Firewall Archives - Geek is the Way!

Accessing ISP equipment/Modem from local network

Thiago Crepaldi — Fri, 16 Dec 2022 21:12:25 +0000

Most Internet Service Providers (ISP) install devices in our houses, such as a cable/DSL modems or a ONT/ONU for optical, which have a web interfaces on a private IP address of its own. Since the device is not connected to any port of your local network switch, and therefore, sit outside your your network, accessing...

The post Accessing ISP equipment/Modem from local network appeared first on Geek is the Way!.

How to create a DMZ network using VLANs on pfSense

Thiago Crepaldi — Sun, 16 Oct 2022 23:51:48 +0000

DMZ (aka Demilitarized Zone) network as defined by Wikipedia “is a physical or logical subnetwork that contains and exposes an organization’s external-facing services to an untrusted, usually larger, network such as the Internet”. The purpose is to add an additional layer of security by separating what is exposed a public service in the DMZ, while the rest of...

The post How to create a DMZ network using VLANs on pfSense appeared first on Geek is the Way!.

Routing specific websites through your VPN gateway using pfSense

Thiago Crepaldi — Thu, 22 Apr 2021 01:22:14 +0000

For those who followed my previous post on how to configure a VPN client on pfSense, one cool application for it is to route only specific websites through the VPN while the rest of the traffic goes through the default ISP gateway, as usual. That is interesting when you want to use an IP from...

The post Routing specific websites through your VPN gateway using pfSense appeared first on Geek is the Way!.

Creating RFC1918 alias for Firewall rules

Thiago Crepaldi — Wed, 23 Dec 2020 16:46:51 +0000

From time to time, I need to reference the use of a IP alias called RFC1918 to separate traffic from local network from other (aka “Internet”) traffic. RFC 1918 was published to “Address Allocation for Private Internets”, which is our local network. There is nobody on internet using any IP in the range described by...

The post Creating RFC1918 alias for Firewall rules appeared first on Geek is the Way!.

Limiting bandwidth per Network Interface on your pfSense

Thiago Crepaldi — Wed, 23 Dec 2020 15:49:35 +0000

On pfSense’s documentation own words, “the basic idea of traffic shaping is raising and lowering the priorities of packets or keeping them under a certain speed. This concept seems simple, however, the number of ways in which this concept can be applied is vast.” pfSense supports “Traffic shaper” and “Limiter” (and they can be used...

The post Limiting bandwidth per Network Interface on your pfSense appeared first on Geek is the Way!.

How to allow ping on pfSense WAN?

Thiago Crepaldi — Sun, 02 Aug 2020 04:02:29 +0000

By default, pings are not allowed and actually not recommended. Bu during a network debugging, it can be quite handy. In order to allow ping incoming on the pfSense WAN port, go to Firewall >> Rules >> WAN page and create a new rule by clicking on Add button (down arrow icon) and do as...

The post How to allow ping on pfSense WAN? appeared first on Geek is the Way!.

Configuring pfSense authentication through Synology LDAP server

Thiago Crepaldi — Sun, 12 Jul 2020 21:02:27 +0000

In this article I’m going to show how to authenticate users on your pfSense using LDAP server powered by Synology DSM. The steps will include SSL encryption based on Let’s Encrypt certificates. You need to issue Let’s Encrypt SSL certificates, configure SSL certificates on your pfSense, and finally configure SSL certificates on your Synology that...

The post Configuring pfSense authentication through Synology LDAP server appeared first on Geek is the Way!.

Blocking… or trying to… DNS over HTTPS (aka DoH)

Thiago Crepaldi — Wed, 24 Jun 2020 00:18:55 +0000

This post is complementary to a previous POST protecting your network from malicious DNS. Here we are going to leverage a recent addition to pfBlockerNG: a brand new DoH feed! What is the big deal in allowing DNS over HTTPS (aka DoH) on your network?! Well, users can bypass the DNS over TLS of your...

The post Blocking… or trying to… DNS over HTTPS (aka DoH) appeared first on Geek is the Way!.

Protect your DNS requests using pfSense

Thiago Crepaldi — Sun, 21 Jun 2020 19:23:55 +0000

Configuring pfSense DNS Resolver Many ISPs or other Internet service providers collect information for commercial reasons (selling your profile for directed advertisement) or otherwise. pfSense allows you to use DNS with TLS to encrypt your request in a way that only you and the DNS provider can see it. DNS over TLS is not supported...

The post Protect your DNS requests using pfSense appeared first on Geek is the Way!.