Professional Documents
Culture Documents
Requerimientos:
ISO pfsense
Maquina Virtual cliente (win 7)
Maquina Virtual Windows Server (Active Directory)
Maquina Cliente:
Un solo adaptador = Segmento de red LAN
-------------------------------------------------------
* INSTALACION *
Maquina pfSense:
Maquina Cliente:
Instalacion tradicional
-----------------------------------------------------
* CONFIGURACION *
Maquina Cliente:
sign in:
usuario = admin
pass = pfsense
<sign in>
<next>
<next>
hostname = (iniciales)
domain = (iniciales.com)
primary DNS = 8.8.8.8
secondary DNS = 8.8.4.4
<next>
timezone = america/mexico_city
<next>
<next> - configuracion WAN
<next> - configuracion LAN (verificaion de IP)
ingresar NUEVA contraseña
<next>
<reload>
System
Advanced
Firewall & NAT
firewall maximun table entries = 400000
<save>
System
General Setup
DNS servers - elegir WAN con ip de wan-pfsense
<save>
System
Package Manager
Available Packages (tienda)
Search term = squid
<search>
instalar 2 paquetes
SQUID <install> <confirm>
SQUIDGUARD <install> <confirm>
----------------------------
POsible error:
No permite instalar por ser mayor version de php
Solucion:
System
Update
-----------------------------
nota:
al terminar de instalar aparece barra superior en verde y
"success" al final del detalle de instalacion
nota 2:
Verificar en System -Advanced -Firewall & NAT
el valor firewall maximun table entries = 400000
<-->
Configuracion squid:
Services
Squid Proxy Server
Local Cache
Hard Disk Cache Size = 1000
<Save>
General
Enable Squid Proxy = <Habilitar Casilla>
<SAVE>
Configuracion SquidGuard:
Services
SquidGuard Proxy Filter
General Settings
Enable GUI log <Habilitar casilla>
Enable log <Habilitar casilla>
Enable log rotation <Habilitar casilla>
Blacklist
Download - hasta que barra de estado sea verde
*******************************************************
Creacion de Categorias:
Services
SquidGuard Proxy Filter
Target Categories
<Add>
Name = nombre de su categoria
Domain list = lista de paginas a bloquear
redrect mode = none
Redirect = MEsaje que deseen mostrar
log = <habilitar casilla>
<SAVE>
*********************************************************
Services
SquidGuard Proxy Filter
Common ACL
Target Rule List
(+) - para expandir vista de listas
seleccionar permisos
whitelist
blacklist
allow
default access (all) = allow
******************************************************
Activar Servicio:
Services
SquidGuard Proxy Filter
Enable = <Habilitar Casilla>
<Apply>
*******************************************************
Vinculacion (Active Directory) + pfSense
Maquina Server ofsense:
Configurar para dejar 1 ip libre para windows server
System
User MAnager
Authentication Server
<Add>
--------------------------------------------
*Win Server - ADSI - Aciones -Conectar a
<Aceptar> - expandir contexto
*Obtener :
DC=ccc,DC=com (ejemplo)
Authentication COntainers =
CN=Administrador,CN=Users,DC=(dominio),DC=com
<SAVE>
Settings
Authentication Server = elegir conexion a AD
<Save & Test>
*aparecen 3 ok
<Save>
Services
Squid Proxy Server
General
Transparent HTTP proxy = <deshabilitar casilla>
<Save>
Local Cache
cache dynamic content = <Habilitar casilla>
<Save>
ACLs
Allowed Subnets = (red servidor pfsense/24)
Authentication
Authentication Method = LDAP
Authentication server = ip widows server
Authentication server port = 389
Authentication processes = 1
Authentication TTL = 480
LDAP version = 3
LDAP server users DN =
CN=Administrador,CN=Users,DC=(dominio),DC=com
Services
SquidGuard Proxy Filter
General Settings
Enable LDAP filter = <habilitar casilla>
LDAP DN : CN=Administrador,CN=Users,DC=(dominio),DC=com
LDAP DN pasww = (contraseña win server)
Strip NT domain name: <habilitar casilla>
Strip kerberos : <habilitar casilla>
LDAP version = version 3
Enable log rotation <deshabilitar casilla>
<SAVE>
*************************************************************
COnfigurar acceso por usuario:
Services
SquidGuard Proxy Filter
Groups ACL --> aqui se crean los grupos de reglas
<Add>
Name = nombre de regla
client(source) = rango ip (10.1.1.1-10.2.2.2)
'usuario'
Services
SquidGuard Proxy Filter
General Settings
<Apply>
Nota: Ante cualquier cambio en reglas, dar <APPLY>
Tarda en Aplicarse de 3 a 10 min
dependiendo de recursos de pc
*********************************************************
Maquina CLiente:
*******************************************************
Uso de pfsense:
Services
Squid Proxy Server
ACL´s
Allowed Subnets = ip_servidor/24
Blacklist = paginas a bloquear (dominio)
<Save>
**********************************************************