NanoBSD version installs are not flexible enough…

Bill48105

@Steve: If you were referring to my comment I mean it would be nice if nano/embedded didn't get vga/kb support to at least consider acting like most soho routers where pfsense uses detected NIC's rather than sit there waiting for setup via serial console.. (I realize that with particular hardware it does just that but I mean for everyone else without that particular hardware..)  If it can detect at least 1 NIC it should be able to assign 192.168.1.1 (or such) to it & enable dhcp. Then maybe 99% of the time one does not need serial console (ports/cable/terminal sw) to do initial setup.  There could be a published list of the order they are tried or one could simply plug in patch cord & see if they get an IP & if so they are good to go otherwise plug into the next NIC jack, rinse & repeat. (My earlier comment was to assign each a different private IP but I wonder if that is more trouble than worth)

And yeah one can buy parts up the wazoo to make things work (like usb to serial adapters) but to me ideally one should be able to use what they have on hand (Nic's & patch cords which we all have) & not need to worry about having things that are kind of rare these days or need to buy more stuff. (Ok many could argue the same could be said about almost any piece of hardware such as CF->IDE adapter etc but I am looking at it as how common the item is and how likely that item can be used for other things now & into the future. Serial has been pretty much dead for years other than rare oddball stuff. Back in the day serial ports were on all computers & we all had serial cables & adapters in our kit but it's 2011! lol)

Anyway, I for one don't really find it a big deal because as I said, it seems if one does embedded they likely have the stuff & know how to do it & everyone else will likely use installer cd & not worry about embedded but at the same time I can see the argument to try & make it simpler or at least more convenient too. Impossible to please everyone but sometimes there is a happy middle ground still. :)
Cheers!
Bill

stephenw10

I was refering to question b) in the original post but I see what you mean now. If you're using dd-wrt or openwrt it boots up to a web interface by default and you only need serial access if something goes wrong or you have unusual hardware.
I guess it's just not a problem I've had so I didn't realise I might be a problem.
Probably more of a background thing. If you're used to rack mounted switches and routers, using a serial console for setup is not going to seem unusual. If you're a home user, however, then trying to find a null-modem cable and computer with a serial port is like working with antiques.

You could always modify the config file on the CF card in advance so that the interfaces are pre-configured. Not that I've tried that.  :-\

Steve

rcfa

@stephenw10:

I was refering to question b) in the original post but I see what you mean now. If you're using dd-wrt or openwrt it boots up to a web interface by default and you only need serial access if something goes wrong or you have unusual hardware.

Are you suggesting that most standard NICs are automatically recognized and used in the embedded system? I was under the assumption that only the specific configuration of Alix and a couple of other boards as tested for, and everything else had to be configured manually from the serial console.

Well, maybe something went wrong with the writing in the CF card, but in my case nothing booted to a web interface, and I have rather common intel Pro networking (em0 - em5) so if that driver is supposed to be auto-detected, then the image must have been written wrong.

But if there's no issue with the CF card's file system, then it means even something as unexotic as intel Pro NICs aren't recognized without manual configuration.

Bill48105

@Steve: Yup pretty much boils down to what people are used to. I'm used to both camps so neither is foreign to me but I'd definitely rather plug in lappy via network cord, get assigned an IP & enter gateway IP into browser than deal with serial cable any day. :D  Btw afaik the CF card is not fat/fat32/ntfs so very tough to edit the config file for the average Joe with doze. ;)

@rcfa: Based on watching the serial console info during bootup nanoBSD definitely detects supported nics (I have a realtek onboard & 3 Intel gigabits on daughterboard that are all detected & assigned interface names) but the problem is except for SPECIFIC hardware/nics those 'unrecognized' nics are just not CONFIGURED automatically so it is sitting there waiting for you to answer questions via serial console for the initial setup (the same you see when you boot the install cd on system with video/kb) rather than just loading some default private-ip setup like most/many routers do to let you do initial setup via ethernet.

stephenw10

@rcfa:

Are you suggesting that most standard NICs are automatically recognized and used in the embedded system? I was under the assumption that only the specific configuration of Alix and a couple of other boards as tested for, and everything else had to be configured manually from the serial console.

What Bill said above!  :)
All the NICs that are supported in the full install (mostly whatever FreeBSD supports) are supported under NanoBSD install it's just that you have to select one to be LAN from the serial console at first boot.

Is there a possible security issue with having a web setup? At the moment you have to have physical access to the box to set it up, that could be seen as a good thing.

Steve

rcfa

Is there a possible security issue with having a web setup? At the moment you have to have physical access to the box to set it up, that could be seen as a good thing.

