Firewall - PFSense
Description
You will experiment with a Firewall in this lab. Use your pfsense machine. You can always use my cloning script located at github If you don’t use my cloning script, make sure that you boot pfsense with the dualnic option. (This is only available via the command-line ant NOT the web interface). I am making the assumption that Kali is running at 192.168.1.2 and PFsense at 192.168.1.1 (plus it will also have a public ip)
Make sure the Kali can ping the pfsense machine. From your Kali machine, you should be able to open a webpage to 192.168.1.1 and login with the default of admin and pfsense.
Rules
Create a rule that will apply to your WAN network:
- I don’t like accessing the pfsense web page from inside a vm. Configure a rule to allow access to port 80 of your pfsense machine from anywhere on your WAN network. You should be able to prove this works by now accessing the public ip of your kali machine from any browser and logging in.
- Also allow pings from anywhere to your pfsense machine
Create several rules that will apply to your LAN network:
- Block outgoing pings from your LAN network (this will not block outgoing IPV6 because we aren’t forcing IPV6 through the pfsense gateway). So you will have to test it with an ipv4 address.
- Block outgoing access to
utahtech.eduon port 80 and 443. (Since this isn’t an ip address, add an alias for it) - Create a schedule of that will block all outgoing web access during a certain time. (You choose what time)
Test all your rules!!!
NAT
Appropriately configure port forwarding so that when trying to ssh to port 2786 of the pfsense machine on the WAN side, it will redirect you to the Kali instance (may have to enable ssh on Kali). This is under the Firewall->NAT option. To test this, you should be able to ssh to port 2786 of your pfsens machine and it will take you to your kali machine. (Hint: The ssh command can receive a -p option to specify what port it should connect to instead of 22)
TO pass off
Take screenshots of your rules and schedules page. Put your screenshots in a single pdf and upload to canvas.
Last Updated 12/30/2022