Install pfSense on Stormshield SN300
-
Admin Edit: This thread is in English after the 1st post.
Bonjour,
J'ai un Stormshield SN300 dont le firmware est dans la branche 3.7 LTSB.
En consultant quelque topic, j'ai compris que la meilleure façon d'installer Pfsense sur un Netasq / Stormshield était d'enlever le stockage sur lequel est le firmware, d'y installer pfsense et le remettre en place.
J'ai ouvert mon SN300 :
Le stockage (SSD de 2 Go) :
J'ai acheté un modèle équivalent et j'y ai mis pfSense-CE-2.3.5-RELEASE-2g-i386-nanobsd-vga.img avec Win32 Disk Imager.
Le SN300 a réussi à démarré et à se configuré :
Cependant, j'ai n'ai qu'une interface em0
Sur le port série, j'en ai profité pour récolté quelques informations :
[2.3.5-RELEASE][root@pfSense.localdomain]/root: ifconfig -vma em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=4209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC,VLAN_HWTSO> capabilities=539db<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,POLLING,VLAN_HWCSUM,TSO4,WOL_UCAST,WOL_MCAST,WOL_MAGIC,VLAN_HWFILTER,VLAN_HWTSO> ether 00:0d:b4:11:6c:5c hwaddr 00:0d:b4:11:6c:5c inet6 fe80::20d:b4ff:fe11:6c5c%em0 prefixlen 64 scopeid 0x1 nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL> media: Ethernet autoselect status: no carrier supported media: media autoselect media 1000baseT media 1000baseT mediaopt full-duplex media 100baseTX mediaopt full-duplex media 100baseTX media 10baseT/UTP mediaopt full-duplex media 10baseT/UTP pflog0: flags=100<PROMISC> metric 0 mtu 33184 groups: pflog pfsync0: flags=0<> metric 0 mtu 1500 groups: pfsync syncpeer: 224.0.0.240 maxupd: 128 defer: on syncok: 1 lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384 options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6> capabilities=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6> inet 127.0.0.1 netmask 0xff000000 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4 nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL> groups: lo enc0: flags=0<> metric 0 mtu 1536 nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL> groups: enc[2.3.5-RELEASE][root@pfSense.localdomain]/root: pciconf -lv hostb0@pci0:0:0:0: class=0x060000 card=0x04101106 chip=0x04101106 rev=0x80 hdr=0x00 vendor = 'VIA Technologies, Inc.' device = 'VX900 Host Bridge: Host Control' class = bridge subclass = HOST-PCI hostb1@pci0:0:0:1: class=0x060000 card=0x14101106 chip=0x14101106 rev=0x00 hdr=0x00 vendor = 'VIA Technologies, Inc.' device = 'VX900 Error Reporting' class = bridge subclass = HOST-PCI hostb2@pci0:0:0:2: class=0x060000 card=0x24101106 chip=0x24101106 rev=0x00 hdr=0x00 vendor = 'VIA Technologies, Inc.' device = 'VX900 CPU Bus Controller' class = bridge subclass = HOST-PCI hostb3@pci0:0:0:3: class=0x060000 card=0x34101106 chip=0x34101106 rev=0x00 hdr=0x00 vendor = 'VIA Technologies, Inc.' device = 'VX900 DRAM Bus Control' class = bridge subclass = HOST-PCI hostb4@pci0:0:0:4: class=0x060000 card=0x44101106 chip=0x44101106 rev=0x00 hdr=0x00 vendor = 'VIA Technologies, Inc.' device = 'VX900 Power Management and Chip Testing Control' class = bridge subclass = HOST-PCI hostb5@pci0:0:0:5: class=0x060000 card=0x54101106 chip=0x54101106 rev=0x00 hdr=0x00 vendor = 'VIA Technologies, Inc.' device = 'VX900 APIC and Central Traffic Control' class = bridge subclass = HOST-PCI hostb6@pci0:0:0:6: class=0x060000 card=0x64101106 chip=0x64101106 rev=0x00 hdr=0x00 vendor = 'VIA Technologies, Inc.' device = 'VX900 Scratch Registers' class = bridge subclass = HOST-PCI hostb7@pci0:0:0:7: class=0x060000 card=0x74101106 chip=0x74101106 rev=0x00 hdr=0x00 vendor = 'VIA Technologies, Inc.' device = 'VX900 North-South Module Interface Control' class = bridge subclass = HOST-PCI vgapci0@pci0:0:1:0: class=0x030000 card=0x71221106 chip=0x71221106 rev=0x00 hdr=0x00 vendor = 'VIA Technologies, Inc.' device = 'VX900 Graphics [Chrome9 HD]' class = display subclass = VGA pcib1@pci0:0:3:0: class=0x060400 card=0xa4101106 chip=0xa4101106 rev=0x00 hdr=0x01 vendor = 'VIA