PfSense FW4L
Contents
Koala FW4L con pfSense
About the pfSense Project
pfSense is a free, open source customized distribution of FreeBSD tailored for use as a firewall and router. In addition to being a powerful, flexible firewalling and routing platform, it includes a long list of related features and a package system allowing further expandability without adding bloat and potential security vulnerabilities to the base distribution. pfSense is a popular project with more than 1 million downloads since its inception, and proven in countless installations ranging from small home networks protecting a PC and an Xbox to large corporations, universities and other organizations protecting thousands of network devices.
This project started in 2004 as a fork of the m0n0wall project, but focused towards full PC installations rather than the embedded hardware focus of m0n0wall. pfSense also offers an embedded image for Compact Flash based installations, however it is not our primary focus.
Versioni di pfSense
Abbiamo testato PfSense pfSense-memstick-2.2-RELEASE-i386-20150122-1404 con Koala FW4L ed abbiamo montato 2 LAN opzionali per ottenete un totale di 6 LAN. Ecco i risultati:
Download
- Sezione download del sito PfSense : https://www.pfsense.org/download/
- L'immagine utilizzata per il nostro test è la 2.2
Boot di sistema
Log del boot di sistema e riconoscimento di tutte le periferiche senza problemi.
mount_msdosfs /dev/da0s1 /mnt
dmesg
Copyright (c) 1992-2014 The FreeBSD Project. Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994 The Regents of the University of California. All rights reserved. FreeBSD is a registered trademark of The FreeBSD Foundation. FreeBSD 10.1-RELEASE-p4 #0 36d7dec(releng/10.1)-dirty: Thu Jan 22 15:12:38 CST 2015 root@pfsense-22-i386-builder:/usr/obj.i386/usr/pfSensesrc/src/sys/pfSense_SMP.10 i386 FreeBSD clang version 3.4.1 (tags/RELEASE_34/dot1-final 208032) 20140512 CPU: Intel(R) Atom(TM) CPU D525 @ 1.80GHz (1800.10-MHz 686-class CPU) Origin = "GenuineIntel" Id = 0x106ca Family = 0x6 Model = 0x1c Stepping = 10 Features=0xbfebfbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CLFLUSH,DTS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE> Features2=0x40e31d<SSE3,DTES64,MON,DS_CPL,TM2,SSSE3,CX16,xTPR,PDCM,MOVBE> AMD Features=0x20100000<NX,LM> AMD Features2=0x1<LAHF> TSC: P-state invariant, performance statistics real memory = 2147483648 (2048 MB) avail memory = 2061799424 (1966 MB) Event timer "LAPIC" quality 400 ACPI APIC Table: <021114 APIC1345> FreeBSD/SMP: Multiprocessor System Detected: 4 CPUs FreeBSD/SMP: 1 package(s) x 2 core(s) x 2 HTT threads cpu0 (BSP): APIC ID: 0 cpu1 (AP/HT): APIC ID: 1 cpu2 (AP): APIC ID: 2 cpu3 (AP/HT): APIC ID: 3 ioapic0: Changing APIC ID to 4 ioapic0 <Version 2.0> irqs 0-23 on motherboard ipw_bss: You need to read the LICENSE file in /usr/share/doc/legal/intel_ipw/. ipw_bss: If you agree with the license, set legal.intel_ipw.license_ack=1 in /boot/loader.conf. module_register_init: MOD_LOAD (ipw_bss_fw, 0xc080ad90, 0) error 1 ipw_ibss: You need to read the LICENSE file in /usr/share/doc/legal/intel_ipw/. ipw_ibss: If you agree with the license, set legal.intel_ipw.license_ack=1 in /boot/loader.conf. module_register_init: MOD_LOAD (ipw_ibss_fw, 0xc080ae40, 0) error 1 ipw_monitor: You need to read the LICENSE file in /usr/share/doc/legal/intel_ipw/. ipw_monitor: If you agree with the license, set