IT&&LINUX&&Config: March 2015

Installation pfsense on KVM and using it as a firewall for your linux desktop.

Pfsense on kvm is a firwall server for my linuxmintxfce17.1 fun workstation.

The simple flow is as follows.

Internet->kvm virtual pfsense firewall->host.

For those who want to protect linux box for a long time, maybe it is a good option.

1) Installation

Above link is very enough and non-burdensome for who do not use KVM often.

2) I used to use virtualbox. So, I converted virtualbox vdi to kvm image(.qow2).

*)For example,

#qemu-img convert -f vdi -O qcow2 u1.vdi u1.qcow2

# othere example is

#vboxmanage clonehd vm.vdi vm.img

#and qemu-img convert -f raw -O qco2 vmname.vdi vnmane.qcow2..

Should correct raw to qcow2 on u1.xml to avoid No boot some errors.

# virsh -c qemu:///session dumpxml u1 > ~/u1.xml

# vi ~/u1.xm

Change raw to qcow2.

virt # virsh -c qemu:///session define ~/p2.xml

Domain pf2 defined from /root/p2.xml

No more errors.

3) Pfsense: https://pfsense.org(This is freebsd based).

*This free firewall distro is very easy to install snort ID detection. This is why I love this distro.

* This is very easy to install.

4) Network.

VEPA source mode. Hot device eth0:macvtap.This interface is for outer WAN network.

#)virsh net-autostart default

# virsh net-edit default

<name>default</name>

<nat>

</nat>

</forward>

<dhcp>

</dhcp>

</ip>

</network>

#route add default gw 192.168.142.2 virbr1

Kernel IP routing table

Destination Gateway Genmask Flags Metric Ref Use Iface

0.0.0.0 192.168.142.2 0.0.0.0 UG 0 0 0 virbr1

192.168.142.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr1

To-be-filled-by-O-E-M isolinux #

Pfsense web interface

* To sum up, all network inflow is through via KVM based pfsense firewall.

In security point, this setting is little bit more secure than just nothing.

If your are more concerned on security, you can use iptables on host bare metal workstation or server.

Thursday, March 26, 2015