pfsense:install_pfsense:reboot
Differences
This shows you the differences between two versions of the page.
| Both sides previous revisionPrevious revision | |||
| pfsense:install_pfsense:reboot [2020/12/02 00:02] – [Verify DNS.] peter | pfsense:install_pfsense:reboot [2020/12/02 00:26] (current) – removed peter | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | ====== PFSense - Install pfSense - Reboot ====== | ||
| - | |||
| - | Restart the pfSense device and connect your modem to your WAN port if you haven’t already. | ||
| - | |||
| - | The system should boot and allow you to log back into the dashboard where if everything is correct, the WAN interfaces will have IP addresses allocated to them. | ||
| - | |||
| - | <WRAP info> | ||
| - | **NOTE:** Check that everything is okay. | ||
| - | |||
| - | Navigate to **Status -> System Logs** if needed. | ||
| - | |||
| - | </ | ||
| - | |||
| - | ---- | ||
| - | |||
| - | ===== Verify that everything is working ===== | ||
| - | |||
| - | Connect up a managed switch to test the various subnets work correctly. | ||
| - | |||
| - | ---- | ||
| - | |||
| - | ===== Verify DHCP ===== | ||
| - | |||
| - | Connect to each subnet in turn and verify a client receives an appropriate address from the associated DHCP pool. | ||
| - | |||
| - | Heres the connection when connected to the CLEAR network where a 192.168.50.100 address has been awarded. | ||
| - | |||
| - | <code bash> | ||
| - | ifconfig en0 | ||
| - | en0: flags=8963< | ||
| - | ether xx: | ||
| - | inet6 fe80:: | ||
| - | inet 192.168.50.100 netmask 0xffffff00 broadcast 192.168.50.255 | ||
| - | nd6 options=1< | ||
| - | media: autoselect | ||
| - | status: active | ||
| - | </ | ||
| - | |||
| - | ---- | ||
| - | |||
| - | ===== Verify DNS. ===== | ||
| - | |||
| - | We have three methods of DNS resolution to verify: | ||
| - | |||
| - | * LAN: Uses Resolver for local and non-local lookups. | ||
| - | * CLEAR: Uses public DNS resolvers. | ||
| - | * IOT: Uses Resolver for local and non-local lookups. | ||
| - | * GUEST: Uses public DNS resolvers. | ||
| - | |||
| - | ==== LAN ==== | ||
| - | |||
| - | === Verify DNS Resolver resolution === | ||
| - | |||
| - | <code bash> | ||
| - | dig pfsense.org | ||
| - | |||
| - | ; <<>> | ||
| - | ;; global options: +cmd | ||
| - | ;; Got answer: | ||
| - | ;; ->> | ||
| - | ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 | ||
| - | |||
| - | ;; OPT PSEUDOSECTION: | ||
| - | ; EDNS: version: 0, flags:; udp: 4096 | ||
| - | ;; QUESTION SECTION: | ||
| - | ; | ||
| - | |||
| - | ;; ANSWER SECTION: | ||
| - | pfsense.org. 261 IN A 208.123.73.69 | ||
| - | |||
| - | ;; Query time: 2 msec | ||
| - | ;; SERVER: 192.168.1.1# | ||
| - | ;; WHEN: Fri Mar 27 14:26:22 PDT 2020 | ||
| - | ;; MSG SIZE rcvd: 56 | ||
| - | </ | ||
| - | |||
| - | ---- | ||
| - | |||
| - | === Verify non-local DNS Resolver resolution. === | ||
| - | |||
| - | Force the DNS query to use Google' | ||
| - | |||
| - | This should be redirected back to the pfSense DNS resolver for lookup. | ||
| - | |||
| - | <code bash> | ||
| - | dig @8.8.8.8 pfsense.org | ||
| - | |||
| - | ; <<>> | ||
| - | ; (1 server found) | ||
| - | ;; global options: +cmd | ||
| - | ;; Got answer: | ||
| - | ;; ->> | ||
| - | ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 | ||
| - | |||
| - | ;; OPT PSEUDOSECTION: | ||
| - | ; EDNS: version: 0, flags:; udp: 4096 | ||
| - | ;; QUESTION SECTION: | ||
| - | ; | ||
| - | |||
| - | ;; ANSWER SECTION: | ||
| - | pfsense.org. 232 IN A 208.123.73.69 | ||
| - | |||
| - | ;; Query time: 2 msec | ||
| - | ;; SERVER: 8.8.8.8# | ||
| - | ;; WHEN: Fri Mar 27 14:26:51 PDT 2020 | ||
| - | ;; MSG SIZE rcvd: 56 | ||
| - | </ | ||
| - | |||
| - | ---- | ||
| - | |||
| - | === Verify DNS Resolver’s local name resolution === | ||
| - | |||
| - | Use **nslookup** to lookup the pfSense gateway by its hostname and verify the address is returned correctly. | ||
| - | |||
| - | <code bash> | ||
| - | dig pfsense.local.lan | ||
| - | |||
| - | ; <<>> | ||
| - | ;; global options: +cmd | ||
| - | ;; Got answer: | ||
| - | ;; ->> | ||
| - | ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 | ||
| - | |||
| - | ;; OPT PSEUDOSECTION: | ||
| - | ; EDNS: version: 0, flags:; udp: 4096 | ||
| - | ;; QUESTION SECTION: | ||
| - | ; | ||
| - | |||
| - | ;; ANSWER SECTION: | ||
| - | pfsense.local.lan. 3600 IN A 192.168.1.1 | ||
| - | |||
| - | ;; Query time: 2 msec | ||
| - | ;; SERVER: 192.168.1.1# | ||
| - | ;; WHEN: Fri Mar 27 14:35:35 PDT 2020 | ||
| - | ;; MSG SIZE rcvd: 62 | ||
| - | </ | ||
| - | |||
| - | ---- | ||
| - | |||
| - | === Verify DNS Resolver reverse resolution === | ||
| - | |||
| - | Verify you can resolve a hostname from an IP address. | ||
| - | |||
| - | <code bash> | ||
| - | dig +noall +answer -x 192.168.1.1 | ||
| - | 1.2.168.192.in-addr.arpa. 3600 IN PTR pfSense.local.lan. | ||
| - | </ | ||
| - | |||
| - | ---- | ||
| - | |||
| - | === Verify DNS Resolver ‘.local.lan’ domain resolution === | ||
| - | |||
| - | My DNS Resolver is defined as authoritative for my local.lan domain. | ||
| - | |||
| - | If I try and lookup an address which is not part of my network, it will return status: NXDOMAIN rather than forward the lookup to external DNS resolvers. | ||
| - | |||
| - | <code bash> | ||
| - | dig nothere.local.lan | ||
| - | |||
| - | ; <<>> | ||
| - | ;; global options: +cmd | ||
| - | ;; Got answer: | ||
| - | ;; ->> | ||
| - | ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 | ||
| - | |||
| - | ;; QUESTION SECTION: | ||
| - | ; | ||
| - | |||
| - | ;; AUTHORITY SECTION: | ||
| - | local.lan. | ||
| - | |||
| - | ;; Query time: 4 msec | ||
| - | ;; SERVER: 192.168.1.1# | ||
| - | ;; WHEN: Sun Aug 27 10:22:30 2017 | ||
| - | ;; MSG SIZE rcvd: 84 | ||
| - | </ | ||
| - | |||
| - | ---- | ||
pfsense/install_pfsense/reboot.1606867372.txt.gz · Last modified: 2020/12/02 00:02 by peter