So you have 1 internet line that is being maxed out and your users are complaining that the internet is slow. Its the best line that you can get in terms of speed. What else can you do ?
Well as the old saying goes 2 heads are better than 1. The same is true for Internet lines.
I particularly like this one as its free. All you need is a VM or an old computer.
PFSense is a free fork of FreeBSD. It can be used as many things and this is a very simple application it is suited to.
So lets get on with it. I would rate this as fairly simple, Therefore I’m just giving you the important parts that you need to know. Remember to read the screens as they tell you most of what you need to know.
Step 1) Install the OS.
There are a few things to consider here.
1) Hardware or Virtual ?
2) Vlans or multiple Nic (Again hardware or virtual)
PFSense needs atleast 2 Networks to function correctly. These can be nic’s or vlans. In our case we need 3 networks. (This is the simplest way to look at it. You could do it with 2 but it can get confusing.)
It also doesn’t work very well on HyperV.
It will however with as little as a P4 single core, 512mb RAM and anything over 1GB of HDD space.
I’m using a old dell optiplex g755 with a core 2 duo and 2GB or RAM. I have about 400GB of internet traffic a month flowing through this box.
Quick and Easy sounds great. USE IT!
Installing and doing it’s thing!
Answer below. I think you’ll be hard pressed to not choose option 1.
This should all have happened in about 5 mins if that. Any longer than that and you have a very slow pc or a problem brewing.
Go ahead and reboot.
Step 2) Basic configuration.
This bit can be a tad confusing as different NIC’s are named differently in FreeBSD. In my case i have EMx NIC’s, i have seen them as ETHx also. But lucky for us it shows us what it can see.
If you can get the MAC addresses of the network cards so that we can get this correct first time.
If you don’t have them no sweat, we can figure it out later. You will need a DHCP server, most routers have this.
Those of you that need to use vlans and understand them you can assign the tags here.
If you don’t need vlans then its a n for you. see simple stuff. Again follow the prompts. see below.
At this stage you need to drive for a bit. You will need to assign a IP to your LAN port. Option 2 for that. If you have a dhcp on you WAN port you can use that.
Use this IP in a web browser to get to the console of pfsense.
From there you are greeted with a username and password field.
once we are in lets get it setup in record time.!
Hover your mouse over “System” select “Routing”. Then add a new gateway.
Fill out the needed data. WE WANT MONITORING. DONT TURN IT OFF!
Now go to the “Groups” TAB, then press the plus button to add a group. see below.
Now for the Magic!
Hover over “Firewall” and select “Rules”. Then select the “LAN” tab. It’s important you do this on the correct interface. Edit the Default allow all rule.
In the advanced setting change the outbound gateway to your new gateway.
Save and apply your changes.
See that your change reflect correctly.
We are now nearly finished.
You will need to do some minor configuration changes.
1) you would need to go back and configure the default WAN gateway correctly. eg. IP address if needed.
2) Enable interface OPT1. However over interfaces to see the interfaces you have.
3) those of us that need VLAN’s, “Interfaces” select “assign”. Then Vlan tab.
4) If you have issues with sites that make session cookies based on IP address. EG. Banking sites.
You can turn on sticky connections for load balancing which seems to work on Gateway groups.
This should have you up and running,
Use this are the default gateway on your client computers and your good to go.
Those that are in a workplace you may need to look at adding in the squid package under “System” > “packages”.