Would like to setup a Dual Boot with pfsense on a Lap top.
-
I have a laptop that dual boots Win XP and FreeBSD. That's no problem the FreeBSD installer takes care of it for you. The pfSense installer does not. You would most likely have to do it manually.
If I were trying to do this I would boot the Nano+VGA image from a USB stick as Wallabybob suggested.Steve
-
While it might not help you, I have to ask: why?Call it being frugal…
This is for my home office and I can remove the firewall temporally if needed. A emergency and need a laptop on the road, it would be setup for a dual boot to windows 7.
-
Please correct me if there's some fundamental reason it can't be done.
I suspect if you have sufficient knowledge, cunning and persistence it can be done.
How about installing to a USB stick or CF card or other "additional" drive and dual booting by changing the boot device from the BIOS?
My ranking in expected "ease" (easiest fist):
1. Install pfSense to an additional drive.
2. Install pfSense to a Virtual Machine on the laptop.
3. create single combo drive with Windows and pfSenseI have no knowledge abot linux whatsoever and have done it. I have if I remember correctly 10 partitions or so on my HD. I have XP, ubuntu, some other linux distribution which is for a usb stick normally installed, and pfsense.
It let me install it onto a partition, I didn't have to delete the entire hard drive.
It wipes out the boot loader and nothing will start anymore but I just started from the ubuntu CD and did the grub2 auto fix option.
it won't find pfsense but it can just be added manually and then be started just like any other operating system.
and i have never dealt with linux in dept. i just read dummy guidance notes and had them guiding me and it worked.1. partition your HD
2. format your pfsense partition with ubuntu or anything that boots
(I had XP and ubuntu installed before I installed pfsense and it only kills the grub2 bootloader. You will find the pfsense bootloader only booting pfsense. but after fixing grub2 and entering manually the pfsense partition you can have as many operating systems beside pfsense as you want)
3. install pfsense into this partition
4. install windows (not sure that windows 7 & 8 works like that)
5. install ubuntu or anything else you want, if you don't want anything else then just install grub2
6. manually configure grub 2 for the pfsense partition
7. i read grub2 can boot into other bootloaders in a chain, so anything is possible i guess -
I know this is very old, but it came up first when I searched so maybe others will benefit.
THIS APPLIES TO UEFI AND GPT ONLY - I HAVE NOT TRIED BIOS AND MBR
Getting multi boot with pfSense.
First: Install Ubuntu. Either create a partition and install other if you're adding to a windows installation, or install erasing whole disk, if there's no Windows to bother about, or you're on a VM. Some key things for Ubuntu.
gksu. Just try to run it, you'll be told how to install. This lets you run Nautilus (file manager) as root, AND any gedit instances invoked from it. (gksu nautilus & in terminal. '&' leaves a working terminal open.)
chromium. Brings all your bookmarks etc into ubuntu. Install from Ubuntu software launcher.
vm tools. (If you're using VM-Ware) Install from management menu; extract to desktop; move to the extracted folder on desktop with root nautilus (see above) and install by ./vm-install.pl from a root terminal invoked from nautilus. Do not follow suggestion to use open source version it seems not to work. Accept all other suggestions. This allows you to cut and paste from Windows e.g. the file in the fourth section.
GParted. Install from ubuntu software launcher. Note this is available on the 'live CD' option of ubuntu installer, but the installed version does not. You will need a live CD version to edit the partitions of the OS you are using.Second: Use gparted to trim the ubuntu ext4 partition and move the swap next to this trimmed partition leaving an empty space. To follow instructions below you'll need around 15GB free, though you could probably get away with less.
Third: Install pfSense. The iso file, or CDROM are easy, just set your machine to boot from them. If you use a USB stick you must download the right version, then extract it and load it to a USB using rufus. NOTE, the USB will NOT be recognised by windows, but your UEFI BIOS will boot from it. pfSense docs say that you must use the whole disk, and the standard FreeBSD install question about using the whole disk or a partion is not present in pfSense (and their FAQ says you can't multiboot), HOWEVER there is still the option of manually setting up the partions. Use it, and select 'CREATE'. This will put the partions you next set up in the empty space set up in step 2 above. For the first 'create' you define the partion as 'FreeBSD-ufs', set the size as '10GB', and mountpoint is '/'. You can give it a name if you wish, naming helps identify the partition in GParted. NOTE: NO spaces in the size: 10GB. Hit 'OK'. You'll be asked if you want a boot partion - of course you do! Now use 'create' again, define the final partition as 'FreeBSD-swap', mountpoint is blank, and size '4GB'. Again you can name it if you wish. Hit OK, then carry on installing. You'll be asked to reboot, and here's a problem. The grub bootloader from your Ubuntu install has no idea about your new pfSense installation.
