Run pfSense on a watchguard firebox x700

wallabybob

@ninjamick:

my isp provider is using ppoe and there  router webgui is also 192.168.1.1.  wonder if thats any help

Lets start with getting access to the web GUI so you can then configure the WAN interface appropriately.

It appears you have console access. Can you get the console into shell command mode (option 8 on the console menu). Then type the shell command```
/etc/rc.banner

To configure the WAN interface we need to know if it should use DHCP, PPPoE or have a static IP address. Perhaps your modem  handles PPPoE and you need to use DHCP between the pfSense WAN interface and the modem. Perhaps the modem is in "bridge mode" in which case you need to configure PPPoE on the pfSense WAN interface. Probably the most common  configuration is for the modem to talk PPP to the Internet and systems "downstream" of the modem to use DHCP to get their configuration information from the modem.

The your modem has an IP address of 192.168.1.1 suggests the pfSense LAN interface will need its IP address changed from the default of 192.168.1.1 to something like 192.168.10.1 with a netmask of 24 bit (well clear of 192.168.1.1) so all your systems have unique IP addresses.

stephenw10

Edit: Damn, too slow typing! Still seems mostly helpful.  ;)

If you are seeing the console menu then you should have already setup at least one interface. The current interface setup is listed above the menu, it will probably say something like:

WAN (wan)              -> re0        -> none (DHCP)
LAN (lan)                -> re1        -> 192.168.1.1

In that situation you should be able to connect to the webgui at 192.168.1.1 on the LAN interface. The Realtek NICs in the X700 are 10/100 and do not have auto-MDIX so you may need a crossover cable if you are connecting directly. The port on your client may have auto-MDIX in which case it may not be required. You will see the link led illuminate on the X700 if the cable is connected correctly.

It will have asked you whether you wanted to enable a dhcp server on LAN. If you did then your windows box will receive an IP from pfSense and you will be able to connect to the webgui. If not you can either reconfigure the LAN interface from the menu and enable DHCP or manually configure your Windows box to be in the correct subnet.

Steve

ninjamick

i have a crossover cable from my  server to the fbx700  and a straight  from my  router too the wan port of the  firebox  is that correct  ? im assumeing it is  i  get the red led  on the arm  and the green leds on ports 0,1,2 as i have 3 connections  one the 100mbps  but i cant change the ip adress of the  thing  unless i change it in the  network connectios and assighn a  private  ip address

stephenw10

OK, if you are seeing green link leds on the X700 then your cables are good.

Can you give us the output of /etc/rc.banner, as Wallabybob suggested, or just whatever is written above the console menu on the pfSense box? (the same thing)

@ninjamick:

I cant change the ip address of the  thing   unless i change it in the  network connections and assign a  private  ip address

What 'thing' are you referring to?

You will only be able to connect to the webgui on the LAN interface. Connecting via any other interface requires some firewall rules to be setup. Are you sure your client windows box (is that the server?) is connected to the LAN interface?

Did you enable dhcp on LAN in the initial setup?

Steve

ninjamick

i didnt  get the option to enable anything  i was asked if i wantted vlan  i said no  then it  asked for wan cable  then lan cable  then setup  was complete thats  all i got    i will go  through the waty i connected it  from router to rc0 fbx700 external  then  crossover  from server  to  lan rc1 straight cable then main pc  to firebox rc2  and the console cable to  console of  fbx700  thats the connection  of it  im trying to  get the  details    when i  do  ipconfig i noticed the  ip address is  168 thats  not right  gonna  try  reinstalling  with  diffrent  settings

stephenw10

Which of those is the LAN interface? If it's the one connected to the server then only the server will able to reach the webgui until you add more firewall rules.

If everything is default the machine connected to the LAN interface should receive an IP address in the 192.168.1.X range. Is that what you meant?

Steve

ninjamick

the lan cable is the crossover  cable  which is on the trusted  rc1 when i typed ip config  it read a ip adress  as 168.254.1.1  which is diffrent

stephenw10

OK so if the LAN interface is re1 (I think you must have typo'd that, it should be 're') only the server machine will be able to reach the webgui. Except that, as you say, the IP address is odd.

You haven't said yet what the interface listing above the console menu says. It will list the current IP address of the LAN interface, is it 192.168.1.1? If not what is it? Could you give us the complete listing please?

