pfSense — Bare Metal

Optiplex firewall/router install; requires two NICs (WAN/LAN).

What Is pfSense + How I Use It

pfSense is a FreeBSD-based firewall/router. I run it bare-metal on a Dell Optiplex with two NICs to isolate WAN and LAN. It handles DHCP/DNS relay, NAT, VLAN segmentation, WireGuard site-to-site/tunnel access, and core firewall rules for the homelab.

The Optiplex provides reliability and low latency at the edge; Proxmox and services sit behind pfSense on segmented VLANs. Monitoring flows to Grafana; Pi-hole can be used for DNS filtering on a separate segment.

Install — Bare Metal (Optiplex, 2 NICs)

Requirements: Dell Optiplex (or similar), two Ethernet interfaces (onboard + PCIe or USB NIC), a USB drive (8GB+), and display/keyboard for first-boot.

1) Create Installer

# Download pfSense CE/Plus ISO
# https://www.pfsense.org/download/
# Create USB (Linux example)
sudo dd if=pfSense.iso of=/dev/sdX bs=4M status=progress && sync
# Or use Rufus/Ventoy on Windows

2) BIOS + Boot

  • Enable USB boot; set pfSense USB as first boot device.
  • Disable Secure Boot (if present); keep AHCI mode for disks.

3) Install + NIC Assignment

  • Run the installer to the internal disk (auto ZFS or UFS is fine).
  • On first-boot console, assign interfaces: WAN = first NIC (e.g., em0), LAN = second NIC (e.g., em1).
  • Accept default LAN: 192.168.1.1/24 and allow DHCP temporarily.

4) WebGUI Initial Setup

  • Connect a laptop to LAN and browse to https://192.168.1.1 (default admin / pfsense).
  • Set hostname/domain; choose DNS (Pi-hole IP if used) and NTP; confirm WAN type (DHCP from ISP or PPPoE).
  • Change LAN subnet if desired; set admin password.

5) Core Config

  • VLANs: define segments (e.g., LAN, Services, IoT, Guest) and assign to LAN NIC.
  • DHCP: per VLAN with appropriate ranges; DNS to Pi-hole (optional) or pfSense resolver.
  • NAT/Rules: default outbound NAT for WAN; inter-VLAN rules with least privilege.
  • WireGuard (optional): set tunnels/peers for remote access.

Verify

# From a LAN client
ping 1.1.1.1
ping lan.gateway  # should resolve to 192.168.x.1
traceroute 8.8.8.8
# In pfSense: Status → Interfaces (WAN up, LAN up)

Maintenance

  • Backup: System → Configuration → Backup (download regularly).
  • Updates: System → Update (review release notes; schedule maintenance window).
  • Monitoring: export NetFlow or use built-in graphs; external dashboards via Grafana.