Skip to content

vasanth-kumar-vk/pfSense-Firewall-Lab

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
README.md
README.md
 
 
pfSense_Firewall_Documentation.docx
pfSense_Firewall_Documentation.docx
 
 

Repository files navigation

🔥 pfSense Firewall — Perimeter Security Lab

pfSense CE 2.8.1 deployed as a perimeter firewall on VMware — WAN/LAN/OPT1 interfaces, firewall rules, aliases, hybrid NAT, port forwarding, static routing, and DNS resolver — protecting a full enterprise lab topology.

📋 Project Overview

This project deploys pfSense Community Edition 2.8.1 as a perimeter firewall and internet gateway for an entire virtualized enterprise lab. pfSense sits at the network boundary — all internet-bound traffic from GNS3 virtual devices, Ubuntu Server, Windows Server DC01, and the physical host passes through pfSense for NAT, firewall inspection, and routing.

🏗️ Network Architecture

Internet
    |
VMware NAT (192.168.58.0/24)
    |
pfSense WAN (em0) — 192.168.58.140 (DHCP)
    |
pfSense LAN (em2) — 10.10.10.2     ← Lab network gateway (VMnet4)
pfSense OPT1 (em1) — 192.168.10.254 ← Management GUI (VMnet1)
    |
Protected Lab Infrastructure:
├── GNS3 Enterprise Topology (via static routes → HQ Router 203.0.113.1)
├── Ubuntu Server 24.04 (Apache web server — port forwarded on WAN:80)
├── Windows Server 2022 DC01
└── Physical host PC

🛠️ Technologies & Features

Category Implementation
Platform pfSense CE 2.8.1-RELEASE (FreeBSD 15.0), VMware Workstation Pro 25
Interfaces WAN (NAT), LAN (VMnet4 — 10.10.10.2/24), OPT1 (VMnet1 — 192.168.10.254/24)
Firewall Rules Default deny WAN, allow LAN, Anti-Lockout rule
Aliases IP aliases (server groups), port aliases (web + admin ports)
NAT Hybrid Outbound NAT — manual rules for all internal subnets
Port Forwarding WAN:80 → Ubuntu Server (192.168.100.10:80)
Static Routing Routes to GNS3 topology via HQ router gateway (203.0.113.1)
DNS Resolver Unbound — upstream forwarders 8.8.8.8 / 8.8.4.4, domain lab.local
Monitoring Dashboard widgets: system info, interface stats, firewall logs, traffic graphs
Storage ZFS filesystem, 7.0 GB disk, 13% utilization

📡 Interface Configuration

Interface Name Adapter IP Address Role
em0 WAN VMware NAT 192.168.58.140 (DHCP) Internet-facing
em1 OPT1 VMnet1 192.168.10.254 Management / Web GUI
em2 LAN VMnet4 10.10.10.2 Lab network gateway

🔒 Firewall Rules

WAN Rules

Action Protocol Source Destination Description
BLOCK All Any Any Default deny all inbound (secure default)

LAN Rules

Action Protocol Source Destination Description
PASS Any Any LAN:80 Anti-Lockout — always allow GUI access
PASS IPv4 Any LAN subnets Any Allow all LAN outbound
PASS IPv6 Any LAN subnets Any Allow all LAN IPv6 outbound

📛 Firewall Aliases

Using aliases instead of raw IP addresses makes rules readable and maintainable — professional network admin practice.

Alias Type Values Purpose
Internal_Servers Host 192.168.100.10, 192.168.99.10 Ubuntu Server + DC01
Web_Ports Port 80, 443, 22 HTTP, HTTPS, SSH

🔄 NAT Configuration

Outbound NAT (Hybrid Mode)

Interface Source Destination NAT Address
WAN 10.0.0.0/8 Any WAN address (manual)
WAN 192.168.0.0/16 Any WAN address (manual)

Port Forwarding

Interface Protocol WAN Port Redirect Target Description
WAN TCP 80 192.168.100.10:80 HTTP to Ubuntu Server

🗺️ Static Routes & Gateways

Gateway Name Interface IP Purpose
WAN_DHCP WAN 192.168.58.2 VMware NAT — internet
HQ_GW LAN 203.0.113.1 GNS3 HQ router
Destination Subnet Gateway Purpose
10.0.0.0 /8 HQ_GW GNS3 router links
192.168.0.0 /16 HQ_GW GNS3 LAN/DMZ networks

📊 System Performance

Metric Value
CPU Usage 4% (Intel i5-13420H, AES-NI capable)
Memory Usage 39% of 455 MiB
Disk Usage 13% of 7.0 GB (ZFS)
State Table 0% (7/45000 states)
Uptime Stable

📁 Project Files

pfsense-firewall-lab/
├── docs/
│   └── pfSense_Firewall_Documentation.docx
└── README.md

🚀 How to Replicate This Lab

  1. Download pfSense CE 2.8.1 AMD64 ISO from pfsense.org (or Netgate)
  2. Create VMware VM: 512 MB RAM, 1 vCPU, 10 GB disk, 3 network adapters (NAT, VMnet4, VMnet1)
  3. Boot installer — select Install CE → ZFS → Stripe → da0
  4. Assign interfaces via console: WAN=em0, LAN=em2, OPT1=em1
  5. Set LAN IP to 10.10.10.2/24 via console option 2
  6. Access GUI at http://10.10.10.2 from any VM on VMnet4/VMnet1
  7. Apply firewall rules, NAT, static routes, and DNS as documented

📚 Skills Demonstrated

pfSense Installation Interface Configuration Firewall Rules Default Deny Firewall Aliases Hybrid Outbound NAT Port Forwarding Static Routing Gateway Configuration DNS Resolver (Unbound) Dashboard Monitoring Perimeter Security Defense-in-Depth ZFS FreeBSD

👨‍💻 Author

Vasanth Kumar BCA — Vivekananda Institute of Management, Bengaluru, Karnataka 📧 vasanthkumarvk2855@gmail.com 🔗 LinkedIn | GitHub

This project is part of a hands-on IT infrastructure portfolio built to demonstrate entry-level Network Administrator / Security skills.

About

pfSense CE 2.8.1 perimeter firewall — WAN/LAN/OPT1, hybrid NAT, port forwarding, static routing

github.com/vasanth-kumar-vk

Topics

networking vmware firewall pfsense network-security network-address-translation perimeter-security

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors