#!/bin/bash # ############################################################################################################## # # # Script creates and configure VirtualBox virtual machine for Pfsense installation as your personal firewall # # on Linux. Then it starts Pfsense installation from Live CD ISO disk. # # # # Before you start the script you have to do following: # # # # - Download Pfsense Live CD ISO from https://www.pfsense.org/download/ # # # # - Create a virtual tap interface e.g tap0, assign IP address to tap interface and create a default route # # pointing to Pfsense LAN interface (e.g. 192.168.1.1). # # # # tunctl -t tap0 # # ifconfig tap0 192.168.1.2 netmask 255.255.255.0 # # route add default gw 192.168.1.1 # # # # Note: Script will bridge interface tap0 to the interface em1 (LAN) in VirtualBox Pfsense configuration. # # You have to assign IP address 192.168.1.1/24 to em1 interface during the Pfsense installation. # # # # - Assign a null IP address 0.0.0.0 to an interface (e.g. eth0) that will be bridged to the interface em0 # # (WAN) of Pfsense virtual machine and remove a default route pointing via this interface to the Internet.# # # # ifconfig wlan0 0.0.0.0 # # route del default dev eth0 # # # # Note: You have to assign IP address 192.168.1.1/24 to em0 interface during the Pfsense installation. # # After installation, connect to Pfsense LAN interface IP address - 192.168.1.1 using web browser. # # Username and password is admin/pfsense. Configure NAT for em0 interface and a default route # # pointing to the Internet. # # # # - Stop service iptables # # # # service iptables stop # # # ############################################################################################################## function usage { echo -e "Usage: $0 [OPTIONS]" echo "OPTIONS: " echo -e " -f path to Pfsense live CD ISO image" echo -e " -l name of interface that will be bridged with LAN interface of Pfsense appliance" echo -e " -m RAM (MB) assigned to Pfsense appliance" echo -e " -n name of Pfsense appliance" echo -e " -w name of interface that will be bridged with WAN interface of Pfsense appliance" echo -e " -h display this help" } function read_arg { while getopts ":f:l:m::n::w:h" arg; do case "$arg" in f) live_cd=$OPTARG;; l) lan=$OPTARG;; m) ram=$OPTARG;; n) vm_name=$OPTARG;; w) wan=$OPTARG;; h) usage exit;; esac done } function check_arg { #Check if valid arguments are entered and appropiate software installed [[ ! $((type -f virtualbox) 2>/dev/null) ]] && echo "VirtualBox is not installed" && exit [[ -z $live_cd ]] && echo "Enter path to Pfsense ISO image, use $0 -h" && exit [[ ! -f $live_cd ]] && echo "File '$live_cd' not found" && exit [[ -z $lan ]] && echo "Enter the name of interface that represents LAN interface of Pfsense, use $0 -h" && exit [[ ! $((ifconfig $lan) 2>/dev/null) ]] && echo "Interface '$lan' not found" && exit [[ -z $wan ]] && echo "Enter the name of interface that represents WAN interface of Pfsense, use $0 -h" && exit [[ ! $((ifconfig $wan) 2>/dev/null) ]] && echo "Interface '$wan' not found" && exit # If no RAM is specidied, assign 1024MB RAM for VM [[ ! $ram ]] && ram=1024 # If no name is entered. use the VM name 'Pfsense' [[ ! $vm_name ]] && vm_name='Pfsense' } function deployvm { # Create VM vbox_file=$(VBoxManage createvm --name $vm_name --ostype FreeBSD_64 --register | grep 'Settings file' | cut -d "'" -f2) # Get VMs directory vbox_dir=$(dirname $vbox_file) # Get path to VDI image vdi_image=$(echo "$vbox_dir/$vm_name.vdi") # Create the hard disk VDI image for the virtual machine vboxmanage createhd --filename $vdi_image --size 8192 --format VDI --variant Standard # Assign parameters to VM vboxmanage modifyvm $vm_name --memory $ram # Create IDE Controller vboxmanage storagectl $vm_name --name IDE --add ide --controller PIIX4 --bootable on # Attach VDI disk to IDE controller vboxmanage storageattach $vm_name --storagectl IDE --port 0 --device 0 --type hdd --medium $vdi_image # Attach ISO image to IDE controller vboxmanage storageattach $vm_name --storagectl IDE --port 0 --device 1 --type dvddrive --medium $live_cd # Create NICs and bridgem them with host adapters vboxmanage modifyvm $vm_name --nic1 bridged VBoxManage modifyvm $vm_name --bridgeadapter1 $wan echo -e "\nInterface '$wan' represents interface 'em0' in Pfsense configuration" vboxmanage modifyvm $vm_name --nic2 bridged VBoxManage modifyvm $vm_name --bridgeadapter2 $lan echo -e "Interface '$lan' represents interface 'em1' in Pfsense configuration\n" # Start Pfsense installation vboxmanage startvm $vm_name } # BODY read_arg $@ check_arg deployvm