In my first post, I discussed my rationale for securing my homelab with the pfSense firewall, and shared the process of standing up a dedicated virtual machine (VM), PF01, for it. To recap, the goal is to secure my "mini data center" using the same architectural thinking required to design segmented networks in enterprise environments.
The next step is configuration, and luckily, pfSense’s setup process is easy to follow.
The first thing you’ll notice is that pfSense asks if you’d like to configure the various network interfaces. In my homelab's case, they’re virtual network interfaces arranged in the order they were created during the VM's, PF01, setup. The order was WAN (External Switch), LAN (Internal Switch 1), DMZ (Internal Switch 2), and the Heartbeat (Private).
pfSense lists these as h0, h1, h2, and h3.
The first interface I configured was h0, the External VNIC associated with the WAN. At first, pfSense displayed a warning that it couldn’t assign the network interface, which required some troubleshooting. After running the PowerShell command Get-VMSwitch to confirm all switches were active, I had a hunch that a simple VM reset was all that was needed for pfSense to recognize the virtual NICs. That hunch was correct; after resetting PF01, pfSense "saw" the virtual NICs as expected, and I was back in business.
One thing I wanted to avoid was an IP address conflict. To check for that, I opened a command prompt and ran ipconfig to make sure pfSense and my home router wouldn’t assign the same address ranges to connected devices.
With that confirmed, I configured the WAN (h0) and LAN (h1) interfaces, reviewing the default settings for interface mode, VLANs, IP address, and DHCP range. Since none of the defaults conflicted with my router, I left them as-is.
Next, I wanted to confirm that pfSense was running, ensuring that the LAN was operational and could reach the internet. I wrote a PowerShell script to deploy a test VM, named LX01, running the Linux-based OS, Linux Lite. I chose Linux Lite because it's a quick Ubuntu-like operating system with a small footprint and overhead. Plus, I can use it to experiment with Linux-based PostgreSQL and SQL Server installations at a later date. I configured LX01 to use Internal Switch 1, the virtual switch tied to the LAN. (For those who would like to follow along, that script is available on my Git hub repository.
LX01 was able to connect to the internet and access the pfSense web GUI through a browser, confirming that pfSense was up, routing properly, and protecting LAN traffic. As a final step, I changed the default password for the pfSense admin account. This is an important but easily overlooked step. What good is setting up a firewall to protect a network if you neglect changing the default credentials?
In future posts, I will cover the DMZ and VPN setups. For now though, it's time to build out the LAN subnet. I'll introduce my intentions for the LAN subnet and building out a VM for our domain controller in the next post.