Fourth: Open Ubuntu. root run Nautilus. Move to and open /etc/grub.d/40_custom. Do not overwrite anything and add the section below: -
menuentry "pfSense" {
set root=(hd0,gpt4)
chainloader /efi/BOOT/BOOTX64.efi
}Save, then from terminal sudo update-grub. DON'T FORGET. Note that 'hd0' above is the FIRST hard disk, 'gpt4' is the 4th gpt partition (after EFi System partition, ext4, linux-swap if you just have ubuntu on the disk). If you have windows it will use at least 4 additional partitions. Check where the FreeBSD efi partition is using gparted, it's the second EFI and 200 MB. The path after 'chainloader' can be verified if you mount the fourth partition (or whichever one it is). Use sudo mount /dev/sda4 /mnt. Drill into the mounted partition to find the .efi file, ignore the 'mnt' part of the path. If you go looking to customize how grub appears you'll come across 'grub-customizer'. Don't use it. It changes stuff that's hard for a noob to fix. You may want to edit /etc/default/grub instead to ensure the grub menu displays. Do this by changing this line '#GRUB_HIDDEN_TIMEOUT=5' (the '#' is new, and the 5 was 0)
Some useful web-sites: -
https://forum.pfsense.org/index.php?topic=56033.0 questions about dual booting with pfSense
https://www.freebsd.org/doc/handbook/bsdinstall-partitioning.html FreeBSD partitions
http://www.rodsbooks.com/refind/installing.html Info about installing refind, an alterative boot manager which finds FreeBSD and pfSense but is a a bit ugly.
https://www.gnu.org/software/grub/manual/legacy/Command_002dline-and-menu-entry-commands.html#Command_002dline-and-menu-entry-commands grub commands
https://www.howtogeek.com/196655/how-to-configure-the-grub2-boot-loaders-settings/ editing /etc/default/grub
https://forums.freebsd.org/threads/dual-booting-of-ubuntu-10-10-and-freebsd.23101/ First pointer about dual booting FreeBSD
https://askubuntu.com/questions/666631/how-can-i-dual-boot-windows-10-and-ubuntu-on-a-uefi-hp-notebook Dual boot windows 10 and Ubuntu. -
Going to spoil the party, here, but to anyone looking to install pfSense you need to be aware that this software is obviously a wind-up: in very simple terms a firewall is intended to work concurrently alongside one or more operating systems ...and this software is supposed to be installed on a HDD with exclusive use of that HDD. Think about it. - What you have is one single firewall on a HDD (after a considerable amount of configuration and messing around) and nothing else, with absolutely no means of using an operating system alongside of it short of forcing the issue with partition workarounds.
If anyone wants to challenge this I would ask them how (for the sake of a much larger number of everyday users) a person would use the software (after burning to a DVD) to protect an installation of Windows 7 or 10 ...without resorting to the workarounds and kludges given by other users, and taking into account that the OS and pfSense would be on seperate partitions with, thus, no interaction between them possible?
-
@2RTzC5KbQGH4aG
Strong opinion from a 1'st poster.I use pfSense for enterprise firewall'ing , and have absolutely no problem with it being the sole OS installed on my HW.
In fact i'd be even more of a "Grumpy Old Man" , if i ever found out that one of my sites had done something like that.
If you need a Test/Toy pfSense it's easy to boot up in VMvare or Vbox.
But for my use i have the budget to buy a few extra real HW boxes, that reflect my real HW on the remote sites. That is what a real test system should look like. Even for my home usage i bought an Extra Box as "cold spare".
Dual booting ... why ?
If you dual boot you can't use the other OS'es at the same time.
