PfSense on Firebox X550e: A few questions
-
Hi, welcome. :)
1. Boot time will be considerably quicker if the box has internet access on WAN.
2. You can read the card to an image file and then write it out again to a new card. If it's running Nano (which it should be) it probably will last forever though, or longer than some other component on the board. ;)
3. Yes, a new card with a Nano image on it will boot but you'll have to reconfigure it or restore your backed up config file (assuming you've back it up?). Additionally on the X550e you may have to change the BIOS disk geometry parameters if the new CF card is different. If it was supplied with the newest bios that may not be necessary. Do you have a console cable?
Steve
-
Thanks for the information.
1. I kinda figured but wanted to double check.
2. Should I use Linux and do a dd or should I use Windows and run physicaldisk to copy it that way? Look for advice from previous pioneers :-)
3. I ordered a DB9 to USB null cable from Amazon and hopefully that will work.
I have 2 4GB Kingston CF cards; guess I will have to update the BIOS it seems :-(
I have a 256MB CF on the way to be able to manipulate the BIOS; hopefully.I have a few additional questions.
4. Is there a program that I can use from nanoBSD to adjust the FAN speed or must I do that only from the BIOS?
5. It seems when I do an FDISK from the shell (using SSH) I get a geometry error. Can fix this (assume via console/BIOS)? And where do I get the correct geometry to enter for CF cards?******* Working on device /dev/ufs/pfsense0 ******* parameters extracted from in-core disklabel are: cylinders=1875 heads=16 sectors/track=63 (1008 blks/cyl) Figures below won't work with BIOS for partitions not in cyl 1 parameters to be used for BIOS calculations are: cylinders=1875 heads=16 sectors/track=63 (1008 blks/cyl) fdisk: invalid fdisk partition table found Media sector size is 512 Warning: BIOS sector numbering starts with sector 1 Information from DOS bootblock is: The data for partition 1 is: sysid 165 (0xa5),(FreeBSD/NetBSD/386BSD) start 63, size 1889937 (922 Meg), flag 80 (active) beg: cyl 0/ head 1/ sector 1; end: cyl 850/ head 15/ sector 63 The data for partition 2 is: <unused>The data for partition 3 is: <unused>The data for partition 4 is:</unused></unused>
Thanks again …
-
You can use whatever you feel most comfortable in for reading/writing the CF card, it should make any difference. I always use physdiskwrite in Windows but thats just because my Windows box has a CF reader and physdiskwrite can extract the img.gz files on the fly. However pfSense dev JimP has another view: https://forum.pfsense.org/index.php/topic,36651.msg190285.html#msg190285
I've not had problems with either method. I also always use a 1GB image on 1,2 or 4GB cards.So this box was supplied with pfSense already installed? Do you know which bios version it's running? At boot it probably says 'pfSense B7' on the LCD.
The fans can be controlled by the WGXepc program which also controls the arm/disarm LED. Does you box have a green LED? Does the LCD display anything useful? It's hard to know what has been done already.
Have a read through the docs page if you haven't already, most stuff (hopefully everything!) is explained there:
https://doc.pfsense.org/index.php/PfSense_on_Watchguard_Firebox#X-Core-eThe geometry will be wrong because the buggy BIOS forces us to set it incorrectly in order to boot.
Steve
-
Thanks once again for the response. I have been reading the article on the Fireboxes that you list below (just a lot to take in at once). I guess I missed the fan speed on the WGXepc package :(. Thanks again.
-
Let me answer those other questions you asked.
It was shipped with pfSense installed. It does read B7 on the LCD. Besides the B7 I have not really watched it that much. I believe it is very bare bones. pkg_info only reveals mbmon installed (which I installed to get CPU temp).
I am trying to figure out how to reduce the fan noise as my wife is complaining it is too loud :-[. I do not want to reduce the fans too much to cause a BIOS problem. Even BB seems to loud. There are things I am thinking of:
1. replace the heat sink and fans with better stuff if possible
2. write a few crontab entries to turn the fans up/down when appropriate
need to be mindful if there is a power failure
I have read somewhere that you can get back into the BIOS with some fan wire
manipulation.
Not sure the fan BB setting has to do with booting into the BIOS or just in generalI have to do a little more reading and asking questions, but that is for another time. Thanks again.
-
Ok, so if you had the B8 BIOS you might not need to have access to it. Yet to be determined how much better it is.