Steve

ninjamick

i will try  to send you  what i  get 
rlphy5: <realtek internal="" media="" interface="">PHY 0 on miibus5
rlphy5:  10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
re5: [FILTER]
isab0: <pci-isa bridge="">at device 31.0 on pci0
isa0: <isa bus="">on isab0
atapci0: <intel ich2="" udma100="" controller="">port 0x1f0-0x1f7,0x3f6,0x170-0x177,0x37
6,0xff00-0xff0f at device 31.1 on pci0
ata0: <ata 0="" channel="">on atapci0
ata0: [ITHREAD]
ata1: <ata 1="" channel="">on atapci0
ata1: [ITHREAD]
cpu0 on motherboard
unknown: <pnp0c01>can't assign resources (memory)
atrtc0: <at realtime="" clock="">at port 0x70-0x71 irq 8 pnpid PNP0b00 on isa0
uart0: <16550 or compatible> at port 0x3f8-0x3ff irq 4 flags 0x10 pnpid PNP0501
on isa0
uart0: [FILTER]
uart0: console (9600,n,8,1)
ppc0: <ecp parallel="" printer="" port="">at port 0x378-0x37f,0x778-0x77a irq 7 drq 3 pn
pid PNP0401 on isa0
ppc0: Generic chipset (ECP/PS2/NIBBLE) in COMPATIBLE mode
ppc0: FIFO with 16/16/16 bytes threshold
ppc0: [ITHREAD]
ppbus0: <parallel port="" bus="">on ppc0
ppi0: <parallel i="" o="">on ppbus0
orm0: <isa option="" rom="">at iomem 0xe0000-0xe0fff pnpid ORM0000 on isa0
unknown: <pnp0c01>can't assign resources (memory)
RTC BIOS diagnostic error 20 <config_unit>Timecounter "TSC" frequency 1202731373 Hz quality 800
Timecounters tick every 10.000 msec
IPsec: Initialized Security Association Processing.
ad0: 3871MB <cf 20070131="" 4gb="">at ata0-master PIO4
Trying to mount root from ufs:/dev/ufs/pfsense0
Configuring crash dumps…
Mounting filesystems...
Setting up embedded specific environment... done.

___
/ f
/ p _/ Sense
_/ 
    __/

Welcome to pfSense 2.0.3-RELEASE  ...

Creating symlinks......done.
External config loader 1.0 is now starting... ad0s3
Launching the init system... done.
Initializing............................ done.
Starting device manager (devd)...done.
Loading configuration......done.
Updating configuration...done.
Cleaning backup cache.....done.
Setting up extended sysctls...done.
Setting timezone...done.
Starting Secure Shell Services...done.
Setting up polling defaure0: link state changed to DOWN
lts...done.
Setting up interfaces microcode...done.
Configuring LAGG interfaces...done.
Configuring VLAN interfaces...done.
Configuring QinQ interfaces...done.
Configuring WAN interface...re0: link state changed to UP
done.
Syncing OpenVPN settings...done.
Starting syslog...done.
Configuring firewall......done.
Starting PFLOG...done.
Setting up gateway monitors...done.
Synchronizing user settings...done.
Starting webConfigurator...done.
Configuring CRON...done.
Starting NTP time client...Starting DNS forwarder...done.
Configuring firewall......done.
Generating RRD graphs...done.
Starting CRON... done.
Bootup complete

1  pfSense
2  pfSense

F6 PXE
Boot:  1
/boot.config: -h
Consoles: serial port
BIOS drive C: is disk0
BIOS 639kB/261120kB available memory

FreeBSD/i386 bootstrap loader, Revision 1.1
(root@snapshots-8_1-i386.builders.pfsense.org, Fri Apr 12 11:01:35 EDT 2013)
Loading /boot/defaults/loader.conf
/boot/kernel/kernel text=0x8b1f9c data=0x3caa54+0x9b720 syms=[0x4+0x952a0+0x4+0x
cca1b]
|
Hit [Enter] to boot immediately, or any other key for command prompt.
Booting [/boot/kernel/kernel]…
Copyright (c) 1992-2010 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
        The Regents of the University of California. All rights reserved.
FreeBSD is a registered trademark of The FreeBSD Foundation.
FreeBSD 8.1-RELEASE-p13 #0: Fri Apr 12 11:10:09 EDT 2013
    root@snapshots-8_1-i386.builders.pfsense.org:/usr/obj.pfSense/usr/pfSensesrc
/src/sys/pfSense_wrap.8.i386 i386
Timecounter "i8254" frequency 1193182 Hz quality 0
CPU: Intel(R) Celeron(TM) CPU                1200MHz (1202.73-MHz 686-class CPU)

