Setting up Cybersecurity Home Lab: Part 4 – Configuring the pfSense Firewall.

This article will show the detailed steps of configuring the pfSense firewall. we will configure different services and firewall rules for multiple network interfaces to allow and block requests.

pfSense Setup Wizard.
Configuring Interfaces.
Configure DNS Resolver Service.
Assign Static IP address for Kali Linux VM.
Configure Firewall Rules.

pfSense Setup Wizard.

To login into pfSense web portal, open Kali Linux web browser and type the ip address https://10.0.1.1 in the address bar.

To accept the security warning, select Advanced and then select Accept the Risk and Continue.

Use the default username: admin and password: pfsense

On the welcome to pfsense software page, select next, On netgate 24/7 global support page information select next.

Enter the Hostname and Domain, make sure you uncheck the Override DNS option and select next.

Select the timezone and click next.

Once the setup reached step 4 – Configure WAN Interfaces, leave all the configuration unchanged and scroll all the way down, till you find the section named RFC 1918 Networks.

Uncheck the box named block private networks from entering the WAN and select next.

No configuration needed for the step 5- Configure LAN Interfaces.

Please change the Admin password in the set admin WebGUI Password page.

Press Reload to apply the configuration changes.

Click Finish to close setup, you can also click on Check for Updates.

Configuring Interfaces.

Once you are on the pfSense dashboard, click on Interfaces option and select the interface named OPT1

Change the description of the Interface to Monitoring.

Press Save and press Apply Changes

Once the changes are applied, select OPT2 and change the description to AD Lab and change the description of OPT3 to Vulnerable Machines

The changes description of the interfaces should look like the below.

Configure DNS Resolver Service.

In the Services column, select DNS Resolver and then General Settings.

Scroll down and make sure the settings under DHCP Registration and Static DHCP is enabled (Check Marked).

In the DNS Resolver page, select Advanced Settings and make sure the options under Prefetch Support and Prefetch DNS Key Support is enabled (Check Marked).

Scroll down, select Save and Apply Changes.

Assign Static IP address for Kali Linux VM.

Navigate to Status and then select DHCP Leases.

Select the plus icon to add static mapping for the kali Linux machine.

Add the IP Address 10.0.1.2 in the IP address section.

Scroll down and select Save and Apply Changes.

Reboot the Kali Linux VM using the command sudo reboot and use the command ip address to confirm the static IP address is assigned to the machine.

Configure Firewall Rules.

Firewall rules are processed from top to bottom, add all the allow rule at the top and all the block rules at the bottom.

Create Aliases for IP addresses.

Navigate to Firewall section and select Alias and click on IP and select

Add the below details in the IP alias section.

Name: Private_IP_Address_List
Description: Private IP Address List
Type: Network(s)
Network 1: 10.0.0.0/8
Network 2: 172.16.0.0/12
Network 3: 192.168.0.0/16
Network 4: 169.254.0.0/16 (Automatic Private IP Addressing (APIPA) OR link-local address)
Network 5: 127.0.0.0/8 (Loopback Address of machine)