The slowest you want to set the fans in the bios is BB. Anything lower than that and it will crash the bios setup requiring you to either reset the cmos or remove the speedsensor wire from all three fans to get back in. However there is no need to go lower in the bios because you can use WGXepc to reduce the fan speed much further once it's booted. I've used 32 without issue, others run even lower. The easiest and cleanest way to do that is by installing the pfSense shellcmd package and using that to run WGXepc and boot. I described how to do that in the docs but please ask if it's unclear.
There is also a script for automating the fans speed by cpu temp you might try:
http://forum.pfsense.org/index.php/topic,66129.0.htmlSteve
-
Hey!
I did some more reading regarding fan speeds and as I understand it the WGXepc binary will temporarily adjust the fan speed. If this is the case then I am good. I can keep the fan speed where it is and when the system starts adjust to a tolerable level. Thanks for the handy dandy program. I will look into the fan speed script you listed.
I think I have pfSense shellcmd installed as I see it in the menu items with a warning issued :-).
There is a new BIOS B8 - hmmmm ;D. Might try that when I get my null modem cable.
I am currently reading post from you from 2010 - it will take me a while read through it (like the blue led lights). In the mean time, I am trying to figure out a way to maximize all the space on the CF card. The CF card is 2GB, but the only 1GB max is used. I … need ... more ... space ;D. Haven't found an article are this yet; I need to backup the stuff first before I play - don't want to get angry at myself.
dwfa
-
Minor update one of the fans for the CPU is dead :-(. Need to find a replacement.
-
Are you actually using the 1GB image? On the dashboard does it list the platform as 'nanobsd (1g)'?
The NanoBSD images are divided into three slices. One very small slice contains the config information and the rest of the space is divided between the active and backup slices. Thus if you're running the 2GB image and you look at the running file system you'll find it's just under 1GB.
What do you need extra space for?
Steve
-
That is for pure need and greed :P. I haven't played with anything yet; just got my new 4GB CF cards and I will try playing with pfSense/nanoBSD on a laptop I have via the USB CF reader/writer. I would expect I could go in and use tools (fdisk etc) to muck with the filesystems create/delete/view (of course I will only do this on my sandbox CF card.
After much reading (still not done) I have decided to replace the PSU with a pico one, replace the CPU and add memory; I have to replace the fans (I know it is only one but what the heck) so why not. In for a penny, in for a pound. Here is what I am thinking of doing:
Fans: Any suggestion - want one that the speed can be adjusted (I assume must be 3 pins)
Had this in mind Top Motor Dual Bearing 40x40x20mm Fan DF124020BH
8-10CFMs
CPU: looking to get the Pentium-M LV or ULV (any recommendations)
If I buy a used laptop; do I have to de-solder the CPU out?
Memory: DDR2 2x1GB Corsair 422MHz Non-ECC
PSU: picoPSU-120+60W adapter power kitI was thinking of adding a USB port to the USB header; but I am not sure what that is going to buy me. Still not convinced.
All input is welcomed.
-
The fans don't technically need to be 3 pin, the third pin provides speed sensing which you don't actually need to have. It probably easiest to use 3 pin connectors though. ;) Many fans that claim to be quiet achieve this by being slow and not moving much air. Since you can reduce the fan speed software it's better to get more powerful fans and run them slower. Of course really nice fans are quiet by virtue of better aerodynamics on the blades so those are probably worth it. Bare in mind that the cooling on these boxes was designed to run in a hot rack somewhere so in your home/office it will probably need far less air flow. That's especially true if you fit a PICO PSU where a lot of the heat is externalised in the power brick. If you don't remember that the PSU has no fans and relies on air flow in box to keep cool.
The ULV Pentium-Ms were not socketed, at least I've never found one. De-soldering is really not an option unless you have access to all the BGA reworking tools necessary. Try to get a 400MHz FSB model since they are supported directly by est(4), the FreeBSD speedstep driver, resulting in the best efficiency/coolest running.
USB? In my XTM5 box I have a USB GPS module that provides time sync via NTP. Pointless but fun. ::) I also have a USB wifi stick that I occasionally run as an access point.
Steve
-
I was just about to buy the PicoPSU and noticed that it is missing the 4pin connector to attach to the motherboard? I searched the forums here and could not see how you and the other chap who have Fireboxes installed the PicoPSU. Did you use an adapter for the other 4 pin? Did you not just plug it in?
Now I am nervous :-[
Edit:
–---
Silly me, I am assuming I can use the molex 4 pin connector with and adapter to the 4 pin ATX. Is that how you did it? -
Ah, well spotted.
