Installing on a Firebox X700

GOBIGRED

Steve ,

Still cant get a ip on the lan, from the new lan 2 i can ping the wan but cant get a ip when i plug in a device

stephenw10

You need to leave the gateway as 'none' in the interface config (gateways are only used on WAN interfaces).
Then setup a dhcp server on the interface in Services: DHCP Server: LAN2.

Steve

GOBIGRED

Ok i just tried what ou said took all the gateways off and reconfigured the dhcp server on LAN2 and still nothing? what should i do give up? ???

GOBIGRED

What else could i be missing?

stephenw10

Are you getting a phsical connection on the LAN2 interface?(the leds lighting up when you plug in the client). I only ask because on my box I had to put a switch in between the firebox and any client computers. Hard to beleive but I think the X-Core may be old enough that it doesn't has auto MDIX.

Dont give up now after 5 pages!  :D

Steve

GOBIGRED

this is weird to me so i tried using 192.168.2.0 for the lan it didnt work and used the 192.168.1.1 and i can plug stuff in and it works do you know why? also by using the 192.168.1.0 range when i install wifi is this gonna cause problems?

stephenw10

Each interface must use a different subnet. The usual subnet is /24 (subnet mask 255.255.255.0). If you are using a /24 (you are) then 192.168.1.1 and 192.168.1.0 both in the same subnet.

You can add you access point to the LAN, just connect it to the switch, and that will be no problem. However you may want it on a separate interface for better security.

Adding an extra interface should be relatively easy.

Steve

GOBIGRED

yes sorrry typed wrong why would the 192.168.1.1 allow me to the internet but not the 192.168.2.1? aloso when i log in it says unable to update? Did the name change for the update site?

GOBIGRED

was playing with it AGAIN tonight and trying to get wifi set up, no luck i thinks its because it overlaps with the 192.168.1 X network so i need to figure out how to configure another lan for wifi and use the 192.168.1.X for stuff that doesnt need a public ip? AM I correct?

stephenw10

I'm not sure how you have your wifi access point connected and configured but yes you need it on a different subnet if you are connecting it to a different interface. It doesn't matter which subnet you give to each interface as long as they are different.

@GOBIGRED:

yes sorrry typed wrong why would the 192.168.1.1 allow me to the internet but not the 192.168.2.1?

If when you connect your client to the new interface you receive an IP but can't get internet access it's very likely that you have not configured a firewall rule on that interface to allow it.
Look at the default rule on the LAN interface. Copy that rule to LAN2 but change references to LAN to LAN2.
This will give a very permissive connection (everything is allowed out) but you can always change that later.

Steve

GOBIGRED

Steve,
Thank you so much for kindly helping a newbie!! Things are up and running great thanks to your help!!!Now time to do some learning!!!

GOBIGRED

ohhh,  :D
one more quick question is there a fix for the led lights mine are orange and red?

Thanks

GOBIGRED

just noticed this error when trying to update
""""Downloading new version information…done
Unable to check for updates.
Could not contact pfSense update server http://updates.pfsense.org/FreeBSD_RELENG_8_1/i386/pfSense_RELENG_2_0/.updaters/""

Is there a fix for this?

stephenw10

Check you have the correct update URL.
Go to System: Firmware: Settings: and select pfSense i386 stable updates from the drop down.
It should then say: http://updates.pfsense.org/_updaters in the base URL box.
Save the setting.

The arm/disarm LED can be controlled, I wrote a program to do it.  ;D
You can read about my efforts in this thread.
Download the most recent version from this post. Remove the .png extension from it, that's just so the forum will accept it.
Now you need to copy it to somewhere permanent on your firebox and make it run at boot up with whatever LED setting you require.
There are a number of ways to do this but here's what I do.
Connect to your firebox console (via serial or ssh) and type:

/etc/rc.conf_mount_rw

This will allow you to write the file, by default the filesystem in read only.
Now copy WGXepc to /conf, I use WinSCP to do this. Normally you wouldn't ever put anything in /conf but WGXepc is a very small file and /conf survives a firmware update.
Change the file permissions so it is executable, you can do that in WinSCP or using chmod at the console.
Now at the console type:

echo '/conf/WGXepc -l green' > /usr/local/etc/rc.d/WGXepc.sh

This will create the file WGXepc.sh in /usr/local/etc/rc.d which is run at boot. Make sure it's file permissions are set to excecutable:

chmod 0755 /usr/local/etc/rc.d/WGXepc.sh

Now remount the file system back to read only:

/etc/rc.conf_mount_ro

You can experiment with the different LED settings, if you call the program with no arguments it gives some help.

fmertz is currently incorporating the led code into the lcd driver so we should soon have this all packaged nicely. That will also open the possibility of using the LED to indicate something useful.

Steve

Edit: If someone wants to tell me a better location that survives a firmware update I'm open to suggestions!  ;)

GOBIGRED

Do you have a idea when the package is going to come out?
Im still having troube with your last post!!

stephenw10

@GOBIGRED:

Do you have a idea when the package is going to come out?

When it's ready!  ;)

You keep an eye on this thread for updates. In this post fmertz has the new test driver with led support. There's no GUI option yet. Unfortunately my X-Core box has died completely and no longer posts (I think one of the capacitors has died) so I can't test it.

Which part of my previous post are you having trouble with?

Steve

GOBIGRED

I just got one that had the same problem i found them on ebay real cheap and replaced them its very easy, i would reccomend that you try to fix it for the 10 bucks instead of buying a new one lol!! What models of the FB do you have?

stephenw10

@GOBIGRED:

What models of the FB do you have?

I keep an eye on Ebay UK for cheap boxes. I use an X-Peak box (X6000) as my main firewall here and also have an X750 and an X5500. I'll have to try changing the caps on the X500. None of them look bad though, other bad caps I've had had stuff leaking from them or at least bulging tops.  :-\

Steve

GOBIGRED

Steve,
Im now looking for a peak box do you know the diffrent x core peak models?

And is there any word on the package:fmertz is currently incorporating the led code into the lcd driver so we should soon have this all packaged nicely. That will also open the possibility of using the LED to indicate something useful.?

Thanks

stephenw10

The X-Peak had three models: X5000, X6000 and X8000.
See: http://www.watchguard.com/products/peak.asp
I don't know how many Watchguard sold in relation to the X-Core but it must have been a low ratio, they hardly ever come up on Ebay.

No news on the driver I'm afraid though I just aquired a replacement X-Core for some more testing.

Steve