legal.intel_ipw.license_ack=1 in /boot/loader.conf. module_register_init: MOD_LOAD (ipw_monitor_fw, 0xc080aef0, 0) error 1 iwi_bss: You need to read the LICENSE file in /usr/share/doc/legal/intel_iwi/. iwi_bss: If you agree with the license, set legal.intel_iwi.license_ack=1 in /boot/loader.conf. module_register_init: MOD_LOAD (iwi_bss_fw, 0xc0833520, 0) error 1 iwi_ibss: You need to read the LICENSE file in /usr/share/doc/legal/intel_iwi/. iwi_ibss: If you agree with the license, set legal.intel_iwi.license_ack=1 in /boot/loader.conf. module_register_init: MOD_LOAD (iwi_ibss_fw, 0xc08335d0, 0) error 1 iwi_monitor: You need to read the LICENSE file in /usr/share/doc/legal/intel_iwi/. iwi_monitor: If you agree with the license, set legal.intel_iwi.license_ack=1 in /boot/loader.conf. module_register_init: MOD_LOAD (iwi_monitor_fw, 0xc0833680, 0) error 1 wlan: mac acl policy registered kbd1 at kbdmux0 random: <Software, Yarrow> initialized cryptosoft0: <software crypto> on motherboard padlock0: No ACE support. acpi0: <021114 XSDT1345> on motherboard acpi0: Power Button (fixed) acpi0: reservation of ffc00000, 300000 (3) failed acpi0: reservation of fee00000, 1000 (3) failed acpi0: reservation of 0, a0000 (3) failed acpi0: reservation of 100000, 7f600000 (3) failed cpu0: <ACPI CPU> on acpi0 cpu1: <ACPI CPU> on acpi0 cpu2: <ACPI CPU> on acpi0 cpu3: <ACPI CPU> on acpi0 attimer0: <AT timer> port 0x40-0x43 irq 0 on acpi0 Timecounter "i8254" frequency 1193182 Hz quality 0 Event timer "i8254" frequency 1193182 Hz quality 100 atrtc0: <AT realtime clock> port 0x70-0x71 irq 8 on acpi0 Event timer "RTC" frequency 32768 Hz quality 0 hpet0: <High Precision Event Timer> iomem 0xfed00000-0xfed003ff on acpi0 Timecounter "HPET" frequency 14318180 Hz quality 950 Event timer "HPET" frequency 14318180 Hz quality 450 Event timer "HPET1" frequency 14318180 Hz quality 440 Event timer "HPET2" frequency 14318180 Hz quality 440 Timecounter "ACPI-fast" frequency 3579545 Hz quality 900 acpi_timer0: <24-bit timer at 3.579545MHz> port 0x808-0x80b on acpi0 pcib0: <ACPI Host-PCI bridge> port 0xcf8-0xcff on acpi0 pcib0: Ignoring 3 range above 4GB (0x400000000-0xfffffffff) pci0: <ACPI PCI bus> on pcib0 vgapci0: <VGA-compatible display> port 0x9c00-0x9c07 mem 0xfe800000-0xfe87ffff,0xd0000000-0xdfffffff,0xfe700000-0xfe7fffff irq 16 at device 2.0 on pci0 agp0: <Intel Pineview SVGA controller> on vgapci0 agp0: aperture size is 256M, detected 8188k stolen memory vgapci0: Boot video device vgapci1: <VGA-compatible display> mem 0xfe680000-0xfe6fffff at device 2.1 on pci0 uhci0: <Intel 82801H (ICH8) USB controller USB-D> port 0x9880-0x989f irq 16 at device 26.0 on pci0 usbus0 on uhci0 uhci1: <Intel 82801H (ICH8) USB controller USB-E> port 0x9800-0x981f irq 21 at device 26.1 on pci0 usbus1 on uhci1 ehci0: <Intel 82801H (ICH8) USB 2.0 controller USB2-B> mem 0xfe8e7c00-0xfe8e7fff irq 18 at device 26.7 on pci0 usbus2: EHCI version 1.0 usbus2 on ehci0 pcib1: <ACPI PCI-PCI bridge> irq 22 at device 28.0 on pci0 pci1: <ACPI PCI bus> on pcib1 pcib2: <ACPI PCI-PCI bridge> irq 23 at device 28.1 on pci0 pci2: <ACPI PCI bus> on pcib2 re0: <RealTek 8168/8111 B/C/CP/D/DP/E/F/G PCIe Gigabit Ethernet> port 0xa800-0xa8ff mem 0xfdcfb000-0xfdcfbfff,0xfdcfc000-0xfdcfffff irq 17 at device 0.0 on pci2 re0: Using 1 MSI-X message re0: Chip rev. 0x2c800000 re0: MAC rev. 0x00100000 miibus0: <MII bus> on re0 rgephy0: <RTL8169S/8110S/8211 