Technologies, Inc.' device = 'VX900 PCI Express Root Port 0' class = bridge subclass = PCI-PCI pcib2@pci0:0:3:1: class=0x060400 card=0xb4101106 chip=0xb4101106 rev=0x00 hdr=0x01 vendor = 'VIA Technologies, Inc.' device = 'VX900 PCI Express Root Port 1' class = bridge subclass = PCI-PCI pcib3@pci0:0:3:2: class=0x060400 card=0xc4101106 chip=0xc4101106 rev=0x00 hdr=0x01 vendor = 'VIA Technologies, Inc.' device = 'VX900 PCI Express Root Port 2' class = bridge subclass = PCI-PCI pcib4@pci0:0:3:3: class=0x060400 card=0xd4101106 chip=0xd4101106 rev=0x00 hdr=0x01 vendor = 'VIA Technologies, Inc.' device = 'VX900 PCI Express Root Port 3' class = bridge subclass = PCI-PCI hostb8@pci0:0:3:4: class=0x060000 card=0x00000000 chip=0xe4101106 rev=0x00 hdr=0x00 vendor = 'VIA Technologies, Inc.' device = 'VX900 PCI Express Physical Layer Electrical Sub-block' class = bridge subclass = HOST-PCI none0@pci0:0:11:0: class=0x028000 card=0xa4091106 chip=0xa4091106 rev=0x10 hdr=0x00 vendor = 'VIA Technologies, Inc.' device = 'VX855/VX875 USB Device Controller' class = network sdhci_pci0@pci0:0:12:0: class=0x080501 card=0x95d01106 chip=0x95d01106 rev=0x10 hdr=0x00 vendor = 'VIA Technologies, Inc.' device = 'SDIO Host Controller' class = base peripheral subclass = SD host controller atapci0@pci0:0:15:0: class=0x01018f card=0x90011106 chip=0x90011106 rev=0x00 hdr=0x00 vendor = 'VIA Technologies, Inc.' device = 'VX900 Serial ATA Controller' class = mass storage subclass = ATA uhci0@pci0:0:16:0: class=0x0c0300 card=0x30381106 chip=0x30381106 rev=0xa0 hdr=0x00 vendor = 'VIA Technologies, Inc.' device = 'VT82xx/62xx UHCI USB 1.1 Controller' class = serial bus subclass = USB uhci1@pci0:0:16:1: class=0x0c0300 card=0x30381106 chip=0x30381106 rev=0xa0 hdr=0x00 vendor = 'VIA Technologies, Inc.' device = 'VT82xx/62xx UHCI USB 1.1 Controller' class = serial bus subclass = USB uhci2@pci0:0:16:2: class=0x0c0300 card=0x30381106 chip=0x30381106 rev=0xa0 hdr=0x00 vendor = 'VIA Technologies, Inc.' device = 'VT82xx/62xx UHCI USB 1.1 Controller' class = serial bus subclass = USB uhci3@pci0:0:16:3: class=0x0c0300 card=0x30381106 chip=0x30381106 rev=0xa0 hdr=0x00 vendor = 'VIA Technologies, Inc.' device = 'VT82xx/62xx UHCI USB 1.1 Controller' class = serial bus subclass = USB ehci0@pci0:0:16:4: class=0x0c0320 card=0x31041106 chip=0x31041106 rev=0x90 hdr=0x00 vendor = 'VIA Technologies, Inc.' device = 'USB 2.0' class = serial bus subclass = USB isab0@pci0:0:17:0: class=0x060100 card=0x84101106 chip=0x84101106 rev=0x00 hdr=0x00 vendor = 'VIA Technologies, Inc.' device = 'VX900 Bus Control and Power Management' class = bridge subclass = PCI-ISA hostb9@pci0:0:17:7: class=0x060000 card=0xa3531106 chip=0xa3531106 rev=0x00 hdr=0x00 vendor = 'VIA Technologies, Inc.' device = 'VX8xx South-North Module Interface Control' class = bridge subclass = HOST-PCI pcib5@pci0:0:19:0: class=0x060401 card=0xb3531106 chip=0xb3531106 rev=0x00 hdr=0x01 vendor = 'VIA Technologies, Inc.' device = 'VX855/VX875/VX900 PCI to PCI Bridge' class = bridge subclass = PCI-PCI em0@pci0:1:0:0: class=0x020000 card=0x000015bb chip=0x10d38086 rev=0x00 hdr=0x00 vendor = 'Intel Corporation' device = '82574L Gigabit Network Connection' class = network subclass = ethernetJe sais que c'est un problème fréquent en installant pfsense sur un Netasq, mais Est-ce qu'il y a moyen d'avoir les 8 interfaces de fonctionnel ?
En sachant que j'ai testé tous les ports pour voir à quoi correspondait em0 et aucun n'est passé à l'état up.
-
You need to configure the on-board switch. That device is the same as the Netasq U70S I believe.
If you're lucky that device might have a switch with serial console you can access.
Try at the command line:
cu -l cuau1 -s 19200Or:
cu -l cuau1 -s 9600See if the switch is available there.
Steve
-
I forgot to mention that I tried with the serial console.
With:
cu -l /dev/cuau1 -s 19600However, I understood the commands a little, by cons navigation in the menus, ... I understood nothing
I had managed to see the 8 ports.
