Pfsense is a FreeBSD based Open source security distribution. Pfsense is basically using as a gateway device (firewall and router). But it can be expandable as many Server services like DNS, DHCP, Proxy Servers. Here I is the step by step procedure to install a Pfsense based Proxy server.
Download pfSense CD from here
Write The ISO file to a CD and boot from pfSense CD.
Select “n” if you don’t have a Vlan setup
Sigh Lan and wan Interface
It will automatically asign 192.168.1.1 for the lan interface.
Set Lan IP Address
select option 2 and enter your lan IP, it will ask for subnet, you have to enter subnet as bit counters
255.255.255.0 = 24
255.255.0.0 = 16
255.0.0.0 = 8
It will also prompt for set this server as a DHCP server. If you want to set this server as a DHCP server select “y”. If you are using static ips for client pcs just select “n”
After applying the LAN IP address, you can access the pfSense web interface using http protocol
Eg : http://192.168.0.10
Install pfSense to a hard drive / memory
Select option “99” to install pfsense to your local media.
It will start installation in first setp and ask some settings to change video font screenmap keymap etc .. select “<Accept these Settings>” for default settings
Now select “<Quick/Easy Install>”
System will prompt for a confirmation If you press <OK> It will erase all data from first HDD
So make sure that u have data backups if necessary
Select multiprocessing kernel
Reboot the server when it prompt
Initial configurations in web interface
Now go to web interface
It will ask for user id and password
Default user id and passwords for pfsense server as follows
User : admin
Password : pfsense
On this screen you will set the General pfSense parameters.
Add hostname, and domain name, Primary and Secondary DNS server in this screen, here I used Open DNS to improve security, you can give your DNS
Eg : 18.104.22.168 & 22.214.171.124
Time Server Information
Enter your time server name and Timezone and click next
Configure the Wide Area Network information
If your internet connection is based on DHCP, click next. No changes required in this area.
If your internet connection with a static IP or a PPPoE / PPTP you can configure details in this window.
Configure LAN Interface
We already assigned an ip address for lan from the terminal itself. Click next if there is no change.
Set Admin WebGUI Password
Set your administration password for web interface management. Currently we entered with default password. It is strongly recommend to change the password now itself.
Click ‘Reload’ to reload pfSense with new changes. If you changed the password, pfSense will ask you to log in again.
This will take some time to reload automatically. You can use the same ip url to reload quickly.
Go to System > packages, it will load all the supported packages, Select squid and click “+” button
Squid package and its dependencies will be automatically installed in this server
Writing configuration… done.
Installation completed. Please check to make sure that the package is configured from the respective menu then start the package.
Now squid is installed and basic Server is ready to work as a proxy, by default no one can use this proxy. Access control system should configure for Allowed subnets,
Go to Services > Proxy Server > Access Control and add Allowed subnets. You can add ips or subnets. separate entries with space. Basic blacklisting / white listing is possible in this configuration window
Eg : 192.168.1.0/24
Now squid will serve all sites to 192.168.1.0 network. by default squid is running on tcp port 3128
Configure your client proxy settings with your server ip and 3128 port
IP address 192.168.1.0
Port : 3128
For an advanced Proxy Server it is required Standard blacklists and reporting features. Squid Guard and Squid reporting packages are available for Pf Sense. My next article is about How to Configure a PfSense with SquidGuard and Lightsquid