Origin = "GenuineIntel"  Id = 0x6b4  Family = 6  Model = b  Stepping = 4
  Features=0x383f9ff<fpu,vme,de,pse,tsc,msr,pae,mce,cx8,sep,mtrr,pge,mca,cmov,pa<br>T,PSE36,MMX,FXSR,SSE>
real memory  = 268435456 (256 MB)
avail memory = 243429376 (232 MB)
ipw_bss: You need to read the LICENSE file in /usr/share/doc/legal/intel_ipw/.
ipw_bss: If you agree with the license, set legal.intel_ipw.license_ack=1 in /bo
ot/loader.conf.
module_register_init: MOD_LOAD (ipw_bss_fw, 0xc0712580, 0) error 1
wlan: mac acl policy registered
ipw_ibss: You need to read the LICENSE file in /usr/share/doc/legal/intel_ipw/.
ipw_ibss: If you agree with the license, set legal.intel_ipw.license_ack=1 in /b
oot/loader.conf.
module_register_init: MOD_LOAD (ipw_ibss_fw, 0xc0712620, 0) error 1
ipw_monitor: You need to read the LICENSE file in /usr/share/doc/legal/intel_ipw
/.
ipw_monitor: If you agree with the license, set legal.intel_ipw.license_ack=1 in
/boot/loader.conf.
module_register_init: MOD_LOAD (ipw_monitor_fw, 0xc07126c0, 0) error 1
wpi: You need to read the LICENSE file in /usr/share/doc/legal/intel_wpi/.
wpi: If you agree with the license, set legal.intel_wpi.license_ack=1 in /boot/l
oader.conf.
module_register_init: MOD_LOAD (wpi_fw, 0xc0891ba0, 0) error 1
ACPI Error: A valid RSDP was not found (20100331/tbxfroot-309)
ACPI: Table initialisation failed: AE_NOT_FOUND
ACPI: Try disabling either ACPI or apic support.
cryptosoft0: <software crypto="">on motherboard
padlock0: No ACE support.
pcib0: <intel 82815="" (i815="" gmch)="" host="" to="" hub="" bridge="">pcibus 0 on motherboard
pir0: <pci 11="" interrupt="" routing="" table:="" entries="">on motherboard
$PIR: Using invalid BIOS IRQ 9 from 2.13.INTA for link 0x63
pci0: <pci bus="">on pcib0
pcib1: <pci-pci bridge="">at device 1.0 on pci0
pci1: <pci bus="">on pcib1
pcib2: <pcibios pci-pci="" bridge="">at device 30.0 on pci0
pci2: <pci bus="">on pcib2
safe0 mem 0xe7bfe000-0xe7bfffff irq 3 at device 6.0 on pci2
safe0: [ITHREAD]
safe0: SafeNet SafeXcel-1141 rng des/3des aes md5 sha1 null
re0: <realtek 10="" 8139c+="" 100basetx="">port 0xd500-0xd5ff mem 0xefefa000-0xefefa1ff
irq 10 at device 9.0 on pci2
re0: Chip rev. 0x74800000
re0: MAC rev. 0x00000000
miibus0: <mii bus="">on re0
rlphy0: <realtek internal="" media="" interface="">PHY 0 on miibus0
rlphy0:  10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
re0: [FILTER]
re1: <realtek 10="" 8139c+="" 100basetx="">port 0xd600-0xd6ff mem 0xefefb000-0xefefb1ff
irq 5 at device 10.0 on pci2
re1: Chip rev. 0x74800000
re1: MAC rev. 0x00000000
miibus1: <mii bus="">on re1
rlphy1: <realtek internal="" media="" interface="">PHY 0 on miibus1
rlphy1:  10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
re1: [FILTER]
re2: <realtek 10="" 8139c+="" 100basetx="">port 0xd900-0xd9ff mem 0xefefc000-0xefefc1ff
irq 11 at device 11.0 on pci2
re2: Chip rev. 0x74800000
re2: MAC rev. 0x00000000
miibus2: <mii bus="">on re2
rlphy2: <realtek internal="" media="" interface="">PHY 0 on miibus2
rlphy2:  10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
re2: [FILTER]
re3: <realtek 10="" 8139c+="" 100basetx="">port 0xda00-0xdaff mem 0xefefd000-0xefefd1ff
irq 12 at device 12.0 on pci2
re3: Chip rev. 0x74800000
re3: MAC rev. 0x00000000
miibus3: <mii bus="">on re3
rlphy3: <realtek internal="" media="" interface="">PHY 0 on miibus3
rlphy3:  10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
re3: [FILTER]
re4: <realtek 10="" 8139c+="" 100basetx="">port 0xdd00-0xddff mem 0xefefe000-0xefefe1ff
irq 9 at device 13.0 on pci2
re4: Chip rev. 0x74800000
re4: MAC rev. 0x00000000
miibus4: <mii bus="">on re4
rlphy4: <realtek internal="" media="" interface="">PHY 0 on miibus4
rlphy4:  10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
re4: [FILTER]
re5: <realtek 10="" 8139c+="" 100basetx="">port 0xde00-0xdeff mem 0xefeff000-0xefeff1ff
irq 6 at device 14.0 on pci2
re5: Chip rev. 0x74800000
re5: MAC rev. 0x00000000
miibus5: <mii bus="">on re5
rlphy5: <realtek internal="" media="" interface="">PHY 0 on miibus5
rlphy5:  10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
re5: [FILTER]
isab0: <pci-isa bridge="">at device 31.0 on pci0
isa0: <isa bus="">on isab0
atapci0: <intel ich2="" udma100="" controller="">port 0x1f0-0x1f7,0x3f6,0x170-0x177,0x37
6,0xff00-0xff0f at device 31.1 on pci0
ata0: <ata 0="" channel="">on atapci0
ata0: [ITHREAD]
ata1: <ata 1="" channel="">on atapci0
ata1: [ITHREAD]
cpu0 on motherboard
unknown: <pnp0c01>can't assign resources (memory)
atrtc0: <at realtime="" clock="">at port 0x70-0x71 irq 8 pnpid PNP0b00 on isa0
uart0: <16550 or compatible> at port 0x3f8-0x3ff irq 4 flags 0x10 pnpid PNP0501
on isa0
uart0: [FILTER]
uart0: console (9600,n,8,1)
ppc0: <ecp parallel="" printer="" port="">at port 0x378-0x37f,0x778-0x77a irq 7 drq 3 pn
pid PNP0401 on isa0
ppc0: Generic chipset (ECP/PS2/NIBBLE) in COMPATIBLE mode
ppc0: FIFO with 16/16/16 bytes threshold
ppc0: [ITHREAD]
ppbus0: <parallel port="" bus="">on ppc0
ppi0: <parallel i="" o="">on ppbus0
orm0: <isa option="" rom="">at iomem 0xe0000-0xe0fff pnpid ORM0000 on isa0
unknown: <pnp0c01>can't assign resources (memory)
RTC BIOS diagnostic error 20 <config_unit>Timecounter "TSC" frequency 1202731384 Hz quality 800
Timecounters tick every 10.000 msec
IPsec: Initialized Security Association Processing.
ad0: 3871MB <cf 20070131="" 4gb="">at ata0-master PIO4
Trying to mount root from ufs:/dev/ufs/pfsense0
Configuring crash dumps…
Mounting filesystems...
Setting up embedded specific environment... done.