1000BASE-T media interface> PHY 1 on miibus0 rgephy0: none, 10baseT, 10baseT-FDX, 10baseT-FDX-flow, 100baseTX, 100baseTX-FDX, 100baseTX-FDX-flow, 1000baseT, 1000baseT-master, 1000baseT-FDX, 1000baseT-FDX-master, 1000baseT-FDX-flow, 1000baseT-FDX-flow-master, auto, auto-flow pcib3: <ACPI PCI-PCI bridge> irq 20 at device 28.2 on pci0 pci3: <ACPI PCI bus> on pcib3 re1: <RealTek 8168/8111 B/C/CP/D/DP/E/F/G PCIe Gigabit Ethernet> port 0xb800-0xb8ff mem 0xfddfb000-0xfddfbfff,0xfddfc000-0xfddfffff irq 18 at device 0.0 on pci3 re1: Using 1 MSI-X message re1: Chip rev. 0x2c800000 re1: MAC rev. 0x00100000 miibus1: <MII bus> on re1 rgephy1: <RTL8169S/8110S/8211 1000BASE-T media interface> PHY 1 on miibus1 rgephy1: none, 10baseT, 10baseT-FDX, 10baseT-FDX-flow, 100baseTX, 100baseTX-FDX, 100baseTX-FDX-flow, 1000baseT, 1000baseT-master, 1000baseT-FDX, 1000baseT-FDX-master, 1000baseT-FDX-flow, 1000baseT-FDX-flow-master, auto, auto-flow pcib4: <ACPI PCI-PCI bridge> irq 21 at device 28.3 on pci0 pci4: <ACPI PCI bus> on pcib4 re2: <RealTek 8168/8111 B/C/CP/D/DP/E/F/G PCIe Gigabit Ethernet> port 0xc800-0xc8ff mem 0xfdefb000-0xfdefbfff,0xfdefc000-0xfdefffff irq 19 at device 0.0 on pci4 re2: Using 1 MSI-X message re2: Chip rev. 0x2c800000 re2: MAC rev. 0x00100000 miibus2: <MII bus> on re2 rgephy2: <RTL8169S/8110S/8211 1000BASE-T media interface> PHY 1 on miibus2 rgephy2: none, 10baseT, 10baseT-FDX, 10baseT-FDX-flow, 100baseTX, 100baseTX-FDX, 100baseTX-FDX-flow, 1000baseT, 1000baseT-master, 1000baseT-FDX, 1000baseT-FDX-master, 1000baseT-FDX-flow, 1000baseT-FDX-flow-master, auto, auto-flow pcib5: <ACPI PCI-PCI bridge> irq 22 at device 28.4 on pci0 pci5: <ACPI PCI bus> on pcib5 re3: <RealTek 8168/8111 B/C/CP/D/DP/E/F/G PCIe Gigabit Ethernet> port 0xd800-0xd8ff mem 0xfdffb000-0xfdffbfff,0xfdffc000-0xfdffffff irq 16 at device 0.0 on pci5 re3: Using 1 MSI-X message re3: Chip rev. 0x2c800000 re3: MAC rev. 0x00100000 miibus3: <MII bus> on re3 rgephy3: <RTL8169S/8110S/8211 1000BASE-T media interface> PHY 1 on miibus3 rgephy3: none, 10baseT, 10baseT-FDX, 10baseT-FDX-flow, 100baseTX, 100baseTX-FDX, 100baseTX-FDX-flow, 1000baseT, 1000baseT-master, 1000baseT-FDX, 1000baseT-FDX-master, 1000baseT-FDX-flow, 1000baseT-FDX-flow-master, auto, auto-flow pcib6: <ACPI PCI-PCI bridge> irq 23 at device 28.5 on pci0 pci6: <ACPI PCI bus> on pcib6 igb0: <Intel(R) PRO/1000 Network Connection version - 2.4.0> port 0xec00-0xec1f mem 0xfeb80000-0xfebfffff,0xfeafc000-0xfeafffff irq 17 at device 0.0 on pci6 igb0: Using MSIX interrupts with 5 vectors igb0: Bound queue 0 to cpu 0 igb0: Bound queue 1 to cpu 1 igb0: Bound queue 2 to cpu 2 igb0: Bound queue 3 to cpu 3 igb1: <Intel(R) PRO/1000 Network Connection version - 2.4.0> port 0xe880-0xe89f mem 0xfea00000-0xfea7ffff,0xfeaf8000-0xfeafbfff irq 18 at device 0.1 on pci6 igb1: Using MSIX interrupts with 5 vectors igb1: Bound queue 0 to cpu 0 igb1: Bound queue 1 to cpu 1 igb1: Bound queue 2 to cpu 2 igb1: Bound queue 3 to cpu 3 uhci2: <Intel 82801H (ICH8) USB controller USB-A> port 0x9480-0x949f irq 23 at device 29.0 on pci0 usbus3 on uhci2 uhci3: <Intel 82801H (ICH8) USB controller USB-B> port 0x9400-0x941f irq 19 at device 29.1 on pci0 usbus4 on uhci3 uhci4: <Intel 82801H (ICH8) USB controller USB-C> port 0x9080-0x909f irq 18 at device 29.2 on pci0 usbus5 on uhci4 ehci1: <Intel 82801H (ICH8) USB 2.0 controller USB2-A> mem 0xfe8e7800-0xfe8e7bff irq 23 at device 29.7 on pci0 