DSB-July-2022

DSB-July-2022

Discoverix Sdn Bhd work logs for July 2022

ยท

3 min read

DSB Log July 2022

Author: Ahmad Afiq Azmi


What I Learn ๐Ÿ“š

PfSense

What is pfSense?
pfSense is a firewall/router computer software distribution based on FreeBSD. The open source pfSense Community Edition and pfSense Plus is installed on a physical computer or a virtual machine to make a dedicated firewall/router for a network.

So far I've learned to:

  1. Installing pfSense in small mini PC box.
  2. Setup initial configuration for PPPoE TM Unifi
  3. Configure User Management
    • Block Access default admin user
    • Create another User with admin role
    • Enable User for SSH
  4. Create VLAN for TM Unifi
  5. Create VLAN for Management, Staff, DMZ and etc.
  6. Setup PPPoE connection for WAN with TM Unifi.
  7. Setup DHCP Server for Staff VLAN.
  8. Set Firewall Rules for each VLAN
  9. Enable DNS Resolver on pfSense
  10. Installed packages like:
    • openvpn-client-export
    • pfBlockerNG-devel
  11. Setup OpenVPN for Remote Access Management
  12. Setup pfBlockerNG for blocking malicious content and blocking ads.

Proxmox VE

What is Proxmox VE? Proxmox Virtual Environment is an open source server virtualization management solution based on QEMU/KVM and LXC. You can manage virtual machines, containers, highly available clusters, storage and networks with an integrated, easy-to-use web interface or via CLI.

  1. Initial networking configuration for:
    • Management IP Address
    • Bridge Interfaces
    • LACP configuration
    • Vlan Awareness
  2. Update all the system packages for Proxmox VE
  3. Preparing Cloud-Init Templates
  4. Creating VM from Cloud-Init Templates
  5. Setup Qemu Agent inside new VM creation.

What I Do ๐Ÿ’ป

  1. Maintain configuration and research best practices for pfSense and Proxmox environment and security.
  2. Documentation for pfSense and Proxmox configuration and setup.

  3. Basic Hardening AlmaLinux 8 VM inside Proxmox

    • Update and upgrade server packages
    • Configure firewall
    • Configure OpenSSH
    • Setup qemu-guest-agent for Proxmox VE
    • Configure swappiness
  4. Preparing material and references to learn Consul and Nomad by HashiCorp

Problem Encountered and Solution ๐Ÿž

ProblemSolutionNote
PPPoE connection error for TM UnifiMiss out Dial-on-Demand ConfigurationMost of the tutorials and documentation online didn't mention about Dial-on-Demand settings
LACP connection drop between TP-Link Managed SwitchChange bridge mode to round-robin for a whileI forgot that TL-SG108E 8 port switches only support LAG but not LACP

References ๐ŸŒ

I will say I mostly watch from this guy Lawrence Systems in helping out setup PfSense for my company requirements.

  1. Lawrence Systems Youtube Channel
  2. What is Linux swap?
  3. Add swap memory on AlmaLinux 8.5
  4. Proxmos VE Docs
  5. Consul
  6. Nomad
ย