___
/ f
/ p _/ Sense
_/ 
    __/

Welcome to pfSense 2.0.3-RELEASE  ...

Creating symlinks......done.
External config loader 1.0 is now starting... ad0s3
Launching the init system... done.
Initializing............................ done.
Starting device manager (devd)...done.
Loading configuration......done.

Network interface mismatch -- Running interface assignment option.
re0: link state changed to DOWN
re1: link state changed to DOWN
re2: link state changed to DOWN
re3: link state changed to DOWN
re4: link state changed to DOWN
re5: link state changed to DOWN

Valid interfaces are:

re0  00:90:7f:2f:c3:d1  (up) RealTek 8139C+ 10/100BaseTX
re1  00:90:7f:2f:c3:d2  (up) RealTek 8139C+ 10/100BaseTX
re2  00:90:7f:2f:c3:d3  (up) RealTek 8139C+ 10/100BaseTX
re3  00:90:7f:2f:c3:d4  (up) RealTek 8139C+ 10/100BaseTX
re4  00:90:7f:2f:c3:d5  (up) RealTek 8139C+ 10/100BaseTX
re5  00:90:7f:2f:c3:d6  (up) RealTek 8139C+ 10/100BaseTX

Do you want to set up VLANs first?

If you are not going to use VLANs, or only for optional interfaces, you should
say no here and use the webConfigurator to configure VLANs later, if required.

Do you want to set up VLANs now [y|n]? n

NOTE  pfSense requires AT LEAST 1 assigned interface(s) to function.
        If you do not have AT LEAST 1 interfaces you CANNOT continue.

If you do not have at least 1 REAL network interface card(s)
        or one interface with multiple VLANs then pfSense
        WILL NOT function correctly.

If you do not know the names of your interfaces, you may choose to use
auto-detection. In that case, disconnect all interfaces now before
hitting 'a' to initiate auto detection.

Enter the WAN interface name or 'a' for auto-detection: rc1

Invalid interface name 'rc1'

Enter the WAN interface name or 'a' for auto-detection: a

Connect the WAN interface now and make sure that the link is up.
Then press ENTER to continue.
re0: link state changed to UP
re0: link state changed to DOWN
re0: link state changed to UP

Detected link-up on interface re0.

Enter the LAN interface name or 'a' for auto-detection
NOTE: this enables full Firewalling/NAT mode.
(or nothing if finished): re1: link state changed to UP
re2: link state changed to UP

The interfaces will be assigned as follows:

WAN  -> re0

Do you want to proceed [y|n]?y

Writing configuration…done.
Updating configuration...done.
Cleaning backup cache...done.
Setting up extended sysctls...done.
Setting timezone...done.
Starting Secure Shell Services...done.
Setting up polling defaults...done.
Setting up interfaces microcode...done.
Configuring LAGG interfaces...done.
Configuring VLAN interfaces...done.
Configuring QinQ interfaces...done.
Configuring WAN interface...done.
Syncing OpenVPN settings...done.
Starting syslog...done.
pflog0: promiscuous mode enabled
Configuring firewall......done.
Starting PFLOG...done.
Setting up gateway monitors...done.
Synchronizing user settings...done.
Starting webConfigurator...done.
Configuring CRON...done.
Starting NTP time client...Starting DNS forwarder...done.
Configuring firewall......done.
Generating RRD graphs...done.
Starting CRON... done.
Bootup complete

1  pfSense
2  pfSense

F6 PXE
Boot:  1
/boot.config: -h

FreeBSD/i386 boot
Default: 0:ad(0,a)/boot/loader
boot: Consoles: serial port
BIOS drive C: is disk0
BIOS 639kB/261120kB available memory

FreeBSD/i386 bootstrap loader, Revision 1.1
(root@snapshots-8_1-i386.builders.pfsense.org, Fri Apr 12 11:01:35 EDT 2013)
Loading /boot/defaults/loader.conf
/boot/kernel/kernel text=0x8b1f9c data=0x3caa54+0x9b720 syms=[0x4+0x952a0+0x4+0x
cca1b]
|
Hit [Enter] to boot immediately, or any other key for command prompt.
Booting [/boot/kernel/kernel]…
Copyright (c) 1992-2010 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
        The Regents of the University of California. All rights reserved.
FreeBSD is a registered trademark of The FreeBSD Foundation.
FreeBSD 8.1-RELEASE-p13 #0: Fri Apr 12 11:10:09 EDT 2013
    root@snapshots-8_1-i386.builders.pfsense.org:/usr/obj.pfSense/usr/pfSensesrc
/src/sys/pfSense_wrap.8.i386 i386
Timecounter "i8254" frequency 1193182 Hz quality 0
CPU: Intel(R) Celeron(TM) CPU                1200MHz (1202.73-MHz 686-class CPU)

