Pfsense Install on Nokia IP390
-
According to the manual (http://www.manualowl.com/p/Nokia/IP390/Manual/3822), the AUX port is a secondary serial port, not the WAN connection.
The youtube video link posted by Steve shows the PMC slots populated with the optional 4-port lan card, and later in the video, it shows 4 intel ports in use (em0, em1, em4, and em5). Does pfSense show em0-em3 on your unit?
Can you capture and read through the boot messages from your console? Or post the boot log here. That would tell what nics are detected.
Also, maybe the units were not working due to a hardware issue rather than a faulty IPSO flash?
Hi there – Yeah, thanks, I didn't know that because the manual I have printed incited that the AUX port is the WAN interface -- Silly me!
Yeah, I've ordered 2x Optional 2-port Gigabit PMCs, due to arrive tomorrow -- I probably won't resume work on this until they arrive, simply in the event pfSense doesn't like having new ICs installed after pfSense has configured itself.
I'll do that tomorrow, but the auto detection of NICs is eth0 - 3 of INTEL PRO 1000 Gigabit NIC
Yeah, I did look into that issue, but I found out that the IPSO cards both have faulty file permissions which I might fix at a later date, but the hardware is all in working order. -
Adding NICs after initial config is not normally a problem. One issue than can happen is if you add more em NICs it might offset the existing em NICs. Even so you would still just re-assign the interfaces.
It would be useful to complete the install to test the connectivity of the existing NICs. Embedded boxes like that sometimes have custom options waiting to trip you up. ;) You can always re-image the CF card easily enough.Steve
-
I'll do that tomorrow, but the auto detection of NICs is eth0 - 3 of INTEL PRO 1000 Gigabit NIC
Sure it's not em0 to em3? Coming from linux, it took me a while to get used to NICs being named according to the underlying hardware, like em0 or igb0, rather than being presented as eth0 for any hardware type.
-
Alright, pfSense is now running brilliantly on the IP390!
One thing to add is that under the default interfaces, ETH-1 is actually em0 in pfSense, and ETH-4 is em3.
Also, would it be possible to add another hard drive for use caching and stuff?
-
Nice! :) So relatively logical interface detection then. Just watch out for what I said above if you add more.
You can add a harddrive and use it for caching but there is no system for doing so built into pfSense. Others have done it using some custom scripts etc but it's almost certainly easier to just use the harddrive as the boot device (full install) and forget about the CF card.
See: https://forum.pfsense.org/index.php?topic=67823.0Steve
-
Thanks Steve.
Another quick thing, I just managed to do some data recovery on the IPSO CF card, and have managed to extract the backup IPSO image (Used in case of a critical system failure) and original kernel.
Would it be possible for me to use the original kernel with a pfSense install? If so, how would I go about doing this? (Note that IPSO also runs off freeBSD, so there shouldn't be any compatibility problems)
-
Would it be possible for me to use the original kernel with a pfSense install? If so, how would I go about doing this? (Note that IPSO also runs off freeBSD, so there shouldn't be any compatibility problems)
Almost certainly no, not possible. Why would you want to? If you want to experiment, you could try booting IPSO for a comparison to pfSense.
-
Indeed, pfSense uses a custom kernel and I would expect IPSO does also. The base FreeBSD versions are probably different. I'd be amazed if it was compatible.
Steve
-
Hmm.. Alright. The only reason why I wanted to use the IPSO kernel was because the warning light on the unit remains on which indicates an internal voltage error. The unit runs fine, so I can assume the warning is false, but it would be nice to get that working properly
-
Try booting IPSO: if the LED goes off you're OK, and it's likely a IPSO userland utility that controls it. If it stays on, you have some more investigation to do. Of course, wire cutters or black tape could fix the problem too …
-
Since that same indicator can show over temperature it's probably driven from the board rather than the psu which is good. It's probably driven from the SuperIO chip where the voltage and temperature sensors are connected.
There maybe some options in the BIOS to change the indicator behaviour otherwise you could probably tweak it manually with a utility and a script.Steve
-
Hmm, alright.