-
Ah you were able to see the switch console? At 9600 or 19200?
What commands are available?
This is what is on the U250S I have here:
[2.4.5-RELEASE][admin@pfsense.fire.box]/root: cu -l cuau1 -s 19200 Connected General Commands: ----------------- Help/?: Get help on a group or a specific command Up : Move one command level up Logout: Exit CLI Command Groups: --------------- System : System settings and reset options IP : IP configuration and Ping Port : Port management MAC : MAC address table VLAN : Virtual LAN PVLAN : Private VLAN Security : Security management STP : Spanning Tree Protocol Aggr : Link Aggregation LACP : Link Aggregation Control Protocol LLDP : Link Layer Discovery Protocol EEE : Energy Efficient Ethernet QoS : Quality of Service Mirror : Port mirroring Config : Load/Save of configuration via TFTP Firmware : Download of firmware via TFTP Loop Protect: Loop Protection IPMC : MLD/IGMP Snooping Debug : Switch debug facilities Type '<group>' to enter command group, e.g. 'port'. Type '<group> ?' to get list of group commands, e.g. 'port ?'. Type '<command> ?' to get help on a command, e.g. 'port mode ?'. Commands may be abbreviated, e.g. 'por co' instead of 'port configuration'. >Steve
-
I was able to open the switching console at 19200 and here are the commands available
[2.3.5-RELEASE][root@pfSense.localdomain]/root: cu -l cuau1 -s 19200 Connected General Commands: ----------------- Help/?: Get help on a group or a specific command Up : Move one command level up Logout: Exit CLI Command Groups: --------------- System : System settings and reset options IP : IP configuration and Ping Port : Port management MAC : MAC address table VLAN : Virtual LAN PVLAN : Private VLAN Security : Security management STP : Spanning Tree Protocol Aggr : Link Aggregation LACP : Link Aggregation Control Protocol LLDP : Link Layer Discovery Protocol EEE : Energy Efficient Ethernet QoS : Quality of Service Mirror : Port mirroring Config : Load/Save of configuration via TFTP Firmware : Download of firmware via TFTP Loop Protect: Loop Protection IPMC : MLD/IGMP Snooping Debug : Switch debug facilities Type '<group>' to enter command group, e.g. 'port'. Type '<group> ?' to get list of group commands, e.g. 'port ?'. Type '<command> ?' to get help on a command, e.g. 'port mode ?'. Commands may be abbreviated, e.g. 'por co' instead of 'port configuration'. -
Ok, looks identical to the U250S. If you run
system rebootthere you will see the bootlog for the switch which contains the model and version etc.You need to enable the ports. You can check the mode and state with, for example:
>port conf Port Configuration: =================== Port State Mode Flow Control MaxFrame Power Excessive Link ---- -------- ----------- ------------ -------- -------- --------- ---- 1 Enabled Auto Disabled 9600 Disabled Discard 100fdx 2 Enabled Auto Disabled 9600 Disabled Discard 1Gfdx 3 Enabled Auto Disabled 9600 Disabled Discard Down 4 Enabled Auto Disabled 9600 Disabled Discard 1Gfdx 5 Enabled Auto Disabled 9600 Disabled Discard Down 6 Enabled Auto Disabled 9600 Disabled Discard 1Gfdx 7 Enabled Auto Disabled 9600 Disabled Discard Down 8 Enabled Auto Disabled 9600 Disabled Discard Down 9 Enabled Auto Disabled 9600 Disabled Discard Down 10 Enabled Auto Disabled 9600 Disabled Discard Down 11 Enabled Auto Disabled 9600 Disabled Discard 1Gfdx 12 Enabled Auto Disabled 9600 Disabled Discard 100fdx 13 Enabled 1Gfdx Disabled 9600 Disabled Discard 1Gfdx 14 Enabled 1Gfdx Disabled 9600 Disabled Discard 1GfdxYou probably need to enable some, or all, For example
port state 7-9 enable.You will probably also want to configure some VLANs so you can use the ports as separate interfaces:
>vlan conf VLAN Configuration: =================== Port PVID Frame Type Ingress Filter Tx Tag Port Type ---- ---- ---------- -------------- ---------- ------------- 1 101 Untagged Disabled Untag All S-Port 2 102 Untagged Disabled Untag All S-Port 3 103 Untagged Disabled Untag All S-Port 4 103 Untagged Disabled Untag All S-Port 5 104 Untagged Disabled Untag All S-Port 6 104 Untagged Disabled Untag All S-Port 7 104 Untagged Disabled Untag All S-Port 8 104 Untagged Disabled Untag All S-Port 9 104 Untagged Disabled Untag All S-Port 10 104 Untagged Disabled Untag All S-Port 11 105 Untagged Disabled Untag All S-Port 12 105 Untagged Disabled Untag All S-Port 13 None Tagged Disabled Tag All C-Port 14 None Tagged Disabled Tag All C-Port VID VLAN Name Ports ---- -------------------------------- ----- 101 WAN1 1,13,14 102 WAN2 2,13,14 103 LAN1 3,4,13,14 104 LAN2 5-10,13,14 105 WIFI1 11-14 VID VLAN Name Ports ---- -------------------------------- ----- VLAN forbidden table is emptyI just noticed you're running 32bit 2.3.5 Nano. Is that not a 64bit CPU in the U70S/SN300? You should definitely install 2.4.5p1 if so.
