"If they find an issue with public key encryption, we're all in trouble and your firewall will be the least of your concerns." Something about that made me chuckle in fear lol.
@nreitcheck5 жыл бұрын
Just a note, do not use port 222 or 5555 as given in the example. Both ports are commonly scanned for as well as many many others. For the most 10 most common scanned ports watch AT&T ThreatTraq Internet Weather Report kzbin.info/aero/PLq4ic8ODT5PfsdQ7XBnKqIa2FBLmwjanL . Also remember to use best security practices for SSH as it can allow access to any computer on any connected network not just the localhost.
@clomok9 ай бұрын
Perfect, this is exactly the answer I needed. Thank you!
@MirkWoot5 жыл бұрын
Thats pretty neat, actually had no idea that was possible, the way to get the webconfigurator thru ssh.
@anyheck5 жыл бұрын
That seems like a solid idea. I've used openvpn to have a remote router "phone home" and it's stable but certainly a more involved setup. How are you setting up the remote sites to deal with dynamic IPs and what do you do for your password management as all of the remote sites are at localhost:port? is there an autossh package on pfsense to get it to phone home to you with a reverse tunnel setup?
@PileofKyle5 жыл бұрын
You’re a great teacher.
@wormchickenwizard3 жыл бұрын
How do you centrally manage and monitor your entire fleet of pfsense devices for outages and other issues? Also with public/private keys for SSH, how do you keep up with with all the keys on each firewall that's specific to each of your technicians? Is there a way you can orchestrate changes like for example if a technician had their computer stolen would you have to remote into each firewall individually and revoke the key or could you do it with a couple of clicks and push that change to every firewall at once?
@ITHowToAsap4 жыл бұрын
If pfSense is in a virtual machine and the WAN IP of it is a private, example 192.168.1.23, you must disable "Block private networks and loopback addresses" under Interfaces/Wan in order to have the Firewall rules to work.
@marcvanberkel85125 жыл бұрын
We made a central management system for pfsense, based on SSH port forwarding. To be able to view all kind of information in one dashboard. Uptime states CPU mem backups, live icmp etc
@LAWRENCESYSTEMS5 жыл бұрын
We use zabbix for that
@johnhumphreys2755 Жыл бұрын
Awesome video. Thank you
@LAWRENCESYSTEMS Жыл бұрын
My pleasure!
@someyounggamer5 жыл бұрын
Is his main OS parrot ? Great Video helped a lot with my syslog machine!
@linuxpc4me5555 жыл бұрын
Just saw this video.. what a great tutorial! Thank you so much. One question... how would you use this with putty?
@LAWRENCESYSTEMS5 жыл бұрын
I don't use putty anymore but it is supported this site has a write up www.akadia.com/services/ssh_putty.html
@jasonperry60465 жыл бұрын
!!! Ho Li $#! +. There goes any hesitation I had for going all in on pfSense. I obviously don't know what I don't know. Any suggestions for an overview of things past the basics that Linux can do?
@TaRaZ_AST3 жыл бұрын
if you configure a rule that allows access to https, it will allow anyway, despite ssh rule. I mean I can connect via browser before(without) connecting via ssh
@ERolando785 жыл бұрын
Excellent video. A query how can I limit the amount of digital certificate for client devices on an Openvpn server from PfSense
@BradleyHerbst4 жыл бұрын
Great video. Did you end up ever making a video on ssh port forwarding with pfsense?
@LAWRENCESYSTEMS4 жыл бұрын
kzbin.info/www/bejne/aV6nhmdtr6mlh80
@BradleyHerbst4 жыл бұрын
@@LAWRENCESYSTEMS I needed to expose mysql to my friend, but I didn't want to install ssh on the mysql server because I'm going to moving it to a container eventually, so I rather him authenticate thorough the pfsense box. I came up with this, ssh -L 3306:(ip-of-mysql-server):3306 -p (random-port-for-this) (non-admin-pfsense-username-with-publickey)@(my-public-ip-address), I'm sure this not the right way to do this, but it does work. I would like to know how to properly set this up so they can have to authenticate before they can get access to a port. I was going to setup a second openvpn on pfsense but I figured that was overkill since only need to expose one port. Thank You
@abdelhakeljamali41015 жыл бұрын
great video as usual. thank you
@CGW115 жыл бұрын
Thanks Tom! Great stuff. 👍 Can you share your bash prompt?
@booradlly4 жыл бұрын
YES PLEASE, that was a wicked looking bash, never seen a bash so detailed. PLEASE TELL US
@booradlly4 жыл бұрын
I asked the same question again, and he answered! (see above) github.com/flipsidecreations/dotfiles
@rogan4665 жыл бұрын
This seems like a lot of work. Why not toss a ip on the loopback, create a ipsec tunnel to your network, this way you can manage the device at the far end from anywhere within your own management network. That way you can stay sanitized and not have ports opened etc. I understand the port is only opened from a particular source but this just seems like a lot of work.
@ronaldvaughan41174 жыл бұрын
Rogan, Interested in your method as well. Any existing reference as to how to actualize it? Tnx!
@marklharmonАй бұрын
FYI, from the start it's a good idea to temporarily disable SSHGuard/Login Protection before too many failed SSH logins happen. Don't ask me how I know. 🙂
@nurhafizah2104 жыл бұрын
hello sir, i cannot access my pfsense web gui.i installed them in virtualbox.do you know how to solve this?thank you.
@rafionroot5 жыл бұрын
Great video, I'm having a bit of a problem hitting the localhost:5555 cant connect at all, do I need to add other rule beside the ssh allow on the WAN ? The admin access and the wan rule have been configured correctly Thanks guys
@booradlly4 жыл бұрын
Does anyone know what BASH that is ? It is awesome looking, lots of detail.
@LAWRENCESYSTEMS4 жыл бұрын
github.com/flipsidecreations/dotfiles
@mervinmercado47554 жыл бұрын
hey tom nice and great video, hoping that you have also a video on how to set up on windows command. I'm following your videos. More power and I hope sooner or later you read my comment. Keep Safe
@josecubas94605 жыл бұрын
teacher I am from Peru. I am a student. I would like if you could teach us from the beginning snort openaddid + pfbloquers. Excuse greetings from Peru and thanks for your videos
@Oswee3 жыл бұрын
It would be nice if pfSense would support SSH Certificates
@jasonperry60465 жыл бұрын
Okay, I have watched the video again and I have a question. Can I get a let's encrypt certificate for pfSense box? Will the same scripts work that I use on my debian based boxes? I do realize it is BSD based that's why I ask.
@LAWRENCESYSTEMS5 жыл бұрын
There is a pfsense plugin for the ACME cert system
@mathesonstep5 жыл бұрын
So you do need the private key to login to the server correct? because if someone had your IP and your public key they shouldn't be able to do anything is that correct?
@LAWRENCESYSTEMS5 жыл бұрын
Correct, keep your private key super locked down
@gorillaau4 жыл бұрын
@@LAWRENCESYSTEMS Yes, peehaps even to the point why if your private key is stolen on a laptop, you should revoke the existing public key from your servers and create a new the private key. Paranoid? Perhaps but nice to know that the servers you are responsible for are not accessible by ill-gotten means.
@takumihikaru60555 жыл бұрын
Hi Tom, can you help me how to allow skype on pfsense? Thanks
@LAWRENCESYSTEMS5 жыл бұрын
It is allowed
@takumihikaru60555 жыл бұрын
Thanks for your reply, followed your tutorial on pfBlocker but Skype is blocked, just don't know where it is filtered from.