My own PSU is a Chinese knock off so I can't directly compare it to a PicoPSU however it does have the additional P4 12V connector. I guess you could use the molex connector with an adapter but it's there to power a HD if you have one. You could just use the 90W PicoPSU which looks like it has the P4 connector.Steve
-
I already purchased the 120 picoPSU - sigh; I would have gotten the 90. I checked a few of them (but not the 90) to see if they come with the ATX P4 and none of the ones I looked at had that connector >:(. Now I sit and wait for my goodies. I will be building a 24U rack unit this weekend to put my toys in. Should be fun.
BTW backed up the 2GB pfSense that came with the box; used dd from my linux server and copied it to a 4GB CF. I tried to boot if off of it using my laptop, but it I get a OS error; grrrr. Need to figure out what is going on during the boot process.
Nod to Steven for all your help …
-
Here are some updates:
Got the 2GB of memory and it is working okay.
Got the RS-232 null modem cable and I am able to see the system boot.
Counts memory shows the hard drive etc etcGot a 32MB CF card in the mail and imaged it with the FreeDOS image found in the tutorial. I
imaged a few different way using the tools listed. End result I cannot boot into FreeDOS. I cannot
even press ESC to bypass memory check or press DEL to get into BIOS. I am using PUTTY
115200 8N1 (tired both XON/XOFF on and off). BTW I am using a Sony Windows 8 laptop. Any
suggestions as to what I can do to fix this? >:(Got the new fans and they work good. CPU temp is about 36 with fans at x80 (or 128 decimal)
with no load; and much quieter (no lid at this point).New CPU and PSU are coming Friday.
As for the rack I am building, got all the wood cut; but got side tracked with family stuff - just a little bit more before it is complete. :-)
dwfa
EDIT:
I should have said TAB above and not DEL; in any case it finally works, I can get into the BIOS. Not sure what the issue was. I am still having an issue booting into FreeDOS though. :o
I crated a new pfSense 4GB image on CF cards I had (using dd on my Linux machine) and all seems good :D. I was able to use the console to do the initial setup and it all worked. Still not able to get into FreeDOS - but that is another day's challenge…
-
Since your box already had the modified bios it will have been set to heads=2 in order to boot the larger CF card. In that configuration it won't boot the FreeDOS card. You have to access the bios setup (by pressing TAB as you found ;)) and set the primary IDE channel back to auto settings. It will then detect the 32MB card and boot FreeDOS. However why are you trying to boot into FreeDOS? It's useful to know how to do it but not necessary. If you want to try the newer bios version you can flash it from pfSense with flashrom. BIOS flashing is inherently risky though, generally it's best to avoid it unless you have to. Though I always welcome more testers for the v8 bios. :)
Steve
-
Thanks for the info - I want exercise the experience of booting to FreeDOS. I have gotten into the habit of test things out to ensure if something goes I can fix them instead of trying to figure out how to fix two things (hope that makes sense).
I will change the bios settings and give it ago - thx a gain.
dwfa
-
Just picked up Firebox X750e 8 port off of fleabay for under $100 so will be joining the fun soon. :)
I already have a firewall that I recently upgraded to newer hardware so I will be leaving that alone for couple of years. Funny said it's locked with unknown name and password. No biggie. Nothing factory reset can't fix. :) Besides, I'd do that anyway.
We have few WatchGuards XTMs at work that I manage. What about the little boxes like the XTM 21s? Can those load PfSense? I don't even know what CPU it's using. Have to research this.
Wanted to see what mods I can do with it besides just loading PfSense on it.
EDIT: After quick searching around on PfSense found XTM21 is not x86 hardware. Bummer.
-
Indeed the XTM2 boxes (older models at least) are ARM based, Intel X-Scale. I have spent a while attempting to load OpenWRT on one but got nowhere for months and gave up. Recently I made something of a breakthrough though so who knows. It's way more advanced than my normal level of tinkering hence the months of staring at code and scratching my head. ::)
Would be nice to get running though it has a pretty nice spec for that type of device, 256MB RAM and 256MB flash.Steve
-
Yep. Found a PDF file that talks about the hardware spec. All it said was the CPU runs at 667 Mhz along with 256 meg of RAM and flash.
The XTM21 aren't bad little boxes and we have a few of them. Some even have built-in wireless. Most without active Live Security so would be nice to get the software loaded with something else and put it into good use without the DRM.
I will keep digging around and if I find something I will post a link.