CF Flash questions



  • I got my self a new Mini-ITX board with 4 LAN port.  They were not recognized by the m0n0wall project and I decided to give a try to pfsense.  pfSense did find all my NIC and I was amaze with the quality of this project.  I'm currently using RC1.

    I'm using a CF of 128MB.  I was able to install pfSense to it without any trouble.  I read in the wiki, the FAQ and the Forum different stories on what should I do.

    1. Why the FAQ state that I should, at least, use a 256MB CF when everything seems to fit on a 128MB in a read only env?

    2. What should I put in /etc/platform? Embedded or WRAP? I would like to keep video and keyboard

    Thank you

    Martin



  • @Rockyboa:

    I got my self a new Mini-ITX board with 4 LAN port.  They were not recognized by the m0n0wall project and I decided to give a try to pfsense.  pfSense did find all my NIC and I was amaze with the quality of this project.  I'm currently using RC1.

    I'm using a CF of 128MB.  I was able to install pfSense to it without any trouble.  I read in the wiki, the FAQ and the Forum different stories on what should I do.

    1. Why the FAQ state that I should, at least, use a 256MB CF when everything seems to fit on a 128MB in a read only env?

    This is not correct anymore and needs updating. You only need 64 MB nowadays if using the default embedded image.

    @Rockyboa:

    1. What should I put in /etc/platform? Embedded or WRAP? I would like to keep video and keyboard

    Thank you

    Martin

    WRAP is also not valid anymore, it now reads "embedded". We changed this as this image/type is not pcengines specific.

    However you have to use the full install to the cfcard in order to keep keyboard and video support (this is stripped from the embedded image).This then might not fit into 64MB. After booting it up change the platform tag to "embedded" and reboot. Now the cf-card will be used in read only mode and will only be mounted for writes to the config.xml for example.

    Using a "selfmade embedded full install" is not supported btw, so if problems occur with this kind setup you're on your own, though it should work.



  • Thank you for the pointers.

    So if I want to get support, I would be better of using the embedded image and resize it to my Disk On Chip capacity.

    Martin



  • I tested installing from the live cd onto compact flash, and then converting it to embedded with RC1. The only catch I ran into was when I did the cvs_sync.sh releng_1 it ran for over an hour, wouldn't quite fit on the 256 mb card, and turned the router into a brick. I put in a 512 mb and fixed the problem. Had no problem installing the embedded image on the 256 mb.



  • Keep in mind that a cf-card has limited writecycles. You should try to use it in readonly mode or it will wear out sooner or later.



  • Hi there
    I have been messing about with linux, ipcop and smoothwall for a while but Im a fairly new convert to pfsense.
    I have two firewall boxes each with 256mb compact flash drives. 1 is running a pfsense full install with the recommended change to /etc/platform and the other one is running IPCop with changes I found somewhere to the install so that all writes to tmp and log go to a ram disk and then logs are periodically gzipped up and written to the CF drive (thus vastly reducing the number of writes to the drive).  This approach seems to work really well and means I can use all of the features (limited as they are compared to pfsense!) that ipcop offers.  Is there any chance that pfsense might adopt a similar approach for CF installs?



  • No, besides packages you HAVE all features of pfSense on embedded install.



  • Ok - fair enough.
    Is there a technical reason why its not a good idea?
    Is there a better solution (other than installing a hard drive) that would enable packages to be used on a CF install?

    Thanks
    MadDog



  • CF cards wear out as they have limited write cycles and most of the packages do logging or caching or write frequently some kind of information to the disk. Maybe we can provide packages suitable for embedded systems to be installed later down the road.
    Depending on your system you can have a full install to 2,5" hdd (soekris for example) or use one of these cf-size hdds and perform a full install on these.



  • Yes…sorry, I meant is there a technical reason why it is not a good idea to mount say /tmp and /log as a ramdisk and gzip the contents for writing to the disk when the ramdisk gets full?



  • Embedded systems start at 64 mb RAM size (and the cf-images images we provide are meant to be compatible with these systems), some even less. However we won't support systems with less than 128 MB (we had a lot of fun at the hackathon with 64 MB systems randomly killing processes when memory got low). You really want a full install if you plan to use more than pfSense core functionality. And of course if running from ramdisk everything is lost after reboot which might be not a good idea for some packages as well (like a spamfilter that you have teached to delete spam effectively).



  • Thanks for your time Hoba - I appreciate you helping to bring me up to speed with pfsense, I love the product and I am actively out there converting my ipcop/smoothie friends.

    I understand the difference between the classic "embedded" system and the regular PC re-purposed as a firewall appliance.
    What I am suggesting is that there is another applicable class of machine in between - the single board computer type such as the Lex Light that has the system resources of the PC and the silent, reliable operation of the "embedded" system - although you could of course put a laptop drive in one if you wanted to.

    Sure, some packages log or cache data that would be lost if there was a re-boot with a ramdisk but then a few emails from your spam filter or a few pages from your squid cache are really neither here nor there in the greater scheme of things and if the machine was compromised (unlikely) and the logs of the intrusion lost then …hey..they probably should have been logged to another machine anyway!!

    MadDog



  • I understand what your needs are, but it's not too easy to maintain a complete collection of installs for differnet type of systems. We only offer support for 2 types of systems, embeddeds (aimed at sbc but will run on more powerful machines too but yet should work with low end hardware) and full installs (the main target platform of pfSense). I doubt that tere will be some change of this philosophy in the near future. It's already hard enough to improve and test pfsense for these 2 platforms.


Locked