pfSense on Watchguard M270

verbatim419

@stephenw10 I downloaded one file from the system that has the extension "sh" and modified it with the script gave in previous posts, after which I transferred the file to the "/usr/local/etc/rc.d/" folder. After saving, I tried to start the shell both via the console and via the guia, but it threw out the above error. I writen script in notepad++. I'm a beginner when it comes to these things, so I apologize for some banalities.

stephenw10

Ok I assume you mean the switch configuration script as shown here?: https://forum.netgate.com/post/990474

You should create that file not add the code to a existing script.

In my setup I run that script using a shellcmd not via rc.d.

Steve

reiter_f

hi, i'm running the M270 too, it works when i switch the ports to forwarding "etherswitchcfg port# forwarding", but it loos the information after rebooting. after the reboot, the ports are disabled

psp

In my setup, I'm running the script @startup in Cron.

stephenw10

@reiter_f said in pfSense on Watchguard M270:

but it loos the information after rebooting. after the reboot, the ports are disabled

Yes the switch is reset to defaults at boot. You have to reconfigure it at boot each time. It's easiest to do that using a script.

reiter_f

@stephenw10
ha, there is no default config
file that you are able to write in? i'm a little bit confused of this strategy,. because there is no ROM storage or something like that..... do you know where the config ist writen temporaly?
how do i link the skript to the boot config, that it will run automatical at booting? ... the best would be to Clean all switch-configs before running the skript...

stephenw10

When the switch is powered on it comes up with all the ports disabled by default. That's how the switch chip has been configured in hardware.

There are several way to run a script. As discussed above I use a shellcmd to do it.

verbatim419

@stephenw10 I created a file with the script that was given before, but it gives me the above problem when I want to run the command. could you (if you are able) write how it is formed exactly and started, I looked for it on the forum but I didn't succeed. Thank you

stephenw10

It depends where the script is and what it's named. But here I would use:

[23.05-RELEASE][admin@6100.stevew.lan]/root: ls
.cshrc                     .k5login                   .profile                   .ssh                       backup                     switch_config.sh
.hushlogin                 .login                     .shrc                      .tcshrc                    realtek-re-kmod-197.00.pkg
[23.05-RELEASE][admin@6100.stevew.lan]/root: chmod +x switch_config.sh 
[23.05-RELEASE][admin@6100.stevew.lan]/root: ls
.cshrc                     .k5login                   .profile                   .ssh                       backup                     switch_config.sh
.hushlogin                 .login                     .shrc                      .tcshrc                    realtek-re-kmod-197.00.pkg

reiter_f

@stephenw10
thank you for the explanation, i will run the skript while booting

reiter_f

i have done the boot precedure alsow with cron, and run the sript with an crontab

*corntab -e

@reboot /usr/local/bin/setup_switch.sh*

an it runs :)
the most tricky thing was the commands of the vi-editor in the crontab :(

for all who arn't using vi-editor (like me):
(i ... for text input | ESC ... for changing to commandline | w: ... for write out | x: ... for exit the Vi-editor)

stephenw10

For mere mortals like most of us use the included EasyEditor ee.

Or for cron just install the cron package and use the gui.

reiter_f

@stephenw10
i tried arround now for a while, the skript with the WAN and the LAN on all ports works realy fine.

the thing with the vlan_mode DOT1Q and the diferent Vlans on the Ports does not.
i've tried it with the Skripft from aboth + the forwarding part, but i don't get an IP (DHCP) on the WAN, when i activate DHCP-server on the LAN - WAN will get the IP from the LAN-DHCP ??

the DHCPs on the LAN and OPT-Lans does not work.

wthat i've done wrong?

stephenw10

What does your script contain?

How are the interfaces configured?

reiter_f

This post is deleted!

stephenw10

@reiter_f said in pfSense on Watchguard M270:

WAN (wan) -> ix0 -> v4/DHCP4: 192.168.2.102/24
LAN (lan) -> ix1.1 -> v4: 192.168.2.1/24

Whatever was configured at that point it's a subnet conflict between WAN and LAN.

reiter_f

i have found the mistake :) ...

i deleted all the interfaces and made them new ix1.### ( ### are now the same number as the Vlans from the skript )

now i can use all seperate Ports with seperate Vlans ...

(WAN-DHCP dosen't work but i think i'll start the config again with cloneing my disk from my hyper-V setup)

reiter_f

@stephenw10

I started the setup now new. the mistake of the WAN DHCP was that i did not to the WAN interface in the VLAN (ix0.###) now every thing works.

thank you for our support, now i'll be able to change all M270s to PFsense.

if it would help someone ... this was my skript, it run while booting in crontab

/usr/local/bin/setup_switch.sh

#!/bin/sh
#
# Script to setup the switch in the M270
#

echo "Congifguring switch ... "
logger Configuring switch ...

