How to Setup a pfSense Router

If you’re looking to replace your home router with something that offers more control, features, and performance pfSense is an excellent choice. pfSense can act as both a router and firewall offering lots of features for free that are often only found in pricey commercial routers.

What is pfSense?

pfSense is a custom open source distribution of FreeBSD.  pfSense is a fork of the m0n0wall project focused on running on a complete computer instead of an embedded system.

Some interesting uses for pfSense

Configure a DNS blacklist to block unwanted web sites on your network.

Setup a transparent squid proxy to improve internet performance and monitor usage.

Build a dual WAN router to combine the bandwidth of multiple internet connections.

Things you need

The computer running pfSense must have at least two network cards.  One of the interfaces will be used for the LAN (connecting to your switch) and the second will be the WAN interface that connects to your cable or DSL modem.

If you don’t have a dedicated network switch but your existing router has a built in switch you can use it instead.  Make sure you disable the built in DHCP server since pfSense will be handing DHCP.  Also don’t connect anything to the WAN port.

Installation

(Do not connect any network cables yet)

After getting the PC setup you’re going to use the first thing you’ll need to do is boot off of the pfSense liveCD you created.  After the liveCD finishes booting you will be presented with the pfSense console setup menu.  From this menu select option 99 ‘Install pfSense to hard drive’

For the rest of the installation processes as a general rule you can select the default options.  When choosing the kernel select the ‘multiprocessing’ kernel if  the system your using has a 2 or more CPU cores, otherwise select ‘uni-processor’.

Screen shots for the installation process can be found here.

Once the installation process is complete remove the CD and reboot the computer.  You’ll want the system to boot from the internal hard drive you installed pfSense onto at this point so adjust your bios settings as needed.


Configuration

When your pfSense system boots up for the first time you’ll be asked if you want to configure VLAN’s, just say no.

Next you’ll be prompted to “Enter your LAN interface name or ‘a’ for auto-detection”.  Auto detect is the easiest way to go here, once your in auto detect mode all you have to do is plug in the ethernet cable in the port you’ll be using for LAN (this should connect to your switch), once pfSense detects link on that interface it has been configured.  Follow the same procedure to configure your WAN interface.  If you want to set up any additional interfaces do so now, for example you might have a third interface if you plan on making a dual WAN router or a DMZ.

At this point you should be back at the main pfSEnse console menu.

Select option 2 ‘Set LAN IP Address’ and enter the IP address and mask you want to set for your pfSense box for most people 192.168.1.1/24 works just fine.  I would also recommend enabling the DHCP server when prompted.

At this point your router is up and running!  You can configure further settings through the web interface.  To access the web interface point your browser to http://192.168.1.1 or whatever you set the LAN IP address to in the previous step.

Default username: admin

Default password: pfsense

Troubleshooting Steps

The web GUI isn’t loading (https://192.168.1.1)

Make sure you can ping the IP address first (eg: ping 192.168.1.1)

If you can’t make sure you connected the LAN interface to your switch and not your modem.  You can always go back to the pfSense console and re assign the interfaces again.  Also make sure the computer your using has obtained a valid IP address from the DHCP server you can set a static IP such as 192.168.1.2 for troubleshooting if needed.

The internet isn’t working

If you can pull up the web GUI but the internet doesn’t seem to be working check to see if your WAN interface has an IP address.  http://192.168.10.254/status_interfaces.php If it doesn’t check the cable going to your cable or DSL modem.  You may need to power cycle your modem in order for the router to be able to obtain a valid IP address.



Sam Kear

Sam graduated from the University of Missouri - Kansas City with a bachelors degree in Information Technology. Currently he works as a network analyst for an algorithmic trading firm. Sam enjoys the challenge of troubleshooting complex problems and is constantly experimenting with new technologies.

28 thoughts to “How to Setup a pfSense Router”

  1. pfsense is my favorite router platform. To combat SPAM look into the IP-Blocklist and Countryblock package. pfsense is the only free router platform that allows you to do multi-wan, as far as I know.

    1. Great tips, thanks Tom. About 95% of the hack attempts and spam I receive seems to come from foreign countries anyway so these packages should help a lot.

