pfSense as a proxy server – installation guide

Pfsense is a FreeBSD based Open source security distribution. Pfsense is basically using as a gateway device (firewall and router). But it can be expandable as many Server services like DNS, DHCP, Proxy Servers. Here I is the step by step procedure to install a Pfsense based Proxy server.

Download pfSense CD from here

http://www.pfsense.org/mirror.php?section=downloads

Write The ISO file to a CD and boot from pfSense CD.

select vlans pfsense

Select “n” if you don’t have a Vlan setup

select interface  fsense

Sigh Lan and wan Interface

Pfsense menu

It will automatically asign 192.168.1.1 for the lan interface.

Set Lan IP Address

select option 2 and enter your lan IP, it will ask for subnet, you have to enter subnet as bit counters
Eg

255.255.255.0 = 24
255.255.0.0  = 16
255.0.0.0     = 8

pfsense chaneg ip

It will also prompt for set this server as a DHCP server. If you want to set this server as a DHCP server select “y”. If you are using static ips for client pcs just select “n”

After applying the LAN IP address, you can access the pfSense web interface using http protocol

Eg : http://192.168.0.10

Install pfSense  to a hard drive / memory

Select option “99” to install pfsense to your local media.

It will start installation in first setp and ask some settings to change video font screenmap keymap etc .. select “<Accept these Settings>” for default settings

pfsense configure

Now select “<Quick/Easy Install>”

pfsense install method

System will prompt for a confirmation If you press <OK> It will erase all data from first HDD

So make sure that u have data backups if necessary

pfsense confirm

pfsense installtion progress

Select multiprocessing kernel

Select processor Pfsense

Reboot the server when it prompt

Initial configurations in web interface

Now go to web interface
It will ask for user id and password
Default user id and passwords for pfsense server as follows

User : admin

Password : pfsense

On this screen you will set the General pfSense parameters.

pfsense configure dns

Add hostname, and domain name, Primary and Secondary DNS server in this screen, here I used Open DNS to improve security, you can give your DNS

Eg : 208.67.222.222 & 208.67.220.220

Time Server Information

pfsense configure time server

Enter your time server name and Timezone and click next

Configure the Wide Area Network information

If your internet connection is based on DHCP, click next. No changes required in this area.

If your internet connection with a static IP or a PPPoE / PPTP you can configure details in this window.

Configure LAN Interface

We already assigned an ip address for lan from the terminal itself. Click next if there is no change.

Set Admin WebGUI Password

Set your administration password for web interface management. Currently we entered with default password. It is strongly recommend to change the password now itself.

Reload

Click ‘Reload’ to reload pfSense with new changes. If you changed the password, pfSense will ask you to log in again.
This will take some time to reload automatically. You can use the same ip url to reload quickly.

Install Squid

pfsense package manager

pfsense Squid proxy

Go to System > packages, it will load all the supported packages,  Select squid and click “+” button
Squid package and its dependencies will be automatically installed in this server

Executing custom_php_resync_config_command()…done.

Writing configuration… done.

Starting service.

Installation completed. Please check to make sure that the package is configured from the respective menu then start the package.

Now squid is installed and basic Server is ready to work as a proxy, by default no one can use this proxy. Access control system should configure for Allowed subnets,

Go to Services > Proxy Server > Access Control and add Allowed subnets. You can add ips or subnets. separate entries with space. Basic blacklisting / white listing is possible in this configuration window

Eg : 192.168.1.0/24

Now squid will serve all sites to 192.168.1.0 network. by default squid is running on tcp port 3128

Configure your client proxy settings with your server ip and 3128 port

Eg

IP address 192.168.1.0

Port : 3128

For an advanced Proxy Server it is required Standard blacklists and reporting features. Squid Guard and Squid reporting packages are available for Pf Sense. My next article is about How to Configure a PfSense with SquidGuard and Lightsquid

About Albin Sebastian

I am a Technology Blogger, I Blog about technology related articles, Active in online and offline tech communities

Leave a Reply

More in Networking, Servers (16 of 44 articles)