Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Watchguard Firebox X Peak platform

    Hardware
    18
    155
    106.1k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      power_matz
      last edited by

      ok, got that.
      Do you think one rule for the bridge in the firewall is enough?
      I don't have to define for each interface a rule, or?

      1 Reply Last reply Reply Quote 0
      • stephenw10S
        stephenw10 Netgate Administrator
        last edited by

        Have read through the first few posts here: http://forum.pfsense.org/index.php/topic,20917.0.html

        As I said above the default settings mean that the firewalling is done on the member interfaces not the bridge.
        There are settings in Advanced: System Tunables: to change that. However I seem to remember reading that they may not work any longer. Try it and see.  ;)

        
net.link.bridge.pfil_member 	Set to 0 to disable filtering on the incoming and outgoing member interfaces. 	default (1) 	

net.link.bridge.pfil_bridge 	Set to 1 to enable filtering on the bridge interface 	default (0)

        Steve

        1 Reply Last reply Reply Quote 0
        • P
          power_matz
          last edited by

          Yes, I read that before and tried it out. It seems that it don't work.
          One device on a port in the bridge wants a IP per DHCP and this is blocked by the firewall. So adding the rule worked.

          But I will give it another try after a reboot this evening.

          1 Reply Last reply Reply Quote 0
          • stephenw10S
            stephenw10 Netgate Administrator
            last edited by

            Yes you may well have to reboot or at least reload something before those tunables take effect.

            Steve

            1 Reply Last reply Reply Quote 0
            • P
              power_matz
              last edited by

              OK!  ;D
              It is (always) as you said. Setting the tunables is working. I needed only some rules for the bridge interface and voila everything is running as I wanted.
              Brilliant!
              Thank you for your input.

              1 Reply Last reply Reply Quote 0
              • stephenw10S
                stephenw10 Netgate Administrator
                last edited by

                No problem.  :)
                Hopefully this may prove useful for anyone else searching for bridging.

                Steve

                1 Reply Last reply Reply Quote 0
                • S
                  shanon
                  last edited by

                  Minor update regarding my challenges booting images later than version 1.2.3 RC1:

                  I recently acquired a couple of Portwell NAR5060 boxes which are of a somewhat similar age as the Firebox X Peak and share some similar hardware.  The good news is that I've got pfSense 2.0.1 nanobsd running on that hardware without modification and I hope to use this to free up the Firebox for bench testing.

                  I also recently got a mini-PCI VGA card, but I'm only halfway through figuring out its pinout and wiring a cable.

                  Hope to get a little further tomorrow… work has been busy, so progress is slow unfortunately.

                  1 Reply Last reply Reply Quote 0
                  • M
                    mwp
                    last edited by

                    You ever get the safenet card to work?

                    1 Reply Last reply Reply Quote 0
                    • M
                      moogoom
                      last edited by

                      @stephenw10:

                      Edit: Anyone reading this: These are instructons are old and overly complex. See this post for a simpler updated solution.

                      Mostly for my own benefit because I completely hosed my install messing about with ACPI and have to reflash my CF card.  ::)
                      Here's some concise instructions for installing the firebox lcd software.
                      Download the file with the driver, lcdd3.tar, from here (can't attach it to this post  >:()
                      http://sites.google.com/site/pfsensefirebox/home/lcdd3.tar?attredirects=0
                      Copy it to the firebox to /var/tmp. This is a folder that only exists in memory and gets wiped at boot. I used WinSCP.
                      Connect to the box (with putty via ssh or serial or whatever). Then:

                      
[root@pfSense.local]/root(2): cd /var/tmp

[root@pfSense.local]/var/tmp(5): tar -xvf lcdd3.tar
x ./install-embed.lcdd.sh
x ./lcdd/
x ./lcdd/drivers/
x ./lcdd/LCDd.conf
x ./lcdd/lcdd.sh
x ./lcdd/lcdproc
x ./lcdd/LCDd
x ./lcdd/drivers/curses.so
x ./lcdd/drivers/sdeclcd.so
x ./lcdd2.tar

[root@pfSense.local]/var/tmp(7): ./install-embed.lcdd.sh

[root@pfSense.local]/var/tmp(8): cd /lib

[root@pfSense.local]/lib(10): /etc/rc.conf_mount_rw

[root@pfSense.local]/lib(11): ln -s libc.so.7 libc.so.6

[root@pfSense.local]/lib(12): ln -s libkvm.so.4 libkvm.so.3

[root@pfSense.local]/lib(13): /etc/rc.conf_mount_ro

[root@pfSense.local]/lib(14): /usr/local/etc/rc.d/lcdd.sh

                      And it should all be working!  ;)
                      I have removed a few steps from the other instructions on the forum. I have included the newest driver in the tarball. I found I didn't need to alter the permisions of the install script.
                      I tested this on a fresh install of the embedded 1.2.3-release.
                      It will not work on 2.0 beta, I tried!  :P

                      Steve

                      Edit: It does work in 2.0 you have to sym link both libkvm.so.3 and libkvm.so.4 to libkvm.so.5

                      I have problem with installation. When I write on terminal: "./install-embed.lcdd.sh", I see: "mount: /dev/ad2s1a : Device busy" … Why I can't install ?

                      1 Reply Last reply Reply Quote 0
                      • stephenw10S
                        stephenw10 Netgate Administrator
                        last edited by

                        It's because that script was originally written for an embedded install of pfSense 1.2. The embbeded install (and the Nanobsd install) runs with the file system mounted read-only to minimise writes to flash media. The  script remounts it as RW, installs the various files and then remounts it RO again. This won't work on a full install that you are running.
                        Besides that as I wrote at the top it's now very out of date.
                        Try this post instead. I can't say if that will work any better since it's still writtenb for Nano but I changed it to use the correct mount script rather than attempting to mount the filesystem directly. I have never tried it on a full install.
                        If that still doesn't work that you can just edit the install script, install3.sh, and remove the remount calls.

                        Steve

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post