Watchguard Firebox XTM 8 Series
-
Possibly, might as well change it and see.
I'm a bit confused about the mountroot error. That should never happen with one of the nanobsd images which always expect to be on ad0. What did you write to the CF card and how?
Steve
-
Oh sorry, thats not a nano image. This i have installed with a live cd from pfsense to a sata hdd not a cf card in a vm.
And i think thats the reason for the faulty boot path.Later i will try to bring the pfsense live image to the cf card and boot the box with that. A install to the hdd connected to the sata port could be possible.
I dont want to change more things in the bios file and flash. I think it is good to be unlocked, but every flash is risk.
-
After month of no time to bring up and running pfsense on a XTM 8 device, yesterday i found a way how it works!
A detaild setup i will bring up next year in a blog.
What i found is:
Boot nano image not working.
Box only boots from CF or HDD, USB not bootable.
I attached a ssd with a win7 installation and it boots, really nice with a green vga output ;-)
Attached a Live installation hdd boot, but it fail by wrong fstab entry.
The XTM8 will boot from /dev/ad8s1a or /dev/ad8s0a, i can not remember now. But in the afternoon i tell the correct entry.
After setup and boot the live installation in a second box (PC) and edit the fstab by:
mounting / rw
editing with vi the /etc/fstab to the right entry
poweroff the second box and attaching the hdd to the xtm8 and it boots correctlyThe nano image from cf, i think had same problems. I will test it with same way.
-
Sweet!! Keep us posted!!
-
Sweet indeed. ;)
These boxes are unfortunately so rarely available second hand that I doubt I'll get my hands on one to play with any time soon. :(
I'll just keep looking….Steve
-
OK, the xtm8 now boot pfsense from cf.
I installed the cf to a igel thin client, connect a usb cdrom and install pfsense to it with Live CD.
Found the correct entry for fstab and edit it with vi.
Put the cf in the XTM8 and boom ;-)Here the correct entrys:
HDD connected to internal sata: /dev/ad8s1a
CF Card: /dev/ad10s1aCan someone tell me why such numbers and not ad0s1a like default?
-
It's just down to the order in which they are initialised. If the board has a few SATA interfaces the numbers start adding up quick. Still ad10 is surprising.
You shouldn't really run a full install (or anything except Nano) from a CF card. The writes may kill it.Steve
-
Find it!
I had changed the bios ide settings to ahci.
Turn it back to ide it brings me the fault fstab entry. Turn back to ahci is working with the ad10s1a.
Now i have to find the correct entry for ide mode.@steve
is it possible to change the bios for a pfsense in display?Edit:
in ide mode
cf: /dev/ad7s1aNow the question stay on ahci or change to ide and edit fstab to ad7?
And is there a way a nano install to change to correct fstab settings?Will try it with my Igel Thin Client.
-
It is possible but it's risky.
On the XTM5, which has a very similar bios, I managed to produce corrupted bios images a number of times. The only way to recover from that was to flash the bios ROM directly via the spi header but that does not work on the XTM8 as Eams found. So if the image turns out corrupt it's going to brick the box. ;)
To do it you have to extrct the bios modules from the rom image, edit the correct one with a hex editor and then rebuild the image.Steve
-
ok, i let this bios. now flashed the second box with this bios to work on the nano installation and modifying the fstab on nano image. Hope i found the way to do it.
No way with nano image. It only brings a flashing prompt after bios. No output, nothing. Looks like it not looking for a bootloader.
But other things booting.Write the nano image with win32diskimager on the cf. In my xtm5 the nano cf is booting without problems..
-
As soon as the bootloader runs the console will switch to com1 which as we've seen doesn't exist on the xtm8. It should boot a cf card that has had interfaces already configured though, assuming the configuration is compatible with the box.
Steve
-
I can say that a 32 bit nano image run in the Igel Thin Client. Put it in the xtm8 but the orange led for hdd not flash. When running the full install on cf the led is flashing all the boottime. I Think this is a indicator that the nano image will not try to boot.