Steve
-
I understand better the switch console commands
I activated my interfaces
>port configuration Port Configuration: =================== Port State Mode Flow Control MaxFrame Power Excessive Link ---- -------- ----------- ------------ -------- -------- --------- ---- 1 Disabled Auto Enabled 9600 Disabled Discard Down 2 Disabled Auto Enabled 9600 Disabled Discard Down 3 Disabled Auto Enabled 9600 Disabled Discard Down 4 Disabled Auto Enabled 9600 Disabled Discard Down 5 Disabled Auto Enabled 9600 Disabled Discard Down 6 Disabled Auto Enabled 9600 Disabled Discard Down 7 Disabled Auto Enabled 9600 Disabled Discard Down 8 Disabled Auto Enabled 9600 Disabled Discard Down 9 Disabled 1Gfdx Disabled 9600 Disabled Discard DownPort>state 1-9 enablePort>configuration Port Configuration: =================== Port State Mode Flow Control MaxFrame Power Excessive Link ---- -------- ----------- ------------ -------- -------- --------- ---- 1 Enabled Auto Enabled 9600 Disabled Discard Down 2 Enabled Auto Enabled 9600 Disabled Discard Down 3 Enabled Auto Enabled 9600 Disabled Discard Down 4 Enabled Auto Enabled 9600 Disabled Discard Down 5 Enabled Auto Enabled 9600 Disabled Discard Down 6 Enabled Auto Enabled 9600 Disabled Discard Down 7 Enabled Auto Enabled 9600 Disabled Discard Down 8 Enabled Auto Enabled 9600 Disabled Discard Down 9 Enabled 1Gfdx Disabled 9600 Disabled Discard 1GfdxI did the IP configuration
IP>configuration IP Configuration: ================= DHCP Client : Disabled IP Address : 0.0.0.0 IP Mask : 0.0.0.0 IP Router : 0.0.0.0 VLAN ID : 1 SNTP Server :IP>setup 192.168.1.254 255.255.255.0 192.168.1.1IP Configuration: ================= DHCP Client : Disabled IP Address : 192.168.1.254 IP Mask : 255.255.255.0 IP Router : 192.168.1.1 VLAN ID : 1 SNTP Server :Here is the configuration of the Vlans
VLAN>configuration VLAN Configuration: =================== Port PVID Frame Type Ingress Filter Tx Tag Port Type ---- ---- ---------- -------------- ---------- ------------- 1 1 All Disabled Untag PVID Unaware 2 2 All Disabled Untag PVID Unaware 3 3 All Disabled Untag PVID Unaware 4 4 All Disabled Untag PVID Unaware 5 5 All Disabled Untag PVID Unaware 6 6 All Disabled Untag PVID Unaware 7 7 All Disabled Untag PVID Unaware 8 8 All Disabled Untag PVID Unaware 9 None Tagged Disabled Untag PVID C-Port VID VLAN Name Ports ---- -------------------------------- ----- 1 default 1,9 2 2,9 3 3,9 4 4,9 5 5,9 6 6,9 7 7,9 8 8,9 VID VLAN Name Ports ---- -------------------------------- ----- VLAN forbidden table is emptyVLAN>pvid 1-9 1VLAN>configuration VLAN Configuration: =================== Port PVID Frame Type Ingress Filter Tx Tag Port Type ---- ---- ---------- -------------- ---------- ------------- 1 1 All Disabled Untag PVID Unaware 2 1 All Disabled Untag PVID Unaware 3 1 All Disabled Untag PVID Unaware 4 1 All Disabled Untag PVID Unaware 5 1 All Disabled Untag PVID Unaware 6 1 All Disabled Untag PVID Unaware 7 1 All Disabled Untag PVID Unaware 8 1 All Disabled Untag PVID Unaware 9 1 Tagged Disabled Untag PVID C-Port VID VLAN Name Ports ---- -------------------------------- ----- 1 default 1,9 2 2,9 3 3,9 4 4,9 5 5,9 6 6,9 7 7,9 8 8,9 VID VLAN Name Ports ---- -------------------------------- ----- VLAN forbidden table is emptyHere is an overview of starting pfsense