etherswitchcfg config vlan_mode DOT1Q

etherswitchcfg vlangroup0 vlan 1 members 1,9t
etherswitchcfg vlangroup1 vlan 101 members 2,10t
etherswitchcfg vlangroup2 vlan 102 members 3,10t
etherswitchcfg vlangroup3 vlan 103 members 4,10t
etherswitchcfg vlangroup4 vlan 104 members 5,10t
etherswitchcfg vlangroup5 vlan 105 members 6,10t
etherswitchcfg vlangroup6 vlan 106 members 7,10t
etherswitchcfg vlangroup7 vlan 107 members 8,10t

etherswitchcfg port1 pvid 1
etherswitchcfg port2 pvid 101
etherswitchcfg port3 pvid 102
etherswitchcfg port4 pvid 103
etherswitchcfg port5 pvid 104
etherswitchcfg port6 pvid 105
etherswitchcfg port7 pvid 106
etherswitchcfg port8 pvid 107

etherswitchcfg port1 forwarding
etherswitchcfg port2 forwarding
etherswitchcfg port3 forwarding
etherswitchcfg port4 forwarding
etherswitchcfg port5 forwarding
etherswitchcfg port6 forwarding
etherswitchcfg port7 forwarding
etherswitchcfg port8 forwarding
etherswitchcfg port9 forwarding
etherswitchcfg port10 forwarding

echo "done"
logger done

then i've done the " 1) Assing Interfaces" - configuration
with creating on ix0 the Vlan 1 (ix0.1), on ix1 the Vlans 101-107 (ix1.101, ... ,ix1.107)
(finisching without selecting/using the ix0 and ix1)
and at last " 2) Setup interface(s) IP adress"

*** Welcome to Netgate pfSense Plus 23.05-RELEASE (amd64) on pfSense ***

 WAN (wan)       -> ix0.1      -> v4/DHCP4: 192.168.16.58/24
 LAN (lan)       -> ix1.101    -> v4: 192.168.2.1/24
 OPT1 (opt1)     -> ix1.102    -> v4: 192.168.102.1/24
 OPT2 (opt2)     -> ix1.103    ->
 OPT3 (opt3)     -> ix1.104    ->
 OPT4 (opt4)     -> ix1.105    ->
 OPT5 (opt5)     -> ix1.106    ->
 OPT6 (opt6)     -> ix1.107    ->

 0) Logout (SSH only)                  9) pfTop
 1) Assign Interfaces                 10) Filter Logs
 2) Set interface(s) IP address       11) Restart webConfigurator
 3) Reset webConfigurator password    12) PHP shell + Netgate pfSense Plus tools
 4) Reset to factory defaults         13) Update from console
 5) Reboot system                     14) Enable Secure Shell (sshd)
 6) Halt system                       15) Restore recent configuration
 7) Ping host                         16) Restart PHP-FPM
 8) Shell

the result was:

[23.05-RELEASE][root@pfSense.home.arpa]/usr/local/bin: etherswitchcfg
etherswitch0: VLAN mode: DOT1Q
port1:
        pvid: 1
        state=8<FORWARDING>
        flags=0<>
        media: Ethernet autoselect (1000baseT <full-duplex>)
        status: active
port2:
        pvid: 101
        state=8<FORWARDING>
        flags=0<>
        media: Ethernet autoselect (1000baseT <full-duplex>)
        status: active
port3:
        pvid: 102
        state=8<FORWARDING>
        flags=0<>
        media: Ethernet autoselect (none)
        status: no carrier
port4:
        pvid: 103
        state=8<FORWARDING>
        flags=0<>
        media: Ethernet autoselect (none)
        status: no carrier
port5:
        pvid: 104
        state=8<FORWARDING>
        flags=0<>
        media: Ethernet autoselect (none)
        status: no carrier
port6:
        pvid: 105
        state=8<FORWARDING>
        flags=0<>
        media: Ethernet autoselect (none)
        status: no carrier
port7:
        pvid: 106
        state=8<FORWARDING>
        flags=0<>
        media: Ethernet autoselect (none)
        status: no carrier
port8:
        pvid: 107
        state=8<FORWARDING>
        flags=0<>
        media: Ethernet autoselect (none)
        status: no carrier
port9:
        pvid: 1
        state=8<FORWARDING>
        flags=1<CPUPORT>
        media: Ethernet 2500Base-KX <full-duplex>
        status: active
port10:
        pvid: 1
        state=8<FORWARDING>
        flags=1<CPUPORT>
        media: Ethernet 2500Base-KX <full-duplex>
        status: active
vlangroup0:
        vlan: 1
        members 1,9t
vlangroup1:
        vlan: 101
        members 2,10t
vlangroup2:
        vlan: 102
        members 3,10t
vlangroup3:
        vlan: 103
        members 4,10t
vlangroup4:
        vlan: 104
        members 5,10t
vlangroup5:
        vlan: 105
        members 6,10t
vlangroup6:
        vlan: 106
        members 7,10t
vlangroup7:
        vlan: 107
        members 8,10t

and now only the Firewall-configuration with the web-gui 192.168.2.1

thanks for all the help

stephenw10

Be careful using VLAN1. I would try to avoid that if possible.
https://docs.netgate.com/pfsense/en/latest/vlan/security.html#using-the-default-vlan-1

Steve

reiter_f

@stephenw10
thanks, i will change it