Just fire a VM up under Vbox , and be done with it.Edit: Your username is a strange combo ... Are you a troll bot
/Bingo -
Mmm, this is either a troll or you have misunderstood the purpose of pfSense entirely.
If you are trying to protect a Windows install using pfSense on the same hardware you are doing it wrong. It's technically possible if you used virtualisation.
The only reason you would ever install it dual-boot like this would be for testing.
Steve
-
Thinking this through logically, why would you want to?
A dual boot system puts or more operating systems on a PC with each running individually. As opposed to a VM which allows many to run at once.
A router is 24/7. When in PC mode the router does not exist on a dual boot system. A 24/7 PC with virtual machines running allows everything to run at once.
However, that brings up security issues which are a different discussion.
-
The only sort of dual boot that would really make any sense for pfsense box would be able to boot previous version on failed update. Or something in new version wasn't working how you need it to work.
Some routers/switches support such an option..
But dual booting normal OS or a Firewall distro doesn't really make a lot of sense at all.
-
Yup, you might dual boot 2.5 and 2.4.5p1 for example. I could imagine dual booting pfSense with CentOS or something just to test hardware compatibility.
I suspect our friend above didn't read the right docs, thought it was a software firewall for Windows and attempted to install it as such resulting in much frustration. They would not be the first.
Steve
-
@stephenw10 said in Would like to setup a Dual Boot with pfsense on a Lap top.:
Mmm, this is either a troll or you have misunderstood the purpose of pfSense entirely.
@Steve , We should give him the benefit of the doubt and maybe he (a good person) had a really bad day.
But there are also bad people who enjoys the suffering of others.
-
The point that I was trying to make was that of the pointlessness of having a firewall on a HDD and nothing else. Why would anyone bother with that? - The whole idea, surely, of a software firewall is to run it alongside the operating system, not to stick it on a seperate HDD.
...but playing along with the curious argument that the firewall is actually supposed to be all alone on a HDD, what then? - How can it possibly protect anything when it is sat there with no operating system and absolutely nothing to protect?
Reading between the lines of the replies received thus far, though (thanks, - they are appreciated), I get the impression that, possibly, the idea is to use pfSense, once installed, as a pass-through device; effectively turning a spare HDD into the equivalent of a hardware router and then using that as a bridge device between the internet and the local network. Would that be correct?
-
Exactly that. pfSense is a router/firewall. It replaces whatever router you may have currently, Netgear, Cisco etc. It can be run on a standard PC with two NICs but also runs on more specialist hardware like this.
Also see: https://www.pfsense.org/getting-started/
Steve
-
@stephenw10 Thanks, but that, to me, seems to be a hellishly complex (and expensive) way to implement a network filter. At least I now understand what pfSense are trying to do with their software, because no-one (reviewer, website, or weblogger) makes it at all clear how to implement it or that it comes with a minimum requirement of 2 NICs and a HDD (or equivalent).
-
You don't actually need two NICs, you can use VLANs with one NIC and a managed switch.
Or install it in a VM as discussed above.
It really depends on what you're trying to do. Filter traffic for a whole office of PCs? Setup a VPN to allow all those PCs to connect to some remote site? It would be crazy to try to do that with software firewalls and VPN connections on each PC.Steve
-
@stephenw10 I am still in the process of trying to patch VirtualBox sufficiently to a: get it working and, b: get it working with IPv6; so I may see about patching-in pfSense at some point, too, - thanks.
My setup is (now) a virtual linux webserver with Windows PC. Next will be a MAC (but they do not like virtual, apparently); so depending on how things progress I will either attempt to patch-in pfSense or I will simply buy a hardware box (which would, unfortunately, have to be one of the dearer models because of my networking requirements).
-
I have run numerous pfSense instances in VBox with no issues. I would expect it to 'just work' there.
Steve
-
@stephenw10 Good, - thanks, - but based on my unpleasant experiences with both VirtualBox and VMWare (especially) I do not expect the problem to be with pfSense.
-
Since I got a Proxmox host setup I hardly ever use VBox anymore. I can recommend that, it was a game-changer for me.
Steve
-
@stephenw10 Looks interesting, - another installer that requires an entire install device to itself, but if there is a chance that I can run my webserver without crippled IPv6 and DNSSEC it has got to be worth a look. - Thanks.