Frankly, I could care less about the security issue. Here's why:
a) the chance of someone hacking my box in the few minutes between it being first booted and me getting into the web interface is pretty darn small.
b) if someone configures accounts, etc. before I get a chance to do so, there's a good chance I'll discover, and
c) most importantly: it's rather unlikely that the box will be hooked up to the public internet the first time around anyway, because it'll be hooked up to the laptop to do the configuration, so there'll be the famous air-gap to the public net until I'm done with the initial configuration.

So, if the interfaces are recognized, I don't see why they are not all configured to grab an address through DHCP. Then whichever one is hooked up to the LAN will get an IP address, I can get in with the laptop, and a few minutes later I'd be good.

cmb

There's nothing antiquated about serial consoles, if you do much work with networks at all, you have what's needed (or you should). Every worthwhile managed switch and most all commercial routers require serial consoles. Hook up the serial console, assign the interfaces, done. At some point we may automatically assign interfaces, until then, a serial console isn't uncommon at all, don't act like it's a 5.25" floppy, go tell Cisco, HP, Juniper, etc. as they all require serial consoles.

rcfa

@cmb:

There's nothing antiquated about serial consoles, if you do much work with networks at all, you have what's needed (or you should). Every worthwhile managed switch and most all commercial routers require serial consoles. Hook up the serial console, assign the interfaces, done. At some point we may automatically assign interfaces, until then, a serial console isn't uncommon at all, don't act like it's a 5.25" floppy, go tell Cisco, HP, Juniper, etc. as they all require serial consoles.

Well…
...it depends whom you're targeting. If I were to install pfSense for a large organization, I'd get a 1U rack-mount server, and even though in that environment there would likely be terminals etc. floating around, I wouldn't need them, because even if I want to go the solid-state storage route, I'd just put in a 2.5" SSD drive, install the full version, and call it a day.

Only in an environment with wimpy enough networking demands, such as home use, would I even consider going with the embedded version. I want my hardware to be a bit beefier, such that's future proof, and also because I want to try to run freeSwitch on one of the two boxes (that one will have the full version of pfSense, but it will be local, so if the CF card wears out, I can within hours be back up and running again).
So the environment in which the embedded version is most likely going to be used is a branch-office, home-office or plain home use.

I'm fairly involved with computers on a daily basis, this being my job, but outside my own private net, I'm not a network admin or working in a data center. Despite that, the last time I dealt with a terminal was when I installed as a gag a VT100 terminal in my bathroom, and hooked it up to my NeXT computer so I could joke with some friends about from where I just sent them the e-mail. That was when I was still in college, some 20 years ago. The last time I still used a serial connection for anything else was with a fax modem hooked up to the NeXT, too, which is also at least 15 years ago. Since then, everything has been USB, or network+ssh; I neither have UUCP nor kermit installed on any of my computers, even though they used to be some of the first things I put on any hardware after it came out of the box.

So in a home/office environment, particularly in a Mac OS X setup, serial communications are truly about as antiquated as 5.25" floppy disks. I know, in a data center that's very different, but why anyone in a data center would bother with the embedded version instead of running the full-featured version on a 1U server, would be beyond me.

Bottom line as far as I can see: without the network based OR console setup, a large segment of most likely nanoBSD users are going to have a much harder time than necessary. The network aspect isn't even the worst. If only the system could check for the presence of a video and keyboard device and not just blindly disable the console if these are present, that would solve all my issues, because my embedded device has a break-out cable to hook up screen and keyboard, exactly to make it possible to do initial setup, change BIOS settings, etc.

To use anything with a serial connection, I probably would have to spend as much money on USB-serial adapters, cables, etc. that I might be cheaper just replacing the CF card with a small e.g. 32GB SSD drive and installing the full version.

My point: if we're making using the the embedded version that difficult/expensive, then why even bother supporting it? Might just as well tell people to get a cheap SSD drive and run the full version.

stephenw10

You can still install the embedded version from the install CD which I believe has VGA console. You don't get the advantage of NanoBSD's backup slices.
You have to be able to boot from CD or USB which, for me, would be far more of a problem than using serial!  ::)

Steve

Bill48105

@cmb:

There's nothing antiquated about serial consoles, if you do much work with networks at all, you have what's needed (or you should). Every worthwhile managed switch and most all commercial routers require serial consoles. Hook up the serial console, assign the interfaces, done. At some point we may automatically assign interfaces, until then, a serial console isn't uncommon at all, don't act like it's a 5.25" floppy, go tell Cisco, HP, Juniper, etc. as they all require serial consoles.

