search

How to install & setup pfSense

In this guide, you will be followed while installing and setting up pfSense for your homelab, a powerful virtual router that will enhance your configurations for routing & make your homelab cool. :)

hashtag
What's pfSense

pfSense is an open-source firewall and router software distribution based on FreeBSD. Think of it as a super-powerful, customizable alternative to the firewall/router you normally get from your Internet provider, but way more flexible and professional.

hashtag
Introduction

Setting up pfSense for my homelab was the most challenging task I’ve done so far. I’ll be honest: I made a few mistakes along the way and I’m a little embarrassed about them. That said, mistakes are how you learn — and I did learn.

In this document I’ll explain the correct procedure to get pfSense running, and then list the mistakes I made and what I learned from them.

hashtag
Getting Started

hashtag
Requirements

  • A PC

  • A network switch

  • A server running ProxMox (or equivalent). Important: the server must have at least two physical network interfaces (NICs). This guide does not use router-on-a-stick or VLANs.

I bought a USB to RJ45 adapter to add a second NIC to my server.

hashtag
How it will work

High-Level representation of how it will work

hashtag
1. Import the pfSense ISO into ProxMox

I strongly recommend downloading and uploading the pfSense ISO to ProxMox before you proceed. During later steps you may temporarily lose internet connectivity.

  1. Download the ISO from https://www.pfsense.org/download/arrow-up-right.

  2. In ProxMox, go to pve -> local (pve) -> ISO Images -> Upload and upload the ISO.

hashtag
2. Network layout (very important)

This step is crucial.

We will create two separate networks: LAN and WAN.

  • LAN: all local devices live here.

  • WAN: ideally contains only the ONT, your ISP router, and the pfSense WAN interface.

Physically disconnect the ISP router from the switch and connect it to one of the server’s network interfaces.

Example of my setup:

  • LAN network: 192.168.1.0/24

  • WAN network: 192.168.2.0/24

hashtag
3. Create the pfSense VM in ProxMox

Note: Before creating the VM, make sure both network interfaces appear in ProxMox (GUI -> pve -> Network). You should see vmbr0 and vmbr1 (or similar). If they’re missing, configure the interfaces in ProxMox first.

Steps:

  1. Create a new VM using the pfSense ISO. I recommend ~16 GB storage and 2 GB RAM as a minimum.

  2. Start the VM and proceed with the pfSense installer.

  3. Assign the interface connected to the ISP/router as WAN. Set IPv4 to DHCP (unless you use a static WAN IP).

  4. Assign the interface connected to the switch as LAN. Set a static LAN IP such as 192.168.1.254.

  5. Complete the installation.

hashtag
4. Final check

In theory everything should work now. Connect to the web UI at https://192.168.1.254 (or the LAN IP you set) to access pfSense.

Default login:

  • user: admin

  • password: pfsense

hashtag
Port Forwarding

Since my homelab is running some services that should be accessible from the outside world, you must set up Port Forwarding.

In order to do that, we must first acknowledge that we have two routers: your ISP's physical router and pfSense virtual router. The idea is that ISP's router will forward traffic to pfSense, and vice versa. Achieving this result is pretty simple

hashtag
1. Setup port forwarding on ISP's Router

This is the first step, but it's not very hard, don't worry.

  1. Login into your ISP's Router GUI / settings page

  2. Navigate to Port Forwarding

  3. Add the following rule (example)

    1. Source port: 80

    2. Destination port: 80

    3. Forward to: 192.168.2.1 (pfSense WAN interface's IP)

Do this for each port you want to forward.

hashtag
2. Setup NAT on pfSense

This step is a little bit trickier, but don't worry. I'll follow you step by step on how to setup this.

  1. Access your pfSense GUI

  2. Navigate to Firewall -> NAT

  3. Click on add rule and compile with the following fields:

    1. Interface: WAN

    2. Address family: IPv4 (or IPv6, based on your needs)

    3. Protocol: select the protocol of the service

    4. Destination: this firewall (self)

    5. Destination port range: select the port range (like 80-80)

    6. Redirect port range: the port you're willing to forward to

It should look something like this

Do this for each port and, well, it's done! Congratulations on setting up pfSense :)

PreviousConfiguring WireGuardNextEthical Hacking

Last updated