Origin = "GenuineIntel"  Id = 0x6b4  Family = 6  Model = b  Stepping = 4
  Features=0x383f9ff<fpu,vme,de,pse,tsc,msr,pae,mce,cx8,sep,mtrr,pge,mca,cmov,pa<br>T,PSE36,MMX,FXSR,SSE>
real memory  = 268435456 (256 MB)
avail memory = 243429376 (232 MB)
ipw_bss: You need to read the LICENSE file in /usr/share/doc/legal/intel_ipw/.
ipw_bss: If you agree with the license, set legal.intel_ipw.license_ack=1 in /bo
ot/loader.conf.
module_register_init: MOD_LOAD (ipw_bss_fw, 0xc0712580, 0) error 1
wlan: mac acl policy registered
ipw_ibss: You need to read the LICENSE file in /usr/share/doc/legal/intel_ipw/.
ipw_ibss: If you agree with the license, set legal.intel_ipw.license_ack=1 in /b
oot/loader.conf.
module_register_init: MOD_LOAD (ipw_ibss_fw, 0xc0712620, 0) error 1
ipw_monitor: You need to read the LICENSE file in /usr/share/doc/legal/intel_ipw
/.
ipw_monitor: If you agree with the license, set legal.intel_ipw.license_ack=1 in
/boot/loader.conf.
module_register_init: MOD_LOAD (ipw_monitor_fw, 0xc07126c0, 0) error 1
wpi: You need to read the LICENSE file in /usr/share/doc/legal/intel_wpi/.
wpi: If you agree with the license, set legal.intel_wpi.license_ack=1 in /boot/l
oader.conf.
module_register_init: MOD_LOAD (wpi_fw, 0xc0891ba0, 0) error 1
ACPI Error: A valid RSDP was not found (20100331/tbxfroot-309)
ACPI: Table initialisation failed: AE_NOT_FOUND
ACPI: Try disabling either ACPI or apic support.
cryptosoft0: <software crypto="">on motherboard
padlock0: No ACE support.
pcib0: <intel 82815="" (i815="" gmch)="" host="" to="" hub="" bridge="">pcibus 0 on motherboard
pir0: <pci 11="" interrupt="" routing="" table:="" entries="">on motherboard
$PIR: Using invalid BIOS IRQ 9 from 2.13.INTA for link 0x63
pci0: <pci bus="">on pcib0
pcib1: <pci-pci bridge="">at device 1.0 on pci0
pci1: <pci bus="">on pcib1
pcib2: <pcibios pci-pci="" bridge="">at device 30.0 on pci0
pci2: <pci bus="">on pcib2
safe0 mem 0xe7bfe000-0xe7bfffff irq 3 at device 6.0 on pci2
safe0: [ITHREAD]
safe0: SafeNet SafeXcel-1141 rng des/3des aes md5 sha1 null
re0: <realtek 10="" 8139c+="" 100basetx="">port 0xd500-0xd5ff mem 0xefefa000-0xefefa1ff
irq 10 at device 9.0 on pci2
re0: Chip rev. 0x74800000
re0: MAC rev. 0x00000000
miibus0: <mii bus="">on re0
rlphy0: <realtek internal="" media="" interface="">PHY 0 on miibus0
rlphy0:  10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
re0: [FILTER]
re1: <realtek 10="" 8139c+="" 100basetx="">port 0xd600-0xd6ff mem 0xefefb000-0xefefb1ff
irq 5 at device 10.0 on pci2
re1: Chip rev. 0x74800000
re1: MAC rev. 0x00000000
miibus1: <mii bus="">on re1
rlphy1: <realtek internal="" media="" interface="">PHY 0 on miibus1
rlphy1:  10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
re1: [FILTER]
re2: <realtek 10="" 8139c+="" 100basetx="">port 0xd900-0xd9ff mem 0xefefc000-0xefefc1ff
irq 11 at device 11.0 on pci2
re2: Chip rev. 0x74800000
re2: MAC rev. 0x00000000
miibus2: <mii bus="">on re2
rlphy2: <realtek internal="" media="" interface="">PHY 0 on miibus2
rlphy2:  10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
re2: [FILTER]
re3: <realtek 10="" 8139c+="" 100basetx="">port 0xda00-0xdaff mem 0xefefd000-0xefefd1ff
irq 12 at device 12.0 on pci2
re3: Chip rev. 0x74800000
re3: MAC rev. 0x00000000
miibus3: <mii bus="">on re3
rlphy3: <realtek internal="" media="" interface="">PHY 0 on miibus3
rlphy3:  10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
re3: [FILTER]
re4: <realtek 10="" 8139c+="" 100basetx="">port 0xdd00-0xddff mem 0xefefe000-0xefefe1ff
irq 9 at device 13.0 on pci2
re4: Chip rev. 0x74800000
re4: MAC rev. 0x00000000
miibus4: <mii bus="">on re4
rlphy4: <realtek internal="" media="" interface="">PHY 0 on miibus4
rlphy4:  10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
re4: [FILTER]
re5: <realtek 10="" 8139c+="" 100basetx="">port 0xde00-0xdeff mem 0xefeff000-0xefeff1ff
irq 6 at device 14.0 on pci2
re5: Chip rev. 0x74800000
re5: MAC rev. 0x00000000
miibus5: <mii bus="">on re5
rlphy5: <realtek internal="" media="" interface="">PHY 0 on miibus5
rlphy5:  10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
re5: [FILTER]
isab0: <pci-isa bridge="">at device 31.0 on pci0
isa0: <isa bus="">on isab0
atapci0: <intel ich2="" udma100="" controller="">port 0x1f0-0x1f7,0x3f6,0x170-0x177,0x37
6,0xff00-0xff0f at device 31.1 on pci0
ata0: <ata 0="" channel="">on atapci0
ata0: [ITHREAD]
ata1: <ata 1="" channel="">on atapci0
ata1: [ITHREAD]
cpu0 on motherboard
unknown: <pnp0c01>can't assign resources (memory)
atrtc0: <at realtime="" clock="">at port 0x70-0x71 irq 8 pnpid PNP0b00 on isa0
uart0: <16550 or compatible> at port 0x3f8-0x3ff irq 4 flags 0x10 pnpid PNP0501
on isa0
uart0: [FILTER]
uart0: console (9600,n,8,1)
ppc0: <ecp parallel="" printer="" port="">at port 0x378-0x37f,0x778-0x77a irq 7 drq 3 pn
pid PNP0401 on isa0
ppc0: Generic chipset (ECP/PS2/NIBBLE) in COMPATIBLE mode
ppc0: FIFO with 16/16/16 bytes threshold
ppc0: [ITHREAD]
ppbus0: <parallel port="" bus="">on ppc0
ppi0: <parallel i="" o="">on ppbus0
orm0: <isa option="" rom="">at iomem 0xe0000-0xe0fff pnpid ORM0000 on isa0
unknown: <pnp0c01>can't assign resources (memory)
RTC BIOS diagnostic error 20 <config_unit>Timecounter "TSC" frequency 1202731576 Hz quality 800
Timecounters tick every 10.000 msec
IPsec: Initialized Security Association Processing.
ad0: 3871MB <cf 20070131="" 4gb="">at ata0-master PIO4
Trying to mount root from ufs:/dev/ufs/pfsense0
Configuring crash dumps…
Mounting filesystems...
Setting up embedded specific environment... done.