Pfft, you must run with the big dogs then! :D  Other than a freak thing last month where my cousin who sets up cell towers needed help with his USB->serial adapter working with some oddball programming utility, I hadn't touched serial since mucking with Tivo 1's to connect via PPP over the headphone serial port because the internal modem was borked! Anyway let's just say it isn't very often & when it has been has always been obscure equipment. I realize in some circles serial might be used daily still but the average Joe does not and many think you mean USB when you mention serial IF they even make that connection. And average computer person setting up a router likely knows what serial is but either doesn't have serial port, null cable, terminal sw (Win vista/7 don't even have hyperterminal anymore but then again almost need a 2k lappy to still have serial port lol), or has to big thru boxes tucked in the basement which was what happened in my case.

A big part is thanks to the Legacy Free PC 'standard' from like around 2000 (hard to believe that was 11 years ago!) which Dell in particular took a liking too, likely because it saved them money. And you know serial stuff has gone way of 5.25" floppies when stores don't carry the adapters/cables. Heck even rat shack site says web only for almost everything serial, and that is a whopping 5 things they happen to still sell. lol

Anyway as I said earlier, personally it ended up not being a big deal for me since I had the stuff but had I had not I would have swore a few times & installed the full version from CD & got over it. Of course hoping that my CF card didn't get wore out too quickly. My comments were meant merely to agree it would be helpful if the embedded/nano version could be more user friendly in initial setup not to debate if serial was dead or not. ;)
Bill

stephenw10

@cmb:

There's nothing antiquated about serial consoles

It could just be me that's antiquated!  :(
It never fails to amaze me that some people have actually stopped using email entirely in favour of facebook. Those same people probably don't use serial that often.  :P

Is there some big problem to having both serial and CGA console? Perhaps a boot time parameter could be used to switch consoles?

Steve

Edit: Ironic typo left in for effect.  :D

mhotel

RS-232 ports are getting a bit harder to find these days.  I kept an old laptop with a built-in COM port around for years, but finally gave up when its battery became useless and I couldn't read the screen very well due to CCFL aging.

It does seem like some sort of compromise between a full install and the existing Embedded build would be useful.  Maybe a full-featured build based on NanoBSD would work.

Bill48105

@stephenw10:

@cmb:

There's nothing antiquated about serial consoles

It could just be me that's antiquated!  :(
It never fails to amaze me that some people have actually stopped using email entirely in favour of facebook. Those same people probably don't use serial that often.  :P

Is there some big problem to having both serial and CGA console? Perhaps a boot time parameter could be used to switch consoles?

Steve

Edit: Ironic typo left in for effect.  :D

LOL! Wait I check my facebook via 300 baud serial modem don't you? :D

But I got the biggest chuckle over CGA. Compressed Gas Association? LMAO!  Not sure if that was intentional (since CGA is long long LONG extinct except apparently in some IT departments who still use serial daily cuz Cisco says so) but it had been so long since I even seen CGA written out it took me a minute to register what it was. Now that is sad on my part & shows those brain cells have undergone garbage collection long ago. hehe

Anyway all in good fun. No offense to anyone.
Bill

gloomrider

Did we ever get to the underlying question?  Does pfSense work on this box?  Was any attempt made?  Or does the lack of a VGA, DVI, DisplayPort, or HDMI connector disqualify the box as "not modern" or "not home friendly"?

4GB of RAM, Intel ethernet, Atom D510 (dual core).  If this box performs the way the specifications suggest, and the price is reasonable, I would say this is an ALIX killer for sure.

Forgive me, but since pfSense is a group effort, is it reasonable to ask what the output was on the serial console at boot time?

EDIT: Found this post: http://forum.pfsense.org/index.php/topic,27780.msg144750.html#msg144750

All kinds of serial goodness in there  ;D

Bill48105

@gloomrider:

Did we ever get to the underlying question?  Does pfSense work on this box?  Was any attempt made?  Or does the lack of a VGA, DVI, DisplayPort, or HDMI connector disqualify the box as "not modern" or "not home friendly"?

4GB of RAM, Intel ethernet, Atom D510 (dual core).  If this box performs the way the specifications suggest, and the price is reasonable, I would say this is an ALIX killer for sure.

Forgive me, but since pfSense is a group effort, is it reasonable to ask what the output was on the serial console at boot time?

If it helps I built new pfsense box last week with:
JetWay JNC92-330-LF Mini ITX Motherboard & Intel Atom 330 CPU (Onboard Realtek RTL8111C gigabit)
Jetway 3x Intel Gigabit LAN Module AD3INLANG (82541PI x 3)
512MB DDR2
4GB Kingston CF card with CF->IDE adapter
120W PSU in mini itx case

Using USB CF reader I put put on pfSense-2.0-RC1-2g-i386-20110226-1633-nanobsd.img
I had to turn off DMA & UDMA in bios & force LBA mode to get it to boot.
I attached DB9-DB9 null modem cable to lappy & opened hyperterminal set to 9600,N,8,1
Once it started to boot it looked like it wasn't working because there was just a blinking cursor in upper left of VGA screen but eventually 1 line of text appears.
In hyperterminal it was ready immediately, asking me to choose partition 1 or 2 & the delay was that waiting.
You can watch it detect hardware & it does indeed detect all 4 NIC's.
Eventually it gets to screen asking if I wanted to setup VLAN's & then the normal wizard for setting up LAN/WAN/OPTx interfaces
Once i assigned LAN & setup a different private IP range I did the rest of the setup on via the web interface.

