OVERKILL
$100 Site Donor 2021
Given some of the subject matter I've covered in recent weeks regarding the state/quality/security of most consumer network gear, I thought it prudent to put together a short guide with screenshots on how you can leverage old hardware or something cheap from E-bay/Kijiji/Craigslist to provide more robust perimeter protection without having to become a networking expert. The main prerequisite is simply something with two (or more) network interfaces, so if you have an old computer that you can add another network card to, that's pretty much all it is going to require.
The most popular firewall distribution has to be pfSense, which is based on FreeBSD. There's a fork of this product called OPNsense, which I've also used which is very similar in terms of installation and operation. If you'd like a guide on that product as well, let me know. Given some of the interaction between the pfSense and OPNsense camps, some of which was quite unprofessional, I personally lean toward supporting the OPNsense group.
This guide is based on execution of the installation on a Hyper-V virtual host for the sake of being able to easily grab screenshots. Installation on physical hardware is effectively identical for the sake of this thread.
Step 1 (pfSense):
Download the installation media from https://www.pfsense.org/download/
You will want to select AMD_64 as the architecture and whether you want the ISO (CD/DVD) or the Memstick installer will depend on whether the hardware you are installing it on, and the computer you are downloading the image on, have an optical drive and you have blank optical media handy:
If you select the Memstick installer, you then have to select the console type. Choose VGA console:
In either instance, the file you download will be a gz ZIP file, so you need an archiver like 7-Zip to extract it. You get this from 7-zip.org.
Once you have 7-Zip installed, right-click the gz file, choose 7-Zip and then "Extract Here":
Step 2 (pfSense):
Once the image is extracted, if you downloaded the ISO, right-click it and choose "burn disc image" (PC):
Or "Burn to Disc..." (Mac):
If you downloaded the Memstick installer, go grab Balena Etcher from balenaEtcher - Flash OS images to SD cards & USB drives:
Then launch that, click "Flash from file":
Select your .img file that you extracted, insert your USB memory stick, click "Select target" and choose that memory stick, then click "Flash!" and it will create the stick for you.
Step 3 (pfSense):
Depending on the hardware you are installing it on, you will need to figure out what the key sequence is to be able to boot from something other than the hard drive. On some computers, that's F12, others it's F11, others still it can be F8, F9 or F10. On an HP system, if you hold down the ESC key during post, you'll get a menu that will allow you to select "Boot menu" and then you can select the bootable device you created (CD/DVD or Memstick).
Step 4 (pfSense):
The image should boot, you'll get a screen with a brief countdown, just wait it out. You'll then be greeted by the pfSense installer and an agreement you need to accept to proceed:
Step 5 (pfSense):
Choose "Install":
Step 6 (pfSense):
If you are using a system with less than 8GB of RAM, select Auto (UFS) on the partitioning screen:
Step 7 (pfSense):
Choose "Entire Disk":
The most popular firewall distribution has to be pfSense, which is based on FreeBSD. There's a fork of this product called OPNsense, which I've also used which is very similar in terms of installation and operation. If you'd like a guide on that product as well, let me know. Given some of the interaction between the pfSense and OPNsense camps, some of which was quite unprofessional, I personally lean toward supporting the OPNsense group.
This guide is based on execution of the installation on a Hyper-V virtual host for the sake of being able to easily grab screenshots. Installation on physical hardware is effectively identical for the sake of this thread.
Step 1 (pfSense):
Download the installation media from https://www.pfsense.org/download/
You will want to select AMD_64 as the architecture and whether you want the ISO (CD/DVD) or the Memstick installer will depend on whether the hardware you are installing it on, and the computer you are downloading the image on, have an optical drive and you have blank optical media handy:
If you select the Memstick installer, you then have to select the console type. Choose VGA console:
In either instance, the file you download will be a gz ZIP file, so you need an archiver like 7-Zip to extract it. You get this from 7-zip.org.
Once you have 7-Zip installed, right-click the gz file, choose 7-Zip and then "Extract Here":
Step 2 (pfSense):
Once the image is extracted, if you downloaded the ISO, right-click it and choose "burn disc image" (PC):
Or "Burn to Disc..." (Mac):
If you downloaded the Memstick installer, go grab Balena Etcher from balenaEtcher - Flash OS images to SD cards & USB drives:
Then launch that, click "Flash from file":
Select your .img file that you extracted, insert your USB memory stick, click "Select target" and choose that memory stick, then click "Flash!" and it will create the stick for you.
Step 3 (pfSense):
Depending on the hardware you are installing it on, you will need to figure out what the key sequence is to be able to boot from something other than the hard drive. On some computers, that's F12, others it's F11, others still it can be F8, F9 or F10. On an HP system, if you hold down the ESC key during post, you'll get a menu that will allow you to select "Boot menu" and then you can select the bootable device you created (CD/DVD or Memstick).
Step 4 (pfSense):
The image should boot, you'll get a screen with a brief countdown, just wait it out. You'll then be greeted by the pfSense installer and an agreement you need to accept to proceed:
Step 5 (pfSense):
Choose "Install":
Step 6 (pfSense):
If you are using a system with less than 8GB of RAM, select Auto (UFS) on the partitioning screen:
Step 7 (pfSense):
Choose "Entire Disk":