___
/ f
/ p _/ Sense
_/ 
    __/

Welcome to pfSense 2.0.3-RELEASE  ...

Creating symlinks......done.
External config loader 1.0 is now starting... ad0s3
Launching the init system... done.
Initializing............................ done.
Starting device manager (devd)...done.
Loading configuration......done.
Updating configuration...done.
Cleaning backup cache.....done.
Setting up extended sysctls...done.
Setting timezone...done.
Starting Secure Shell Services...done.
Setting up polling defaure0: link state changed to DOWN
lts...done.
Setting up interfaces microcode...done.
Configuring LAGG interfaces...done.
Configuring VLAN interfaces...done.
Configuring QinQ interfaces...done.
Configuring WAN interface...re0: link state changed to UP
done.
Syncing OpenVPN settings...done.
Starting syslog...done.
pflog0: promiscuous mode enabled
Configuring firewall......done.
Starting PFLOG...done.
Setting up gateway monitors...done.
Synchronizing user settings...done.
Starting webConfigurator...done.
Configuring CRON...done.
Starting NTP time client...Starting DNS forwarder...done.
Configuring firewall......done.
Generating RRD graphs...done.
Starting CRON... done.
Bootup complete</cf></config_unit></pnp0c01></isa></parallel></parallel></ecp></at></pnp0c01></ata></ata></intel></isa></pci-isa></realtek></mii></realtek></realtek></mii></realtek></realtek></mii></realtek></realtek></mii></realtek></realtek></mii></realtek></realtek></mii></realtek></pci></pcibios></pci></pci-pci></pci></pci></intel></software></fpu,vme,de,pse,tsc,msr,pae,mce,cx8,sep,mtrr,pge,mca,cmov,pa<br></cf></config_unit></pnp0c01></isa></parallel></parallel></ecp></at></pnp0c01></ata></ata></intel></isa></pci-isa></realtek></mii></realtek></realtek></mii></realtek></realtek></mii></realtek></realtek></mii></realtek></realtek></mii></realtek></realtek></mii></realtek></pci></pcibios></pci></pci-pci></pci></pci></intel></software></fpu,vme,de,pse,tsc,msr,pae,mce,cx8,sep,mtrr,pge,mca,cmov,pa<br></cf></config_unit></pnp0c01></isa></parallel></parallel></ecp></at></pnp0c01></ata></ata></intel></isa></pci-isa></realtek>

stephenw10

Ah, OK.
So those logs show at least 3 boot sequences but only one time did you get the option to reassign the interfaces (due to a mismatch) and you never see the console menu.