Yeah, booting into IPSO turns the warning indicators off, so the unit is fine.
Alright, thank you. I don't think I can actually change the bios settings, or at least not from the console. How would I go about getting a utility / script working?
-
Can you access the bios at all? It may be at 115,200 on the serial console.
It's not straight forward doing it from software. It will probably require a lot of trial and error and educated guesses. See my own effort here: https://forum.pfsense.org/index.php?topic=32013.0
The first thing would be to try to determine how the led is connected to the board. Then gather as much info about the board as you can. In particular the superio chip and the north/south bridge chipset. If it's not made by nokia who made it etc.Steve
-
Hi Steve,
Uh, I can't say I know what you're talking about, sorry. The serial console connection is currently set to 9600 bps, 8 data bits, No parity and 1 stop bit.
The following image shows the assembly behind the console ports and status LEDs:
The large chip in the foreground is an Intel nhe3600esb I/O controller. the status LEDs connect through a sister board, which connects to the motherboard by a ribbon cable just behind the I/O controller.
Seems like in your attempts with a similar circumstance required digging through the kernel. I'll take a look at that in a minute or so, once I can find a program which can read it :/
-
The proximity to the ICH chip (6300esb) would have me guessing it's controlled by one of the GPIO pins on that. That was where I found the control on the earlier firebox models. The only issue is that I don't think the 6300 had a flashing mode. :-\ There are lot of components on that daughter board considering it's only got 3 leds on it. Flashing could be done there.
Steve
-
Hmm. The daughter board actually governs 4 LEDs, as, from left to right, you have: System activity indicator (green), System warning (Yellow !), System On/Off (Nokia logo, illumunated blue) and the system fault indicator (Red X ). I've worked out that 5 of the LEDs on the daughter board govern the system On/Off light alone.
Here's a picture of the daughter board taken off:
There's a few chips on here, any ideas? My initial thoughts were that they were voltage regulators, but I'm pretty sure the System fault indicator is ran from the BIOS, which might explain the chip on the top right of the board. That would also explain why the fault indicator is working properly.
-
I agree there's probably some voltage or current regulation. The outputs from the ICH are probably not capable of sinking enough current to drive the LEDs directly so instead there are transistors for each LED (Q1, Q2 etc) and a line driver/buffer (the 7407 IC). The other large device, labelled 10-16L, is a capacitor perhaps to filter switching spikes. I like that there's a mystery space for an LED, CR9, that Nokia decided not to use for whatever reason. :)
Do the 4 LEDs come on as soon as you power on the box? Do they vary at all during boot?
The BIOS setup in embedded hardware like these boxes is often available on the serial console via 'console redirection'. It's usually at a baud rate of 115200bps. To access it you often have to press TAB because you can't send DEL over serial. Interestingly it looks like that box has two BIOS ROM chips.
Edit: Maybe on the other serial port, AUX, perhaps.
Steve
-
You're correct. The board has support for 2 BIOS chips, but only the right one is populated with a BIOS chip. According to the stickers on the MB, the BIOS is an American Megatrends AMI BIOS 786Q.
As for accessing the BIOS, I'll give that baud rate a try tomorrow. How will I know when I'm in the BIOS? Will it print text like the normal 9600 baud rate does?
I believe that the LED for CR9 Might be for and LED for the IP560. I don't exactly know what that LED would be, but I would imagine that Nokia use the same status LED boards across most of their IP series products to save money.
-
Searching for info on the IP390 there are a number of people who have posted IPSO boot logs and it includes the memory count. That is before the bootloader so it's coming from the BIOS. It's in the same log at the same baud rate so I would suggest whatever baud rate IPSO uses should be good for accessing the BIOS setup. If you're seeing the memory count you're probably good, try pressing TAB. Of course Nokia could have it all shut down deliberately to stop access but they haven't forced only signed boot images for instance.
Steve
-
Just for reference the IP530 uses the SuperIO chip to control those LEDs:
http://www.coreboot.org/Board:nokia/ip530#Front_LEDs
Does not mean the IP390 does though. ;)Steve