Learn pfSense 2.4
上QQ阅读APP看书,第一时间看更新

Configuration from the web GUI

The pfSense web GUI can only be accessed from another PC. If the WAN was the only interface that was assigned during the initial setup, then you will be able to access pfSense through the WAN IP address. Once one of the local interfaces is configured (typically the LAN interface), pfSense can no longer be accessed through the WAN interface. You will, however, be able to access pfSense from the local side of the firewall (typically through the LAN interface). In either case, you can access the web GUI by connecting another computer to the pfSense system, either directly (with a crossover cable) or indirectly (through a switch), and then typing either the WAN or LAN IP address into the connected computer's web browser.

If you enabled the LAN interface but did not enable DHCP on LAN, or if you are accessing the web GUI on another computer on the LAN network, you must statically set the IP address on that computer to a valid IP address for the LAN network (for example, if the LAN interface IP address is 192.168.1.1 and the LAN network is 192.168.1.0/24, set it to 192.168.1.2 or any number other than 1 for the last octet).
  1. When you initially log in to pfSense, the default username/password combination will be admin/pfsense, respectively.
  2. On your first login, the Setup Wizard will begin automatically.
  3. Click on the Next button to begin configuration. 
  4. The first screen provides a link for information about a pfSense Gold Netgate Global Support subscription. You can click on the link to sign up to learn more, or click on the Next button.
  5. On the next screen, you will be prompted to enter the hostname of the router as well as the domain. Hostnames can contain letters, numbers, and hyphens, but must begin with a letter. If you have a domain, you can enter it in the appropriate field.
  1. In the Primary DNS Server and Secondary DNS Server fields, you can enter your DNS servers. If you are using DHCP for your WAN, you can probably leave these fields blank, as they will usually be assigned automatically by your ISP. However, your ISP's DNS servers may not be reliable. There are many third-party DNS servers available, including OpenDNS (208.67.220.220 and 208.67.222.222) and Google Public DNS (8.8.8.8 and 8.8.4.4). Uncheck the Override DNS checkbox if you want to use third-party DNS servers rather than the DNS servers used by your ISP. Click on Next when finished.
  2. The next screen will prompt you for the Network Time Protocol (NTP) server as well as the local time zone. The NTP server configuration will be covered in greater detail in the next chapter; you can keep the default value for the server hostname for now. For the Timezone field, you should select the zone which matches your location and click on Next.
  3. The next screen of the wizard is the WAN configuration page. If you need to make changes to the WAN configuration, see the detailed guide in the advanced WAN configuration. The two most common options most users will want to configure are the Block RFC1918 Private Networks and Block Bogon Networks checkboxes (in most cases, both should be checked). When you are done configuring WAN options, click on Next.
  4. The next screen provides fields in which you can change the LAN IP address and subnet mask, but only if you configured the LAN interface previously. You can keep the default, or change it to another value within the private address blocks. You may want to choose an address range other than the very common 192.168.1.x in order to avoid a conflict. Be aware that, if you change the LAN IP address value, you will also need to adjust your PC's IP address, or release and renew its DHCP lease when you're finished with the network interface. You will also have to change the pfSense IP address in your browser to reflect the change.
  5. The final screen of the pfSense Setup Wizard allows you to change the admin password, which you should do now. Enter the password, enter it again for confirmation in the next edit box, and click on Next. Later on, you can create another administrator account with a username other than admin and disable the admin account for additional security, unless you plan on setting up multiple firewalls for high availability, in which case you will need to retain the admin account.
  6. On the following screen, there will be a Reload button; click on Reload. This will reload pfSense with the new changes.
  7. Once you have completed the wizard, you should have network connectivity. Although there are other means of making changes to pfSense's configuration, if you want to repeat the wizard, you can do so by navigating to System | Setup Wizard. Completion of the wizard will take you to the pfSense dashboard.