Questions about LiveCD and other bits…



  • I'm testing out pfSense 0.94.4 LiveCD version with the following system…

    Celeron 1.2Ghz
    512MB RDRAM
    Sony 50x CD-ROM
    3x Intel i82559 NICs
    Sony Floppy drive
    15inch LCD (initial setup only)
    Cheapo keyboard (initial setup only)

    I've assigned the following.
    fxp0 => LAN
    fxp1 => WAN
    fxp2 => OPT1 (which I'll re-designate as WAN 2)

    The problem is, after when I've done all the initial configuration setting up the NICs and
    assigning the LAN IP to what I want (using static IP) with the keyboard.

    I try to : "move the configuration file to removable device", floppy (fd0) in this case,
    by selecting option 98. I get an error message that quickly blows by.

    **Processing: moving…removing old...linking...done.
    You're configuration has been moved to fd0

    Warning: file_get_contents(/cf/cinf/config.xml): failed to open stream:
    No such file or directory in /etc/inc/config.inc on line 68**

    Question 1a : Is there a way to save the configuration onto floppy like M0n0Wall?
    Question 1b : If not, I'm assuming you need a hard disk or Compact Flash or some other storage solution?

    Reason is because the current firewall that I'm using (non-test box)
    is a really old Pentium 150Mhz with 48MB, using M0n0Wall ver 1.2.

    I just wanna have one box handling 2 ISPs instead of two.
    I don't wish to load balance, but do some manual routing.

    Question 2 : Would pfSense work with this low end hardware?

    Question 3 : I'm a bit of a network newbie and I'm not quite familiar with the way pfSense handles
    Multi-WAN (non load-balancing setup)…Is there a guide to how I go about doing this?

    Network setup currently looks like this…

    ISP 1                          ISP 2
          |                                |
        FW 1                          FW 2
          \                                /
            \                              /
            \                            /
              \                          /
              \                        /
                \                      /
                \                    /
                  \                  /
                  \                /
                  ========
                  |    Switch  |
                  ========
                          |
                          |
                  A bunch of PCs

    FW 1
    WAN : DHCP
    LAN : 192.168.0.1
    Subnet Mask : 255.255.255.0

    FW 2
    WAN : DHCP
    LAN : 192.168.0.2
    Subnet Mask : 255.255.255.0

    PC 1 to 5 (Mainly Windows boxes)
    NIC : 192.168.0.3 to 192.168.0.8
    DNS : (Whatever the ISP 1 or 2 is)
    DNS suffix : (Whatever the ISP 1 or 2 is)

    Any opinions?



  • @Aussie_Bear:

    I try to : "move the configuration file to removable device", floppy (fd0) in this case,
    by selecting option 98. I get an error message that quickly blows by.

    **Processing: moving…removing old...linking...done.
    You're configuration has been moved to fd0

    Warning: file_get_contents(/cf/cinf/config.xml): failed to open stream:
    No such file or directory in /etc/inc/config.inc on line 68**

    Whoops, looks like there are a few typos in config.inc. I'll take care of these when I get home if someone else hasn't already.

    @Aussie_Bear:

    Reason is because the current firewall that I'm using (non-test box)
    is a really old Pentium 150Mhz with 48MB, using M0n0Wall ver 1.2.

    I would suggest picking up a nicer system for this sort of thing - 48MB of RAM is pretty minimal, and you won't get much performance out of something that slow.

    @Aussie_Bear:

    Question 3 : I'm a bit of a network newbie and I'm not quite familiar with the way pfSense handles
    Multi-WAN (non load-balancing setup)…Is there a guide to how I go about doing this?

    I don't run multi-WAN, so I'll punt this to the other developers.



  • I agree with colin, this is pretty low end and at least the ram has to be upgraded but a bit more horsepower is suggested as well. pfSense supports policy based routing, so you can specify what traffic goes out which wan by creating rules for that traffic and selecting the apropriate gateway. You also need a gateway entry at the optional wan interface and correct nat rules.

    I got a howto today about setting up multiwan. I have to review it first and convert it to pdf. Check the tutorial section at pfsense.com from time to time. It should appear there soon.



  • Awesome, thanks for your (and whoever contributed) efforts…
    (Regarding the Multi-WAN situation)

    Well, a few comments on the low-end system.
    It seems to handle pfSense...Just barely.

    Sometimes I get the box killing a process due to "lack of swap space"
    (The WebGUI would load halfway through something and stop...
    But if you refresh, its OK again).

    So yes, I think you need 64MB.
    (pfSense system status screen says about 70% RAM used when under
    load, and 59% when idle).

    48MB RAM is possible, but I don't recommend it.
    I guess I need to hunt for some old EDO or PC66 SDRAM modules.
    (Maybe get a PowerLeap CPU upgrade adaptor to bring this old box
    up to a 400Mhz K6-2 setup?)

    I used the low-end box on a 10Mbit Cable, and it seems fine, as I'm
    getting full speed...Not sure of two 10Mbit lines though...Time will tell.

    A bit of a side question...
    The chipset the mobo has is an Intel 430VX. This does not
    allow for more than 64MB RAM to be cacheable. Its total capacity is 128MB RAM.

    Would this affect pfSense performance if it were to reside in the non-cacheable
    area of memory?

    I'm asking this as I'm not sure how BSD works under this scenario.
    (I know Windows would load into the upper regions when the RAM is non-cacheable
    and this would cause performance issues).

    My other box would be to use an EPIA PD10000…Which would be more
    than enough grunt for what I want to use a multi-wan firewall solution for.


Log in to reply