Edit:
Try now pfSense-2.1-RELEASE-1g-i386-nanobsd_vga.img.gz and it is booting without any problem!
Boottime is very fast!Can this point to a kernel problem?
-
I think it's likely that the standard Nano image attempts to write to the non-existent com1 and crashes. The only way around that seems to be either:
1. Reprogram the rear com port to be com1
or
2. Build a Nanobsd image that is coded to use com2I'm not sure what determines which port is seen as com1. It may be possible to switch them by altering the superIO chip register settings for example. More research needed.
Steve
-
The easy way is to use a nano_vga image. You only have to download it, write it to the cf and all is fine.
With monitor on vga header it can be configured. The console at start works on same settings with bios output (115200). At the Point after the question how to boot (default, acpi disabled . . .) the console shows nothing. Tried all settings in bios, tried to change baudrate to 14400 in pfsense. Nothing helps.This is my plan!
I will now close my first box, it is ready.
Make the second box up running pfsense 64 bit vga nano too.
Make a default configuration with em0 (dhcp use) for wan.
Make a backup from this cf.
Upload it for everyone need it.Than if need new install this must be the way:
write the backup to cf
boot the box with em0 (wan) connected to router
wan becomes an ip from the router dhcp
connect a usb keyboard
without see anything:
"8" for shell
"pfctl -d"
to disable firewall and connect to em0 IP that can be found in the router
configure pfsense with own settings for wan and lan.Correct me if there is a better way.
Think it is the only fast way without vga output to bring pfsense on it.For me, it s done!
-
If you configure only one interface, WAN, then that is the only way to access the webgui so the default firewall rule is there. There is no need to disable the firewall from option 8. However as soon as you add another interface the default rule moves to LAN.
If you are going to create a new image you could just start out with two interfaces defined, WAN and LAN, which would avoid any console configuration. That's how the Alix box works out of the box.You could also try to set the comconsole to com2 after boot which would be useful.
Steve
-
Need a little hint to doing that set console output to com2. Aborting boot process and than on the cli and there with set command? If this doing a output to com there is no need to do a backup image.
Edit:
Found it!
With 7 interrupt boot
set console=comconsole [Enter]
change putty from 118200 to 9600 and hit [Enter]
boot [Enter]boot and output via console ;-)
Now there is no need to make backup.
With this info everyone can install pfsense on it.
I think there is no need to flash the original bios. -
-
I made the backup with lan interface configured to a static ip and dhcp server on. Good to know, when configure em0 to wan and em1 to lan, than em0 is port0 and lan is port 4 of interfaces in front of the Watchguard XTM 8 Series. ;)
-
Hmm, that's slightly odd about the ports being 1 and 4. The numbering in pfSense is determined by he order in which they're probed..
I'm confused as to what you did to get that bootlog, I've forgotten quite where we were. ::)
So firstly it includes some information about the serial redirect module which is something I've not seen on any other box.
I assume that you got this from the rear com port whilst booting the Nano-VGA image. In which case I think it's safe to assume that it only got there by being redirected by the module (which is set to continue after boot). That could explain why you don't see anything after 'bootup complete'. The redirect module can only handle basic text so perhaps the menu is drawn in some way that it can't handle?See: https://www.freebsd.org/doc/handbook/serialconsole-setup.html#serialconsole-com2
Seems to imply that simply selecting the I/O address of the port selects the com port. That's why I was hopeful that changing the port address in the bios would suffice. It seems not. :-\Steve
-
Yes, its from the rear com port. Baudrate 118200 is showing system initializing and bios and the first boot process only to the question how to boot. At this point the boot must interupt with 7 and tell the box to use comconsole for output. After this command the baudrate must set to 9600 and it is showing the rest and stops with "Boot completed".
But now we know the way and i think with my backup from the default installation there is no need to do complete serial output. But i will test more in the new year.