      I believe you are correct about multi-wan support, many commercial routers don’t even support multi-wan.

  2. I have a public ip on one of the WAN interface, is there a way to config PFsense so I can get connected to web configurator to this ip of my WAN interface?

  3. please any one can help me to how to allocate static ip address to both NIC in my pfsense and my adsl router ip is 192.168.1.1 we disable dhcp how i will connect it to network

  4. Hi! sam i’m trying to make a server running pfsense on it, i installed de os,configure both my lan and wan ip address static, since i have a DSL mordem, taking a lan to my switch, i seems not to be able to serve the net

    1. Here are the first things I would check.

      1. Can you ping the LAN IP address of the pfSense box?
      2. Can the pfSense box ping the WAN gateway provided by the ISP? This can be tested using the ping function in the diagnostics menu.

      Does your DSL provider require PPPoE authentication?

  5. I had my WAN receive an IP address from my modem, The LAN is configured to do dhcp and connected it to a switch. When I connect a machine to the switch I am not able to browse the internet. What can I do to resolve this.

    1. Here are a couple of common things to check.

      1. Can you ping the LAN IP address of the pfSense box? If not is the PC getting an IP address from the DHCP server?
      2. Can the pfSense box ping the WAN gateway provided by the ISP? This can be tested using the ping function in the diagnostics menu.

      This will at least help you determine where the problem exists.

        1. In most cases you will need two network cards, one for a LAN interface and the other as a WAN interface. Technically it is possible to configure pfSense with only one interface if you use vlan trunking. This would require pfSense to be connected to a switch that supports vlan tags. In this case you would trunk both a LAN and WAN vlan to pfSense.

            1. To find out if your switch supports VLANs you will need to look at the specifications from the manufacturer. If you search Google for the model number of the switch you should be able to find the spec sheet or some other document listing the functions of the switch.

              VLAN trunking allows a single network port to carry multiple VLANs at the same time.

              Hope this helps!

              1. 8-Port 10/100Mbps Desktop Switch
                TL-SF1008D
                8 10/100Mbps auto-negotiation RJ45 ports, supports auto MDI/MDIX
                Green Ethernet technology saves the power up to 60%
                IEEE 802.3x flow control provides reliable data transfer
                Plastic case, desktop design
                Plug and play, no configuration required

                (That’s the spec of my switch. It does not state if it supports VLAN trunking.)
                Btw, thanks for the replies.

                1. Correct, that switch does not support VLANs. In your case it would be much cheaper to purchase a second network card than it would be to buy a switch with VLAN support.

                  1. Hey, I was in the middle of pfsense installation (Auto-assign procedure). when I inserted my Wireless Adapter to configure the WAN, it stated NO LINK DETECTED eventhough my signal is high. Why is that? Im using 150MBPS Wireless 802.1 1bgn Nano USB Adpater

  6. Hi Sam,

    My WAN is up, my LAN is up, but i am not receiving internet connection, I can access the webgui and getting IP from the DHCP server that I set to the pfsense. Kindly advise.

    Thanks
    Kervs

  7. Hi Sam,
    I am stuck with one major issue and I didn’t find any resolution for that issue. Today I came across your suggestions and would like to ask you if you can help me with this. I have my LAN network and DMZ as well. I setup all my LAN connections to go through OpenDNS via NAT rules and I also would like to force forward my DMZ clients to go through OPENDNS as well but I have TV and WiFi on that DMZ which stops working if I can add another NAT rule but I didn’t see any fix if I could setup firewall rules on each lan and DMZ which is not even working to force redirect clients to OpenDNS. Could you please guide me through. I will really appreciate your response.
    Regards
    Ahmad

  8. Hi team ,
    I have installed pfsense but don’t get configuration as I have dial up connection .
    here is my network line diagram.
    WAN—–>iball wifi router with 3 lan port ——>to mix card of pfsense with one of lan port from router .
    kindly suggest solutions.Thanks

  9. Hi Sam
    I have got two wan,it is under load balance as well failover(PFSense 2.3.2).Can I route certain websites (ex:facebook,youtube,etc) through WAN1 and few websites from WAN 2.
    Thanks in Advance

Leave a Reply

Your email address will not be published. Required fields are marked *