CYBERSECURITY JOB HUNTING GUIDE
pfSense configuration for Security Onion
Author: Stefan Waldvogel
This guide will prepare pfSense for Security Onion.
We need a network like this:
This network looks very similar but has one additional Ethernet port. Security Onion needs to analyse the traffic and therefore we have to mirror all traffic to vtnet2.
On a real switch, this port is called SPAN port or port mirroring. We can configure pfSense in different ways, but I will mirror vtnet0 and vtnet1 to port vtnet2.
Before do this, we have to power down pfSense and add a new network with the wanted settings.
On a real switch, this port is called SPAN port or port mirroring. We can configure pfSense in different ways, but I will mirror vtnet0 and vtnet1 to port vtnet2.
Before do this, we have to power down pfSense and add a new network with the wanted settings.
We have to add one more Ethernet card for pfSense.
Now, we can start pfSense again and we have to add the new network card.
Things to know:
- start pfSense first
- start the VMs (I have a Kali on the LAN network to access the GUI because the WAN side does not have the GUI)
- the GUI for pfSense is here on http://192.168.1.2/ This is option 2) (Set interface IP address)
--> Attention: the gateway is still on 192.168.1.1. If you cannot find the machines or the gateway, use nmap or ping to find the missing things
On Kali you can use a static IP with the command
sudo nano /etc/network/interfaces
Change the file to this:
- start pfSense first
- start the VMs (I have a Kali on the LAN network to access the GUI because the WAN side does not have the GUI)
- the GUI for pfSense is here on http://192.168.1.2/ This is option 2) (Set interface IP address)
--> Attention: the gateway is still on 192.168.1.1. If you cannot find the machines or the gateway, use nmap or ping to find the missing things
On Kali you can use a static IP with the command
sudo nano /etc/network/interfaces
Change the file to this:
Restart the VM or restart the network card. If everything worked, you have internet access.
--> The configuration is tricky. If it does not work, reset pfSense and start over.
--> The configuration is tricky. If it does not work, reset pfSense and start over.
© 2021. This work is licensed under a CC BY-SA 4.0 license