So far it works great. I have 3 wans & 1 lan and playing with load balancing & failover.  It shows 18% mem use, 16% space used & CPU stays at 0 unless I enable all 3 traffic graphs then it spikes to 6-8%.  (From looks of top output php is the culprit but not sure why it'd use so much with 10 second updates. I don't recall the full install version doing that on the 3Ghz P4 Dell I had tested.)  The only real issue I had were bugs in the code causing headaches setting up PPPoE, a different bug causing system to no longer boot when I chose wrong interface on PPPoE and for some reason browsing internet has big delays when I have multiwan group set as default vs WAN (even when I have WAN as tier 1 & others as tier 2) so I still need to figure that out.

Anyway this setup is definitely an ALIX killer even with the lowly 512 stick! 1.6Ghz Dual core with hyperthreading Atom is actually very snappy & I doubt I'll be able to load it down.  Btw it measures 42W. Most of that is the old crap chipset used on that motherboard but I couldn't justify $80 more for the updated one to save 18W of power.  (I paid $99 for the mb & $77 for the 3 port nic daughterboard. I had the rest of the parts on hand already so killer router for $176 which was almost $20 less than what I was quoted for a shipped ALIX.2D13 & that only had 256M & 3 NIC's & what I gather a much slower processor  :D )

Anyway sorry not the same system but similar enough hopefully that was useful.
Bill

gloomrider

Thanks

Lots of us are looking for a fanless, embedded, low power solution with GigE and enough processing horsepower to sustain 100s of Mb/sec over the Ethernet ports.  I can't find a price or a source for the Lanner box(es) anywhere.  But it's a good sign that we're starting to see these  :)

Bill48105

gloomrider,
From what I could tell all of the Jetway Atom boards are fanless except the 330 & I believe it is the CHIPSET that has a fan not the CPU itself. The Jetway has the daughtboard sockets where you plug in board, 3 of which are 3 port NIC options: Intel gigabit, realtek gigabit & realtek 100mbit. I opted for the intel one even though it was $30 more than the realtek because it supposedly performs better & has better driver support & so far both appear to be be true based on my testing.

So if you went for the D510 or D525 or based board it should be like 8-10W less & have about the same power as the 330 yet no fans.  Or the N270 was like 18W less but 1/2 the processing speed too (based on cpubenchmark.net values).  I'm content with 42W (measure at plug with kill-a-watt meter) & the essentially silent fan that is on the board I chose. :)
Bill

stephenw10

The N550 board will use even less power as it supports speedstep and the desktop Atom CPUs don't.

Steve

rcfa

Just to clarify: the Lanner has a serial port, but I have nothing that I can hook up as a terminal to it.

Also: the Lanner with the CF card will happily run the full version, however

a) in a device located on the other side of the continent I don't want to risk wearing out the CF cards memory cells and then have to do an emergency plane trip to service the unit

b) I would like to have the backup slice, such that if an OS upgrade gets screwed up, or anything like that, I have something to fall back on without expensive plane trip to service the unit.

I have a second Lanner box, on which I have already the full version of pfSense installed. Locally I don't mind the full version, because CF cards are cheap, and should it ever wear out, I just re-install from scratch, load a configuration backup, and am done with it.
Also, since I want to run freeSwitch locally, I have to use the full version here anyway.

The issue thus is not if the Lanner can run the full or embedded version; it should be able to run either just fine.
The issue is, how do I get this thing configured.

If nanoBSD-pfSense wouldn't BLINDLY turn off VGA and keyboard support, but would test if the drivers load, then I could configure it with screen and keyboard attached, instead of using a serial console.
If nanoBSD-pfSense would enable DHCP on the first NIC found, regardless of the driver used, then that should work, too. Right now, from what I gather, it only does that with certain types of hardware it's familiar with, and for everything else you have to do initial setup over a serial console, and that's the stumbling block.

I'll try to edit the config file directly somehow, by mounting the CF card on the other pfSense box with a USB card reader, but few people will have a second pfSense box handy for that.

GruensFroeschli

A standard FreeBSD in a virtualbox is sufficient.
You can use this guide:
http://doc.pfsense.org/index.php/Modifying_Embedded