When it asks you to re-assign the interfaces this is what you should do. Instead of using the autodetect option just enter the interface names.
I fired up my own X700 box:

Valid interfaces are:

re0   00:90:7f:2e:90:d2   (up) RealTek 8139C+ 10/100BaseTX
re1   00:90:7f:2e:90:d3 (down) RealTek 8139C+ 10/100BaseTX
re2   00:90:7f:2e:90:d4 (down) RealTek 8139C+ 10/100BaseTX
re3   00:90:7f:2e:90:d5 (down) RealTek 8139C+ 10/100BaseTX
re4   00:90:7f:2e:90:d6 (down) RealTek 8139C+ 10/100BaseTX
re5   00:90:7f:2e:90:d7 (down) RealTek 8139C+ 10/100BaseTX

Do you want to set up VLANs first?

If you are not going to use VLANs, or only for optional interfaces, you should
say no here and use the webConfigurator to configure VLANs later, if required.

Do you want to set up VLANs now [y|n]? n

*NOTE*  pfSense requires *AT LEAST* 1 assigned interface(s) to function.
        If you do not have *AT LEAST* 1 interfaces you CANNOT continue.

        If you do not have at least 1 *REAL* network interface card(s)
        or one interface with multiple VLANs then pfSense
        *WILL NOT* function correctly.

If you do not know the names of your interfaces, you may choose to use
auto-detection. In that case, disconnect all interfaces now before
hitting 'a' to initiate auto detection.

Enter the WAN interface name or 'a' for auto-detection: re0

Enter the LAN interface name or 'a' for auto-detection
NOTE: this enables full Firewalling/NAT mode.
(or nothing if finished): re1

Enter the Optional 1 interface name or 'a' for auto-detection
(or nothing if finished): re2

Enter the Optional 2 interface name or 'a' for auto-detection
(or nothing if finished):

The interfaces will be assigned as follows:

WAN  -> re0
LAN  -> re1
OPT1 -> re2

Do you want to proceed [y|n]?y

Writing configuration...done.
One moment while we reload the settings... done!
*** Welcome to pfSense 2.0.2-RELEASE-nanobsd (i386) on pfsense ***

  WAN (wan)                 -> re0        -> NONE (DHCP)
  LAN (lan)                 -> re1        -> NONE
  OPT1 (opt1)               -> re2        -> NONE

 0) Logout (SSH only)                  8) Shell
 1) Assign Interfaces                  9) pfTop
 2) Set interface(s) IP address       10) Filter Logs
 3) Reset webConfigurator password    11) Restart webConfigurator
 4) Reset to factory defaults         12) pfSense Developer Shell
 5) Reboot system                     13) Upgrade from console
 6) Halt system                       14) Disable Secure Shell (sshd)
 7) Ping host

Once you have done that you should be able to access the webgui on re1, the LAN interface, which is the second port from the left on the X700 labelled '1'.

Steve

ninjamick

so i assume the crossover cable goes in that port    and the router goes in the  external port

stephenw10

Yes.

Actually the sequence is slightly different from a factory reset:

Valid interfaces are:

re0   00:90:7f:2e:90:d2   (up) RealTek 8139C+ 10/100BaseTX
re1   00:90:7f:2e:90:d3   (up) RealTek 8139C+ 10/100BaseTX
re2   00:90:7f:2e:90:d4   (up) RealTek 8139C+ 10/100BaseTX
re3   00:90:7f:2e:90:d5   (up) RealTek 8139C+ 10/100BaseTX
re4   00:90:7f:2e:90:d6   (up) RealTek 8139C+ 10/100BaseTX
re5   00:90:7f:2e:90:d7   (up) RealTek 8139C+ 10/100BaseTX

Do you want to set up VLANs first?

If you are not going to use VLANs, or only for optional interfaces, you should
say no here and use the webConfigurator to configure VLANs later, if required.

Do you want to set up VLANs now [y|n]? n

*NOTE*  pfSense requires *AT LEAST* 1 assigned interface(s) to function.
        If you do not have *AT LEAST* 1 interfaces you CANNOT continue.

        If you do not have at least 1 *REAL* network interface card(s)
        or one interface with multiple VLANs then pfSense
        *WILL NOT* function correctly.

If you do not know the names of your interfaces, you may choose to use
auto-detection. In that case, disconnect all interfaces now before
hitting 'a' to initiate auto detection.

Enter the WAN interface name or 'a' for auto-detection: re0

Enter the LAN interface name or 'a' for auto-detection
NOTE: this enables full Firewalling/NAT mode.
(or nothing if finished): re1

Enter the Optional 1 interface name or 'a' for auto-detection
(or nothing if finished): re2

Enter the Optional 2 interface name or 'a' for auto-detection
(or nothing if finished):

The interfaces will be assigned as follows:

WAN  -> re0
LAN  -> re1
OPT1 -> re2

Do you want to proceed [y|n]?y

Writing configuration........done.
Updating configuration...done.
Cleaning backup cache...done.
Setting up extended sysctls...done.
Setting timezone...done.
Starting Secure Shell Services...done.
Setting up polling defaults...done.
Setting up interfaces microcode...done.
Configuring LAGG interfaces...done.
Configuring VLAN interfaces...done.
Configuring QinQ interfaces...done.
Configuring WAN interface...done.
Configuring LAN interface...done.
Syncing OpenVPN settings...done.
Starting syslog...done.
Configuring firewall......done.
Starting PFLOG...done.
Setting up gateway monitors...done.
Synchronizing user settings...done.
Starting webConfigurator...done.
Configuring CRON...done.
Starting NTP time client...Starting DHCP service...done.
Starting DNS forwarder...done.
Configuring firewall......done.
Generating RRD graphs...done.
Starting CRON... done.
Bootup complete
(pfSense.localdomain) (console)

