PfSense on a Riverbed Steelhead
-
@okijames At first I didn't to do an if up, but when I connect to the network nothing happens.
These is my interface status:
and these is my network config file:# network interface settings; autogenerated # Please do NOT modify this file directly, unless you know what # you're doing. # # If you want to manage parts of the network configuration manually, # please utilize the 'source' or 'source-directory' directives to do # so. # PVE will preserve these directives, but will NOT read its network # configuration from sourced files, so do not attempt to move any of # the PVE managed interfaces into external files! auto lo iface lo inet loopback auto enp3s0 iface enp3s0 inet manual auto enp1s0f1 iface enp1s0f1 inet manual auto enp1s0f2 iface enp1s0f2 inet manual auto enp1s0f3 iface enp1s0f3 inet manual auto enp1s0f4 iface enp1s0f4 inet manual auto enp4s0 iface enp4s0 inet manual auto bond0 iface bond0 inet manual bond-slaves enp3s0 enp4s0 bond-miimon 100 bond-mode balance-rr auto vmbr0 iface vmbr0 inet static address 100.64.10.1/24 bridge-ports bond0 bridge-stp off bridge-fd 0 auto vmbr1 iface vmbr1 inet static address 192.168.1.1/24 bridge-ports enp1s0f1 bridge-stp off bridge-fd 0and there is my dmesg logfile:
dmesg.txt -
@lemon-k I must be misinterpreting something. It appears to me both your nodes are connected in a cluster (therefore using a functional network), and you have VMs running on each node. This is significantly different from "nothing happens" so I don't understand the issue.
I suggest trying the Proxmox forums and detailing what you're trying to accomplish and what is and is not working.
-
@stephenw10 Hi gonna jump on this my self, Picked up a CX-255 my self intending on Using it as a PfSense Box. i see a part number labeled 450-00556-03 on the bottom of my case.
I have My Onboard LAN Bypass Settings in my bios set to No Bypass.
They are showing up in pfsense but dont work still, is there any other commands and such i may need to run.i can provide any other info if needed like outputs from commands and such
-
Note: The setup wizard's link up/down auto port detection for identifying ports is not reliable. OS level link up/down detection works fine, but not in the wizard for some reason. So your NICs are probably working fine, but not for the wizard's auto port detection. You pretty much have to manually figure out which port = which igb NIC, then assign them manually to LAN, WAN, etc.
IIRC the mapping on my CX-570 is...
Pri = ign4
Aux = igb5
LAN/WAN ports are igb0 through igb3 -
@okijames During the setup i manually picked the nics and igb0-1 just seem to be passing through to each other only one that seems to work is igb2 which is the nic labeled PRI
Had picked Igb0 for WAN and igb1 and 2 for my lans
Had been planning on trying to use this as my main router instead of the crappy ISP one.I know there's a passthrough happening as even though igb1 is set to have the range 192.168.1.0/24, the device plugged into that port is is picking up an IP from the ISP router which is my wan for testing.
-
@theorangefloof Ok a couple things...
First, just out of an abundance of caution, I would not use a pair of ports capable of bypass (Ex: LAN_0 and WAN_0) as pfsense LAN/WAN ports. There's just too much potential for them to be set to bypass, where they behave as a physical crossover coupler. Use Pri and Aux instead.
Second, many Steelheads have IPMI/BMC available on the Pri port, so it's best to use it as a pfsense LAN port. Use Aux as the WAN port and Pri as the LAN port because they have no bypass capability between them, and the Aux port does not have IPMI/BMC.
On CX-570/770 the IPMI/BMC board is removable if 100% disabling of this capability is desired. Removing the board would allow safe use of Pri as a WAN port without potentially exposing IPMI/BMC to the world.
Oops, just did a little searching and...
In your case with a CX-255, which has no Aux port and no mention IPMI/BMC so, I'd use the Pri as WAN, and the bypass ports for your two LANs.
If you're still seeing bypass behavior between LAN ports, try some of the other BIOS options for the bypass NICs. I don't have a CX-255 or I'd check for you.
FWIW, the bypass feature (two ports acting like a cross-over coupler) should only engage when the Steelead is powered down. When power is applied, and the NICs are up, they should behave like two normal NICs.
-
@okijames Okay i tried the Lan bypass setting in the bios as any of the 3 values, still getting the bypass behavior, and the lights on igb0-1 are always showing orange no matter the setting picked in the Bios, also emailed to the seller who i brought this off he linked me to post 56 in this exact thread. so haven't gotten anywhere further yet
-
@theorangefloof FYI the post you were referred to is probably not correct for your model. That was for the older CX-250/550 32bit machines with no BIOS control of the bypass function.
If your BIOS looks like the screen shots below, all you needed to do was set the bypass NICs to "No Bypass".
Behavior of the bypass NICs should be...
-Orange/Amber NIC lights immediately after power up using the toggle switch on the back of the unit.
-After a couple seconds, you should hear a distinct click sound, then no NIC lights. The Power and HDD LEDs should also turn on after the click.You might also try dropping to shell after boot, and issue ifup commands for both bypass NICs.
If you followed post 56 and issued the smbmsg commands, I have no idea what state your machine is in. The bypass NICs might be unusable. Sorry if that's the case. I'll edit the old post with a warning.
-
This is what my bios looks like, didn't run the commands other than kldload and smbmsg -p, the addresses i have were completely different to that post anyway.
ran ifconfig igb0 up and ifconfig igb1 up, nothing no relay clicks that i could hear.
also haven't heard anything other than the startup/shutdown beeps and the fans.
Also the nic lights don't go off after i run those commands, i also looked at the status from ifconfig it says no Carrier on igb0 and 1. -
@theorangefloof Hate to say it, but you might just have some bad hardware.
-
@okijames You are right. I found a cx-770.
Apparently, it should be able to hear the relay when turning the machine on, but was not heard on my previous cx-570. After I replaced the relays, those Nic worked fine.
This has nothing to do with proxmox or pfsense.
-
Nice troubleshooting!
-
@lemon-k What kind of relay did you replace?. My CXA-255 has "No Bypass" set up but the NIC still won't work. Thanks.
-
@pantigon
Hello, just wanted to know if you had any luck of finding a fix for bringing lan and wan interface up once the pfsense is up.
keep in mind I didn't see this behavior on 755 model just 255 model so far -
@TheOrangeFloof did you have any luck with this issue?
-
@KOTRz after some back and forwards with the seller he sent me a new board were he just removed the relays and just hard soldered the connections so the ports would work as NICs. He also tested it before sending it and I tested it again when I received the new board and pfsense worked fine then. I would of replied to the thread back them but it completely slipped my mine until I saw the email about the reply
-
@TheOrangeFloof said in PfSense on a Riverbed Steelhead:
he just removed the relays and just hard soldered the connections
That seems like cheating.
-
@stephenw10 I mean yeah it can be but hey it worked
-
@TheOrangeFloof Thx for the info
can we know more info about those relays and how to modify them so we get over this issue? -
@pantigon did you have any luck with cx255?
