Backup/Recovery Feeback
-
You are free to take an extra, physical interface, configure it with an admin IP address and put permissive rules on it so you can always ssh and webgui in then unplug from it and never use it or add rules to it or mess with it in any way.
Then after you "break" pfSense, you could just connect to it, ssh or web in, and do what you need to do.
Not sure what you're talking about with "keep the internet going." Maybe I'm misunderstanding your entire suggestion.
-
When "playing", I usually open an SSH session to the pfSense box before making any changes and keep it open since any crash of the box typically doesn't kill the existing open SSH connection.
You can also:
Copy the config to a backup from the shell:
cp /conf/config.xml /conf/config.xml-03-22-16and if you need to revert a change and reload the backup config:
cp /conf/config.xml-03-22-16 /conf/config.xml
rm /tmp/config.cacheSometimes you can open a second shell, so that you always have one available. This way you can hit "exit" and be able to use options "11" and "16". Just need to have these SSH connections open before your "playing" around…
-
You are free to take an extra, physical interface, configure it with an admin IP address and put permissive rules on it so you can always ssh and webgui in then unplug from it and never use it or add rules to it or mess with it in any way.
Then after you "break" pfSense, you could just connect to it, ssh or web in, and do what you need to do.
Not sure what you're talking about with "keep the internet going." Maybe I'm misunderstanding your entire suggestion.
WOW, talk down to people much? Your reply was not helpful at all. It was as if you said, " take your suggestion and bugger off" without saying it.
-
When "playing", I usually open an SSH session to the pfSense box before making any changes and keep it open since any crash of the box typically doesn't kill the existing open SSH connection.
You can also:
Copy the config to a backup from the shell:
cp /conf/config.xml /conf/config.xml-03-22-16and if you need to revert a change and reload the backup config:
cp /conf/config.xml-03-22-16 /conf/config.xml
rm /tmp/config.cacheSometimes you can open a second shell, so that you always have one available. This way you can hit "exit" and be able to use options "11" and "16". Just need to have these SSH connections open before your "playing" around…
I'm considering some other alternatives. Prior to buying this house, I kept my server rack in a spare bedroom where my internet connection was. Now in this house, it is a 2 story and the smart panel is in the laundry room which is upstairs and unfortunately, it doesn't make since to park my cabinet in there. So, I mounted a small rack shelf in there to put my modem, switch and pfsence box on and my server in in the spare bedroom down stairs. Unfortunately, I have no monitor or keyboard connected to my pfsense anymore; nor is it feasible to do so.
-
Unfortunately, I have no monitor or keyboard connected to my pfsense anymore; nor is it feasible to do so.
Last time I checked, SSH doesn't need the your remote device to have a keyboard or mouse :) Take a look at putty as an SSH software…
-
is there any type of standalone monitor/keyboard to IP dongle available cheaply? It would be nice to be able to access the console via my desktop over my network.
-
is there any type of standalone monitor/keyboard to IP dongle available cheaply? It would be nice to be able to access the console via my desktop over my network.
https://en.wikipedia.org/wiki/KVM_switch
-
You are free to take an extra, physical interface, configure it with an admin IP address and put permissive rules on it so you can always ssh and webgui in then unplug from it and never use it or add rules to it or mess with it in any way.
Then after you "break" pfSense, you could just connect to it, ssh or web in, and do what you need to do.
Not sure what you're talking about with "keep the internet going." Maybe I'm misunderstanding your entire suggestion.
WOW, talk down to people much? Your reply was not helpful at all. It was as if you said, " take your suggestion and bugger off" without saying it.
It accomplishes every one of your goals, dude. And all with no extra code (for your specific circumstance and your specific hardware, I might add.) And you can get another NIC for probably $2 if you try hard.
You need to lighten up.
To maintain a network device you need web, telnet/ssh, or serial access. This solution accomplishes two out of three because serial access to the computer console requires specialized hardware.
Serial access to the console already exists on hardware that supports it.
This is a solved problem. No need for any new features. Doesn't meet your needs, tinker away.
-
is there any type of standalone monitor/keyboard to IP dongle available cheaply? It would be nice to be able to access the console via my desktop over my network.
Hardware to do that already exists. No need for a new pfSense feature to solve your specific problem.
Buy a device with a remote management processor and you can console in and control power and do anything you want.
You can probably get an external device that listens on VNC and presents your session as monitor and keyboard to your hardware.
-
You need to lighten up.
+1
I always keep an extra interface installed and configured just in case. Then add a wireless access point to it if you don't want to wire it to your desk. Not rocket science.
-
You are free to take an extra, physical interface, configure it with an admin IP address and put permissive rules on it so you can always ssh and webgui in then unplug from it and never use it or add rules to it or mess with it in any way.
Then after you "break" pfSense, you could just connect to it, ssh or web in, and do what you need to do.
Not sure what you're talking about with "keep the internet going." Maybe I'm misunderstanding your entire suggestion.
WOW, talk down to people much? Your reply was not helpful at all. It was as if you said, " take your suggestion and bugger off" without saying it.
It accomplishes every one of your goals, dude. And all with no extra code (for your specific circumstance and your specific hardware, I might add.) And you can get another NIC for probably $2 if you try hard.
You need to lighten up.
To maintain a network device you need web, telnet/ssh, or serial access. This solution accomplishes two out of three because serial access to the computer console requires specialized hardware.
Serial access to the console already exists on hardware that supports it.
This is a solved problem. No need for any new features. Doesn't meet your needs, tinker away.
Listen, i get what you are saying and even though your words come across very brash and aggressive, i remain calm and patient. I think though that you clearly dont understand what i am looking to do. First off, i have no experience using SSH, telnet etc. Second, i looking for a solution that in the event I'm out of town, my wife can easily pick up and go with if the box goes down. The things you suggest, while not resembling rocket science to you, are overly challenging to someone with no experience using. Clearly you assume more of me than you need to.
So, let me repeat, there is two interfaces of pfsense that i wish to only use: the console and the web configurator. What I am asking for is a backup web configurator that can be used to fix the main in the event of outage; nothing more, nothing less.
My apologies Derelict if my skill set doesn't match up to yours. What i am seeking is something that is within my skill set; a common since feature. I'm not looking to learn something i will use once in a great while.
-
Clone a hdd and in event of failure your wife can switch it :)
Easiest way probably :) -
We would all love a way for our wives to recover from a router failure while we're out of town, dude. Wow.
A solution exists. It's called High Availability Failover/CARP/pfsync.
-
Lol.
But my solution works you know…
Tested :) -
Lol.
But my solution works you know…
Tested :)Truthfully the only way I see my firewall having problems while Im out of town is a hardware failure. Since my wife nor any of our kids will probably not be trying be configuring the firewall in my absence. ;D
Your solution seems the most logical.
But in any event. jbhowlesr - download putty and learn it while you have a chance.
https://www.youtube.com/watch?v=krNuKDGEjvQ