*** Welcome to pfSense 2.0.2-RELEASE-nanobsd (i386) on pfSense ***

  WAN (wan)                 -> re0        -> 192.168.111.15 (DHCP)
  LAN (lan)                 -> re1        -> 192.168.1.1
  OPT1 (opt1)               -> re2        -> NONE

 0) Logout (SSH only)                  8) Shell
 1) Assign Interfaces                  9) pfTop
 2) Set interface(s) IP address       10) Filter Logs
 3) Reset webConfigurator password    11) Restart webConfigurator
 4) Reset to factory defaults         12) pfSense Developer Shell
 5) Reboot system                     13) Upgrade from console
 6) Halt system                       14) Enable Secure Shell (sshd)
 7) Ping host

The only difference is that LAN is automatically assigned 192.168.1.1

Steve

ninjamick

thank you steve  still unable to get  webgui    dont know what the  heck is going on    get the green lights  ive  checked the  ip config  thats correct    as in  default gateway  192.168.1.1  but  still cant  webgui  ive tried  typing  192.168 in  internet explorer  adress bar  nothing  says problom    dont know what the hell im doing  wrong    think i  must admit defeat on this  go  to the basics    software  firewalls  for windows  :'(

ninjamick

well i got into  the webgui  however system froze  and i lost it  so start  again

stephenw10

Ooops! Any idea why?
Nearly there.  :)

Steve

ninjamick

no i dont know    focused more on getting pfsense working first    then i will sort out  bugs on system    what i refer to as the server  is just a storage machine  so  dont really  use it that much      but need pfsense on  wg x700  as i  store  everything on  there  wedding photos etc    and i use wireless access points  so i will have too  sort them out  after  too    infact i will have too  redo my entire network as i had a diffrent ip adress  so will have to reconfigure that after  but  thats not too much of a problom

stephenw10

I don't want to complicate things any further but you would probably be better connecting your main client machine to the LAN interface and the server to OPT1. It doesn't make much difference in the long term but initially the LAN firewall rules are relatively relaxed where as OPT1 will block everything.

Steve

ninjamick

yeah i know what  you mean  just i have another box  and another internet supply  for that machine  as i have  2 inertent supplys and  8  computers to link  up    too  2  watchguards  in my home  4 of the computers are  wireless  so that wont be too hard  just need to get the  main  2 sortted  and the firewalls

stephenw10

Ok, following on from your PM, best to keep this on the forum where others can benefit or contribute.
Yes you will need to change one of those subnets as they are conflicting. There is no point in trying anything else until you do because the conflict will cause meaningless results only confusing matters further.
I suggest you change the pfSense LAN address rather than the modem because if you ever have to reset the modem it would re-create the conflict.

At this point I am assuming you do not have access to the console menu via the X700 serial port. It is very useful to have that because you can always get back into the box that way if you accidentally lock yourself out of the webgui but it isn't necessary. To workaround the serial port quirk from the webgui do this:
Go to Diagnostics: Command Prompt: and type in the Command: box

echo 'console="comconsole"' >> /boot/loader.conf.local

Click 'Execute' then type

echo 'comconsole_speed="115200"' >> /boot/loader.conf.local

Click 'Execute'.
Reboot the X700 and change your serial terminal baud rate to 115200bps. You should now see the console menu.  :)

As I say you don't have to do that but may help later.

To change the LAN subnet in the webgui go to Interfaces: LAN:
In the section marked 'Static IPv4 configuration' change the IP address to something other than 192.168.1.1/24. For example you could use 192.168.100.1/24. Leave everything else as is. Click 'save' but DO NOT click 'Apply changes'. As the message says you have to change the DHCP range to agree with your new LAN settings.
Go to Services: DHCP Sever: LAN: (there may only be one tab at this point and LAN will be first anyway)
Change the 'Range' fields so they are inside your new LAN subnet, so for example 192.168.100.10 to 192.168.100.50.
Click 'save'.
Go back to Interfaces: LAN: and click 'Apply changes'.

You should now be able to connect on the new IP address once you have told your Windows box on LAN to request a new IP (or rebooted it). Sometimes with big changes like this it's necessary to reboot the pfSense box for the changes to fully apply so try that if it's not working.

Now you can connect your modem and you should have internet access.

Since your modem is using PPPoE you may be able to put it in bridge mode and use pfSense to connect directly. This removes any limitations the modem may be introducing and puts your public IP on the pfSense WAN interface. Who is the ISP(s)?

Also since you have two DSL connections you could put both of them on the X700 and do load-balancing or fail-over. Just a thought for the future.  ;)

Steve

ninjamick

thank you for your reply i have  changed the  lan ip adress  however i see the  diagnostic icon  on the top  righthand side of the webgui  but i cant click on it      the same with  all them  only one i can click on is  system  thats it  very strange  indeed