usbus6: EHCI version 1.0 usbus6 on ehci1 pcib7: <ACPI PCI-PCI bridge> at device 30.0 on pci0 pci7: <ACPI PCI bus> on pcib7 isab0: <PCI-ISA bridge> at device 31.0 on pci0 isa0: <ISA bus> on isab0 atapci0: <Intel ICH8M UDMA100 controller> port 0x1f0-0x1f7,0x3f6,0x170-0x177,0x376,0xffa0-0xffaf at device 31.1 on pci0 ata0: <ATA channel> at channel 0 on atapci0 atapci1: <Intel ICH8M SATA300 controller> port 0x9000-0x9007,0x8c00-0x8c03,0x8880-0x8887,0x8800-0x8803,0x8480-0x848f,0x8400-0x840f irq 18 at device 31.2 on pci0 ata2: <ATA channel> at channel 0 on atapci1 ata3: <ATA channel> at channel 1 on atapci1 acpi_button0: <Power Button> on acpi0 uart0: <16550 or compatible> port 0x3f8-0x3ff irq 4 flags 0x10 on acpi0 uart1: <16550 or compatible> port 0x2f8-0x2ff irq 3 on acpi0 pmtimer0 on isa0 sc0: <System console> at flags 0x100 on isa0 sc0: VGA <16 virtual consoles, flags=0x300> vga0: <Generic ISA VGA> at port 0x3c0-0x3df iomem 0xa0000-0xbffff on isa0 atkbdc0: <Keyboard controller (i8042)> at port 0x60,0x64 on isa0 atkbd0: <AT Keyboard> irq 1 on atkbdc0 kbd0 at atkbd0 atkbd0: [GIANT-LOCKED] ppc0: parallel port not found. p4tcc0: <CPU Frequency Thermal Control> on cpu0 p4tcc1: <CPU Frequency Thermal Control> on cpu1 p4tcc2: <CPU Frequency Thermal Control> on cpu2 p4tcc3: <CPU Frequency Thermal Control> on cpu3 Timecounters tick every 1.000 msec IPsec: Initialized Security Association Processing. random: unblocking device. usbus0: 12Mbps Full Speed USB v1.0 usbus1: 12Mbps Full Speed USB v1.0 usbus2: 480Mbps High Speed USB v2.0 usbus3: 12Mbps Full Speed USB v1.0 usbus4: 12Mbps Full Speed USB v1.0 usbus5: 12Mbps Full Speed USB v1.0 usbus6: 480Mbps High Speed USB v2.0 ugen0.1: <Intel> at usbus0 uhub0: <Intel UHCI root HUB, class 9/0, rev 1.00/1.00, addr 1> on usbus0 ugen2.1: <Intel> at usbus2 uhub1: <Intel EHCI root HUB, class 9/0, rev 2.00/1.00, addr 1> on usbus2 ugen1.1: <Intel> at usbus1 uhub2: <Intel UHCI root HUB, class 9/0, rev 1.00/1.00, addr 1> on usbus1 ugen4.1: <Intel> at usbus4 uhub3: <Intel UHCI root HUB, class 9/0, rev 1.00/1.00, addr 1> on usbus4 ugen3.1: <Intel> at usbus3 uhub4: <Intel UHCI root HUB, class 9/0, rev 1.00/1.00, addr 1> on usbus3 ugen5.1: <Intel> at usbus5 uhub5: <Intel UHCI root HUB, class 9/0, rev 1.00/1.00, addr 1> on usbus5 ugen6.1: <Intel> at usbus6 uhub6: <Intel EHCI root HUB, class 9/0, rev 2.00/1.00, addr 1> on usbus6 uhub0: 2 ports with 2 removable, self powered uhub2: 2 ports with 2 removable, self powered uhub3: 2 ports with 2 removable, self powered uhub4: 2 ports with 2 removable, self powered uhub5: 2 ports with 2 removable, self powered uhub1: 4 ports with 4 removable, self powered uhub6: 6 ports with 6 removable, self powered ugen6.2: <SMI Corporation> at usbus6 umass0: <SMI Corporation USB DISK, class 0/0, rev 2.00/11.00, addr 2> on usbus6 ugen3.2: <Logitech> at usbus3 ukbd0: <USB Keyboard> on usbus3 kbd2 at ukbd0 uhid0: <USB Keyboard> on usbus3 da0 at umass-sim0 bus 0 scbus3 target 0 lun 0 da0: <SMI USB DISK 1100> Removable Direct Access SCSI-4 device da0: 40.000MB/s transfers da0: 3840MB (7864320 512 byte sectors: 255H 63S/T 489C) da0: quirks=0x3<NO_SYNC_CACHE,NO_6_BYTE> SMP: AP CPU #1 Launched! SMP: AP CPU #3 Launched! SMP: AP CPU #2 Launched! Timecounter "TSC" frequency 1800103752 Hz quality 1000 Trying to mount root from ufs:/dev/ufs/pfSense [ro]... pflog0: promiscuous mode enabled ugen6.3: <JetFlash> at usbus6 umass1: <JetFlash Mass Storage Device, class 0/0, rev 2.00/1.00, addr 3> on usbus6 da1 at umass-sim1 bus 1 scbus4 target 0 lun 0 da1: <JetFlash Transcend 16GB 8.07> Removable Direct Access SCSI-4 device da1: Serial Number NB9BYQF3 da1: 40.000MB/s transfers da1: 15312MB (31358976 512 byte sectors: 255H 63S/T 1952C) da1: quirks=0x12<NO_6_BYTE,NO_RC16>