Consoles: internal video/keyboard serial port BIOS drive C: is disk0 BIOS 636kB/1039040kB available memory FreeBSD/x86 bootstrap loader, Revision 1.1 (root@ce23-i386-builder, Tue Oct 24 04:52:46 CDT 2017) Loading /boot/defaults/loader.conf / __ _ __ / _|___ ___ _ __ ___ ___ | '_ \| |_/ __|/ _ \ '_ \/ __|/ _ \ | |_) | _\__ \ __/ | | \__ \ __/ | .__/|_| |___/\___|_| |_|___/\___| |_| +============Welcome to pfSense===========+ __________________________ | | / ___\ | 1. Boot Multi User [Enter] | | /` | 2. Boot [S]ingle User | | / :-| | 3. [Esc]ape to loader prompt | | _________ ___/ /_ | | 4. Reboot | | /` ____ / /__ ___/ | | | | / / / / / / | | Options: | | / /___/ / / / | | 5. [K]ernel: kernel (1 of 2) | | / ______/ / / | | 6. Configure Boot [O]ptions... | |/ / / / | | | / /___/ | | | / | | | /_________________________/ +=========================================+ /boot/kernel/kernel text=0x1249860 data=0x8512e8+0x16c788 syms=[0x4+0xf7680+0x4+0x16ffd0] Booting... KDB: debugger backends: ddb KDB: current backend: ddb Copyright (c) 1992-2016 The FreeBSD Project. Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994 The Regents of the University of California. All rights reserved. FreeBSD is a registered trademark of The FreeBSD Foundation. FreeBSD 10.3-RELEASE-p22 #0 352658d6e(RELENG_2_3): Tue Oct 24 05:24:53 CDT 2017 root@ce23-i386-builder:/builder/pfsense-235/tmp/obj/builder/pfsense-235/tmp/FreeBSD-src/sys/pfSense_wrap_vga i386 FreeBSD clang version 3.4.1 (tags/RELEASE_34/dot1-final 208032) 20140512 CPU: VIA Nano U3500@1000MHz (1000.06-MHz 686-class CPU) Origin="CentaurHauls" Id=0x6fa Family=0x6 Model=0xf Stepping=10 Features=0xafc9fbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CLFLUSH,ACPI,MMX,FXSR,SSE,SSE2,SS,TM,PBE> Features2=0x8863a9<SSE3,MON,VMX,EST,TM2,SSSE3,CX16,xTPR,SSE4.1,POPCNT> AMD Features=0x20100800<SYSCALL,NX,LM> AMD Features2=0x1<LAHF> VIA Padlock Features=0x1ec33dcc<RNG,AES,AES-CTR,SHA1,SHA256,RSA> VT-x: HLT,PAUSE TSC: P-state invariant real memory = 1073741824 (1024 MB) avail memory = 1008295936 (961 MB) Event timer "LAPIC" quality 400 ACPI APIC Table: <050114 APIC1019> random: <Software, Yarrow> initialized ioapic0 <Version 0.3> irqs 0-23 on motherboard ioapic1 <Version 0.3> irqs 24-47 on motherboard wlan: mac acl policy registered ipw_bss: You need to read the LICENSE file in /usr/share/doc/legal/intel_ipw/. ipw_bss: If you agree with the license, set legal.intel_ipw.license_ack=1 in /boot/loader.conf. module_register_init: MOD_LOAD (ipw_bss_fw, 0xc0817700, 0) error 1 ipw_ibss: You need to read the LICENSE file in /usr/share/doc/legal/intel_ipw/. ipw_ibss: If you agree with the license, set legal.intel_ipw.license_ack=1 in /boot/loader.conf. module_register_init: MOD_LOAD (ipw_ibss_fw, 0xc08177b0, 0) error 1 ipw_monitor: You need to read the LICENSE file in /usr/share/doc/legal/intel_ipw/. ipw_monitor: If you agree with the license, set legal.intel_ipw.license_ack=1 in /boot/loader.conf. module_register_init: MOD_LOAD (ipw_monitor_fw, 0xc0817860, 0) error 1 iwi_bss: You need to read the LICENSE file in /usr/share/doc/legal/intel_iwi/. iwi_bss: If you agree with the license, set legal.intel_iwi.license_ack=1 in /boot/loader.conf. module_register_init: MOD_LOAD (iwi_bss_fw, 0xc083f250, 0) error 1 iwi_ibss: You need to read the LICENSE file in /usr/share/doc/legal/intel_iwi/. iwi_ibss: If you agree with the license, set legal.intel_iwi.license_ack=1 in /boot/loader.conf. module_register_init: MOD_LOAD (iwi_ibss_fw, 0xc083f300, 0) error 1 iwi_monitor: You need to read the LICENSE file in /usr/share/doc/legal/intel_iwi/. iwi_monitor: If you agree with the license, set legal.intel_iwi.license_ack=1 in /boot/loader.conf. module_register_init: MOD_LOAD (iwi_monitor_fw, 0xc083f3b0, 0) error 1 kbd1 at kbdmux0 cryptosoft0: <software crypto> on motherboard padlock0: <AES-CBC,SHA1,SHA256> on motherboard acpi0: <050114 XSDT1019> on motherboard acpi0: Power Button (fixed) cpu0: <ACPI CPU> on acpi0 attimer0: <AT timer> port 0x40-0x43 on acpi0 Timecounter "i8254" frequency 1193182 Hz quality 0 Event timer "i8254" frequency 1193182 Hz quality 100 atrtc0: <AT realtime clock> port 0x70-0x71 on acpi0 Event timer "RTC" frequency 32768 Hz quality 0 hpet0: <High Precision Event Timer> iomem 0xfed00000-0xfed003ff irq 0,8 on acpi0 Timecounter "HPET" frequency 14318180 Hz quality 950 Event timer "HPET" frequency 14318180 Hz quality 450 Event timer "HPET1" frequency 14318180 Hz quality 450 Event timer "HPET2" frequency 14318180 Hz quality 450 Timecounter "ACPI-fast" frequency 3579545 Hz quality 900 acpi_timer0: <24-bit timer at 3.579545MHz> port 0x808-0x80b on acpi0 pcib0: <ACPI Host-PCI bridge> port 0xcf8-0xcff on acpi0 pci0: <ACPI PCI bus> on pcib0 vgapci0: <VGA-compatible display> mem 0xfd000000-0xfdffffff,0xfc000000-0xfcffffff,0xf9800000-0xf9ffffff irq 40 at device 1.0 on pci0 vgapci0: Boot video device pcib1: <ACPI PCI-PCI bridge> irq 27 at device 3.0 on pci0 pci1: <ACPI PCI bus> on pcib1 em0: <Intel(R) PRO/1000 Network Connection 7.6.1-k> port 0xdc00-0xdc1f mem 0xfebe0000-0xfebfffff,0xfebdc000-0xfebdffff irq 24 at device 0.0 on pci1 em0: Using MSIX interrupts with 3 vectors em0: Ethernet address: 00:0d:b4:11:6c:5c pcib2: <ACPI PCI-PCI bridge> irq 31 at device 3.1 on pci0 pci2: <ACPI PCI bus> on pcib2 pcib3: <ACPI PCI-PCI bridge> irq 35 at device 3.2 on pci0 pci3: <ACPI PCI bus> on pcib3 pcib4: <ACPI PCI-PCI bridge> irq 39 at device 3.3 on pci0 pci5: <ACPI PCI bus> on pcib4 pci0: <network> at device 11.0 (no driver attached) sdhci_pci0: <Generic SD HCI> port 0xcc00-0xcc07 mem 0xfeaef400-0xfeaef4ff irq 22 at device 12.0 on pci0 sdhci_pci0: 1 slot(s) allocated atapci0: <VIA VX900 SATA300 controller> port 0xc880-0xc887,0xc800-0xc803,0xc480-0xc487,0xc400-0xc403,0xc080-0xc08f irq 21 at device 15.0 on pci0 ata2: <ATA channel> at channel 0 on atapci0 ata3: <ATA channel> at channel 1 on atapci0 uhci0: <VIA 83C572 USB controller> port 0xc000-0xc01f irq 20 at device 16.0 on pci0 usbus0 on uhci0 uhci1: <VIA 83C572 USB controller> port 0xbc00-0xbc1f irq 22 at device 16.1 on pci0 usbus1 on uhci1 uhci2: <VIA 83C572 USB controller> port 0xb880-0xb89f irq 21 at device 16.2 on pci0 usbus2 on uhci2 uhci3: <VIA 83C572 USB controller> port 0xb800-0xb81f irq 23 at device 16.3 on pci0 usbus3 on uhci3 ehci0: <VIA VT6202 USB 2.0 controller> mem 0xfeaef000-0xfeaef0ff irq 23 at device 16.4 on pci0 usbus4: EHCI version 1.0 usbus4 on ehci0 isab0: <PCI-ISA bridge> at device 17.0 on pci0 isa0: <ISA bus> on isab0 pcib5: <ACPI PCI-PCI bridge> at device 19.0 on pci0 pci6: <ACPI PCI bus> on pcib5 acpi_button0: <Sleep Button> on acpi0 acpi_button1: <Power Button> on acpi0 acpi_tz0: <Thermal Zone> on acpi0 acpi_tz1: <Thermal Zone> on acpi0 acpi_acad0: <AC Adapter> on acpi0 uart0: <16550 or compatible> port 0x3f8-0x3ff irq 4 flags 0x10 on acpi0 uart0: console (115200,n,8,1) uart1: <16550 or compatible> port 0x2f8-0x2ff irq 3 on acpi0 pmtimer0 on isa0 sc0: <System console> at flags 0x100 on isa0 sc0: VGA <16 virtual consoles, flags=0x300> vga0: <Generic ISA VGA> at port 0x3c0-0x3df iomem 0xa0000-0xbffff on isa0 ata0: <ATA channel> at port 0x1f0-0x1f7,0x3f6 irq 14 on isa0 ata1: <ATA channel> at port 0x170-0x177,0x376 irq 15 on isa0 atkbdc0: <Keyboard controller (i8042)> at port 0x60,0x64 on isa0 atkbd0: <AT Keyboard> irq 1 on atkbdc0 kbd0 at atkbd0 atkbd0: [GIANT-LOCKED] ppc0: parallel port not found. est0: <Enhanced SpeedStep Frequency Control> on cpu0 est: CPU supports Enhanced Speedstep, but is not recognized. est: cpu_vendor CentaurHauls, msr 8460a4608000a4a device_attach: est0 attach returned 6 Timecounters tick every 1.000 msec random: unblocking device. usbus0: 12Mbps Full Speed USB v1.0 usbus1: 12Mbps Full Speed USB v1.0 usbus2: 12Mbps Full Speed USB v1.0 usbus3: 12Mbps Full Speed USB v1.0 ugen0.1: <VIA> at usbus0 uhub0: <VIA UHCI root HUB, class 9/0, rev 1.00/1.00, addr 1> on usbus0 ugen1.1: <VIA> at usbus1 uhub1: <VIA UHCI