pfSense on Watchguard M270

stephenw10

It is possible to run pfSense Plus on the M270. It contains the required switch code and drivers to attach to it. So when that becomes available for 'white box' devices that may be an option for some. It still requires some hackery though. I use a script to setup the switch at boot as the M270 is not recognised as a device that has a switch.

Steve

haowei

@stephenw10 非常感谢你的回复，有软件下载链接吗请给我个谢谢。。。

stephenw10

@haowei said in pfSense on Watchguard M270:

Thank you very much for your reply, is there a software download link, please give me a thank you.

No, not yet. pfSense Plus is planned for release for whitebox devices in the near future but all the pieces to allow that are not yet in place.

Steve

haowei

@stephenw10 再次感谢你得回复祝福你身体健康万事如意。。

haowei

@stephenw10 你好再次求教你的M270主板BIOS有解锁或者去掉密码吗？

stephenw10

@haowei said in pfSense on Watchguard M270:

Hello again, is there any unlocking or removing the password for your M270 motherboard BIOS?

No, there is no unlocked BIOS available and the password is unknown. Also it probably going to be very difficult to do so since Lanner do not appear to make an equivalent unbranded model.

Steve

haowei

@stephenw10 技术支持应该快了这是我查到有关信息。https://www.freebsd.org/releases/13.0R/announce/
https://forum.openwrt.org/t/intel-quick-assist-v1-5-drivers-and-openssl-1-1-1e-acceleration-engine-for-19-07-2/58692

stephenw10

This is an English language forum, please post in English. Otherwise I have to use Google translate every time.

We already have that in Plus though:

[21.05-RELEASE][admin@m270.stevew.lan]/root: pciconf -lv qat0
qat0@pci0:1:0:0:	class=0x0b4000 card=0x00008086 chip=0x19e28086 rev=0x11 hdr=0x00
    vendor     = 'Intel Corporation'
    device     = 'Atom Processor C3000 Series QuickAssist Technology'
    class      = processor

Steve

haowei

@stephenw10 Are you running on m270 now?

stephenw10

Yes, that is it shown above.

deadare321

@stephenw10 any chance you can share what that setup script looks like? I've got pfsense running no problem but can't get any of the interfaces functioning.

stephenw10

The script looks like this:

#!/bin/sh
#
# Script to setup the switch in the M270
#
# SteveW 5/6/2020
#

echo "Configuring switch..."
logger Configuring switch...

etherswitchcfg vlangroup1 vlan 1 members 9
etherswitchcfg vlangroup2 vlan 2 members 3,4,5,6,7,8,10
etherswitchcfg vlangroup3 vlan 3 members 2,4,5,6,7,8,10
etherswitchcfg vlangroup4 vlan 4 members 2,3,5,6,7,8,10
etherswitchcfg vlangroup5 vlan 5 members 2,3,4,6,7,8,10
etherswitchcfg vlangroup6 vlan 6 members 2,3,4,5,7,8,10
etherswitchcfg vlangroup7 vlan 7 members 2,3,4,5,6,8,10
etherswitchcfg vlangroup8 vlan 8 members 2,3,4,5,6,7,10
etherswitchcfg vlangroup9 vlan 9 members 1
etherswitchcfg vlangroup10 vlan 10 members 2,3,4,5,6,7,8

etherswitchcfg port1 forwarding
etherswitchcfg port2 forwarding
etherswitchcfg port3 forwarding
etherswitchcfg port4 forwarding
etherswitchcfg port5 forwarding
etherswitchcfg port6 forwarding
etherswitchcfg port7 forwarding
etherswitchcfg port8 forwarding
etherswitchcfg port9 forwarding
etherswitchcfg port10 forwarding

echo "done"
logger done

But it will only run in Plus. None of the switch stuff is in CE.
It's still not really perfect there. The required loader hints are lost at upgrade currently.

Steve

ozon08

Hey, i bought a Watchgaurd M270 and installed pfsense on a new mSata drive, activated pfsense plus home.
After i stick it in the M270, it boots up but ich can not config the etherswitch.
I get this error:

etherswitchcfg: Can't open control file: /dev/etherswitch0: No such file or directory

stephenw10

You need the loader hints to create the switch device. Add these lines to /boot/device.hints:

hint.mdio.0.at="ix1"
hint.e6000sw.0.addr=0
hint.e6000sw.0.is6190=1
hint.e6000sw.0.port0disabled=1
hint.e6000sw.0.port9cpu=1
hint.e6000sw.0.port10cpu=1
hint.e6000sw.0.port9speed=2500
hint.e6000sw.0.port10speed=2500

Unfortunately as I said those are lost at upgrade. The file handling for the 7100 switch adds/removes those lines when needed and the m270 is not recognised. Been a while since I looked at it though. Might be different in 22.01.
Edit: Nope still removed at upgrade so you need console access to add it back.

Steve

ozon08

@stephenw10 thank you.
My Switch is now working, but is ix1 wan and lan port or is ix0 wan and ix1 lan?

stephenw10

If you used the script I posted above WAN should be ix0 and connects to port 0.
LAN should be ix1 and connects to ports 1-7.

Of course you can change that to be however you want. Add VLANs to get 8 separate interfaces/ports for example.

Steve

sorcefm

This post is deleted!

sorcefm

This post is deleted!

ozon08

@stephenw10 Perfect. Now everything is running.
Thank you very much Steve

ozon08

Did anyone update to pfsense plus 23.x?
@stephenw10 can you help me?