ifconfig
re0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=8209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC,LINKSTATE> ether 00:30:18:c1:58:10 inet6 fe80::230:18ff:fec1:5810%re0 prefixlen 64 scopeid 0x1 nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL> media: Ethernet autoselect (none) status: no carrier re1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=8209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC,LINKSTATE> ether 00:30:18:c1:58:11 inet6 fe80::230:18ff:fec1:5811%re1 prefixlen 64 scopeid 0x2 nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL> media: Ethernet autoselect (none) status: no carrier re2: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=8209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC,LINKSTATE> ether 00:30:18:c1:58:12 inet6 fe80::230:18ff:fec1:5812%re2 prefixlen 64 scopeid 0x3 nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL> media: Ethernet autoselect (none) status: no carrier re3: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=8209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC,LINKSTATE> ether 00:30:18:c1:58:13 inet6 fe80::230:18ff:fec1:5813%re3 prefixlen 64 scopeid 0x4 nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL> media: Ethernet autoselect (100baseTX <full-duplex>) status: active igb0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=403bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,VLAN_HWTSO> ether 00:30:18:c5:c1:24 inet6 fe80::230:18ff:fec5:c124%igb0 prefixlen 64 scopeid 0x5 nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL> media: Ethernet autoselect status: no carrier igb1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=403bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,VLAN_HWTSO> ether 00:30:18:c5:c1:25 inet6 fe80::230:18ff:fec5:c125%igb1 prefixlen 64 scopeid 0x6 nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL> media: Ethernet autoselect status: no carrier pflog0: flags=100<PROMISC> metric 0 mtu 33172 pfsync0: flags=0<> metric 0 mtu 1500 syncpeer: 224.0.0.240 maxupd: 128 defer: on syncok: 1 lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384 options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6> inet 127.0.0.1 netmask 0xff000000 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x9 nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL> enc0: flags=0<> metric 0 mtu 1536 nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
re0_vlan1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=3<RXCSUM,TXCSUM> ether 00:30:18:c1:58:10 inet6 fe80::230:18ff:fec1:5810%re0_vlan1 prefixlen 64 scopeid 0xb nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL> media: Ethernet autoselect (none) status: no carrier vlan: 1 vlanpcp: 0 parent interface: re0 re3_vlan1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=3<RXCSUM,TXCSUM> ether 00:30:18:c1:58:13 inet6 fe80::230:18ff:fec1:5813%re3_vlan1 prefixlen 64 scopeid 0xc nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL> media: Ethernet autoselect (100baseTX <full-duplex>) status: active vlan: 1 vlanpcp: 0 parent interface: re3