAMLAN. If I have this use case, what is best approach?

@LAWRENCESYSTEMS 9 месяцев назад

On the CAM LAN the Synology DOES have internet access, but the other devices do not. Creating an allow rule just for the phone being allowed to talk to the Synology would be a solution.

@ChristianMcDonald 2 года назад

Nice!

@muchada1 2 года назад

I know Open VPN will drop the Connection if the connecting device does not have the correct TLS key . Does wireguard behave the same way if the public 🔑 does not match ?

@andretenreiro Год назад

Do you have any video that you speak about the pfSense features? How does pfSense compares with DD-WRT for Home use?

@LAWRENCESYSTEMS Год назад

I don't use Dd-wrt so can't really compare

@thejjjwils 2 года назад

Ive not worked out what it is but for me NFS shares on different subnets to my Synology NAS dont work very well (they hang) so I have to make sure my NFS clients sit on the same subnet. Im not sure if its Synology, NFS, or pfSense - the simple solution was to avoid it.

@rllove016148 2 года назад

Hey! Thanks for the video. You mentioned you have no NAT configuration on the FW. Do you use Plex outside of your home? I thought we had to allow plex through over a specific port for it to work outside of the home. I was curious as to what you may have done here. Thank you.

@LAWRENCESYSTEMS 2 года назад

I use a VPN

@rllove016148 2 года назад

@@LAWRENCESYSTEMS Thanks!

@superdoug213 2 года назад

Great vid thanks Tom! You mentioned Plex server in the beginning but I didn’t see any further reference to it. Don’t you need to have a port open for that? Or is it only local. If you have an open port for Plex, what rules could you apply to mitigate the open port?

@LAWRENCESYSTEMS 2 года назад

Only local

@therealb888 2 года назад

Anyway to use the colorscheme or theme used in the thumbnail?

@BrianThomas 2 года назад

Great video. So what if you have a ton of single board computers? I have a friend that i was helping, and he has pretty much the same thing mentioned in the video, but he also has a ton of raspberry pi's and other single board computers for various things. Some of which are IOT (and that makes sense where they should go), but not so much about some of the other devices like Zabbix, ip phone systems. What would you suggest?

@LAWRENCESYSTEMS 2 года назад

Zabbix and other servers could go on the network that I called LTS_Tom in the video

@shamsugrace 2 года назад

Can we integrate the pfsense with PMS system like Opera ?

@AndrewDubas 2 года назад

I have a UDM Pro. How can I run that UDMP behind PFSense as the firewall. I'd like UDMP for wifi and cameras (protect) but would like to use PFsense as firewall. What is the best way to accomplish this.

@renalshomlmes338 2 года назад

So since your cameras are on a separate segment without internet, you are not interested in any kind of alarm notifications?

@LAWRENCESYSTEMS 2 года назад

That is done via the Synology, not the cameras.

@dbxyzoo 2 года назад

Great video as always, just a quick question you did a video a while back on setting up multiple lans on pfsense but I can't seem to find it, you wouldn't happen to have a link to it by any chance?

@LAWRENCESYSTEMS 2 года назад

Check the video description where I put a list of related pfsense videos.

@dbxyzoo 2 года назад

@@LAWRENCESYSTEMS This is the one I was looking for ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE-HW9mUrF1ZgU.html&ab_channel=LawrenceSystems

@skipfrog11 2 года назад

So after creating networks, how do you connect devices to a specified network in PfSense?

@LAWRENCESYSTEMS 2 года назад

VLANs and UniFi ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE-b2w1Ywt081o.html

@firmanagus7241 2 месяца назад

Sir, how do I direct the speedtest on Multiwan to a specific ISP?

@DavidCNavas 2 года назад

Security was never my thing -- the first job I ever turned down was in security :| Is it really better to hard-connect an interface of your NAS to your iot network rather than going through the trouble of configuring pimd (dlna/sonos/whatever?) and avahi(mdns/chromecast?) and figuring out how to properly lock down multicast? I admit to having gone back and forth on this one, but the security environment around my particular nas brand isn't making me feel particularly safe about using it to lock down access by app....