root HUB, class 9/0, rev 1.00/1.00, addr 1> on usbus1 ugen2.1: <VIA> at usbus2 uhub2: <VIA UHCI root HUB, class 9/0, rev 1.00/1.00, addr 1> on usbus2 ugen3.1: <VIA> at usbus3 uhub3: <VIA UHCI root HUB, class 9/0, rev 1.00/1.00, addr 1> on usbus3 usbus4: 480Mbps High Speed USB v2.0 ugen4.1: <VIA> at usbus4 uhub4: <VIA EHCI root HUB, class 9/0, rev 2.00/1.00, addr 1> on usbus4 uhub0: 2 ports with 2 removable, self powered uhub1: 2 ports with 2 removable, self powered uhub2: 2 ports with 2 removable, self powered uhub3: 2 ports with 2 removable, self powered ada0 at ata2 bus 0 scbus0 target 1 lun 0 ada0: <2GB ATA Flash Disk AD B512D> ATA-6 SATA 1.x device ada0: Serial Number C361008934A10xA91Djd ada0: 150.000MB/s transfers (SATA 1.x, UDMA4, PIO 512bytes) ada0: 1953MB (4000752 512 byte sectors) ada0: Previously was known as ad5 Timecounter "TSC" frequency 1000060250 Hz quality 1000 uhub4: 8 ports with 8 removable, self powered Trying to mount root from ufs:/dev/ufs/pfsense0 [ro,sync,noatime]... WARNING: / was not properly dismounted Configuring crash dumps... /dev/ufs/pfsense0: 16122 files, 921135 used, 938223 free (2071 frags, 117019 blocks, 0.1% fragmentation) /dev/ufs/cf: FREE BLK COUNT(S) WRONG IN SUPERBLK (SALVAGED) /dev/ufs/cf: SUMMARY INFORMATION BAD (SALVAGED) /dev/ufs/cf: BLK(S) MISSING IN BIT MAPS (SALVAGED) /dev/ufs/cf: 16 files, 1310 used, 99745 free (33 frags, 12464 blocks, 0.0% fragmentation) Filesystems are clean, continuing... Mounting filesystems... Setting up memory disks... done. Disabling APM on /dev/ad5How to leave the serial connection to return to pfsense?
Otherwise the ports are activated when a cable is connected, but I do not have web access
-
@FaceOfHorroOds said in Installer Pfsense Stormshield SN300:
CPU: VIA Nano U3500@1000MHz
Ok well the performance is not going to be very special.... but it is a 64bit CPU so you should be using 2.4.5p1 there.
https://en.wikipedia.org/wiki/List_of_VIA_Nano_microprocessors#%22Nano_3000%22_series_(65nm)[12][13]There is no need to configure an IP on the switch. I was never able to connect to it that way but you probably don't want it available there anyway. It would be very easy to expose it to the WAN which you don't want.
You will need to configure at least two VLANs (or one VLAN and untagged) in order to have two interfaces to route between. You will be configuring as 'router-on-a-stick' with the switch providing the VLAN access ports.
To escape the console session to the switch enter:
~~.Steve
-
How to install pfsense 2.4.5p1 without the nanobsd-vga.img?
I tried with pfSense-CE-memstick-2.4.5-RELEASE-p1-amd64.img, but it seems to be a live boot
Booting with pfSense-CE-memstick-2.4.5-RELEASE-p1-amd64.img via a USB key seems impossible.
All configuration is done via the serial console of the switch? in
cu -l cuau1 -s 19200Otherwise, I changed the memory from 1 GB to 2 GB
-
When I installed the U250S I installed pfSense on a different machine and than moved the drive back into it.
I could not make it boot from USB there either it appears to be locked in the BIOS.Yes, all the switch config is done via the internal serial connection. I tried again yesterday out of curiosity and although the switch is able to get an IP and connect on the correct VLAN it does not respond to ssh/telnet/http(s).
I believe the Stormshield/Netasq OS is FreeBSD based and they upstreamed code for the etherswitch framework but sadlu not for this switch for whatever reason.
E.g. https://github.com/pfsense/FreeBSD-src/commit/63843c9be40aba2fb7e803960fb7d4fcee1d3eeb#diff-2c6515420922ed8e8d8f0cf43c645431Steve
-
When I installed the U250S I installed pfSense on a different machine and than moved the drive back into it.I already did and I just did it again.
I connected the 2 GB SSD to a SATA to USB adapter
I start on Pfsense with my Zalman VE300, select the 2GB SSD with partition in MBR, access commands and and I execute the command
poweroffI put the SSD back in the Stormshield, I start it, I have the Stormshield logo, then a black screen with the blinking cursor
_I have nothing via the console port.
I use the file : pfSense-CE-2.4.5-RELEASE-p1-amd64.iso
-
I installed in another device with a serial console using the serial memstick image.
But if you install on something from ISO you would have to first enable the serial console before you swap the SATA module back.Steve
-
Here's a return,
I managed to install pfsense 2.4.5 x64 last night.
The problem probably came from start-up mode (Legacy / UEFI).
On the PC, I forced the start of the installation of pfsense in legacy.
Pfsense has also started and I did a little configuration in
cu -l cuau1 -s 19200SN300:/>port conf Port Configuration: =================== Port State Mode Flow Control MaxFrame Power Excessive Link ---- -------- ----------- ------------ -------- -------- --------- ---- 1 Enabled Auto Enabled 9600 Disabled Discard 1Gfdx 2 Enabled Auto Enabled 9600 Disabled Discard Down 3 Enabled Auto Enabled 9600 Disabled Discard Down 4 Enabled Auto Enabled 9600 Disabled Discard Down 5 Enabled Auto Enabled 9600 Disabled Discard Down 6 Enabled Auto Enabled 9600 Disabled Discard Down 7 Enabled Auto Enabled 9600 Disabled Discard Down 8 Enabled Auto Enabled 9600 Disabled Discard Down 9 Enabled 1Gfdx Disabled 9600 Disabled Discard 1GfdxSN300:/>vlan config VLAN Configuration: =================== Port PVID Frame Type Ingress Filter Tx Tag Port Type ---- ---- ---------- -------------- ---------- ------------- 1 1 Untagged Disabled Untag PVID Unaware 2 1 Untagged Disabled Untag PVID Unaware 3 1 Untagged Disabled Untag PVID Unaware 4 1 Untagged Disabled Untag PVID Unaware 5 1 Untagged Disabled Untag PVID Unaware 6 1 Untagged Disabled Untag PVID Unaware 7 1 Untagged Disabled Untag PVID Unaware 8 1 Untagged Disabled Untag PVID Unaware 9 1 Untagged Disabled Untag PVID C-Port VID VLAN Name Ports ---- -------------------------------- ----- 1 default 1-9 VID VLAN Name Ports ---- -------------------------------- ----- VLAN forbidden table is empty[2.4.5-RELEASE][admin@pfsense-SN300A.home]/root: ifconfig -vma em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC> capabilities=15399b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO4,WOL_UCAST,WOL_MCAST,WOL_MAGIC,VLAN_HWFILTER,VLAN_HWTSO,NETMAP> ether 00:0d:b4:11:6c:5c hwaddr 00:0d:b4:11:6c:5c inet6 fe80::20d:b4ff:fe11:6c5c%em0 prefixlen 64 scopeid 0x1 inet 192.168.1.254 netmask 0xffffff00 broadcast 192.168.1.255 nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL> media: Ethernet autoselect (1000baseT <full-duplex>) status: active supported media: media autoselect media 1000baseT media 1000baseT mediaopt full-duplex media 100baseTX mediaopt full-duplex media 100baseTX media 10baseT/UTP mediaopt full-duplex media 10baseT/UTP lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384 options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6> capabilities=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6> inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2 inet 127.0.0.1 netmask 0xff000000 nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL> groups: lo enc0: flags=0<> metric 0 mtu 1536 nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL> groups: enc pfsync0: flags=0<> metric 0 mtu 1500 groups: pfsync pflog0: flags=100<PROMISC> metric 0 mtu 33160 groups: pflog -
With that config you should be able to connect to pfSense in the one address it has. All 9 ports are in vlan1, it's configured like an unmanaged switch.
But you probably want to configure at least 2 VLANs so you van have, for example, WAN on port1 and LAN on ports 2-8.
Or you could have 8 VLANs with each port configured separately.
Steve
-
I'm back !
I successfully installed the image "pfSense-CE-memstick-2.4.3-RELEASE-amd64.img" with rufus on storage and still have a network port detected
-
I put back the version "pfSense-CE-memstick-2.4.5-RELEASE-p1-amd64.img" however the command "~~" does not work to exit the serial port
-
The escape command is
~~.To escape just the local console session it would be
~.but you are in a session inside that.You really need to be on the current version.
Steve
-
I already tried and it doesn't work
[2.4.5-RELEASE][admin@pfsense-SN300A.home]/root: cu -l cuau1 -s 19200 Stale lock on cuau1 PID=80957... overriding. Connected General Commands: ----------------- Help/?: Get help on a group or a specific command Up : Move one command level up Logout: Exit CLI Command Groups: --------------- System : System settings and reset options IP : IP configuration and Ping Port : Port management MAC : MAC address table VLAN : Virtual LAN PVLAN : Private VLAN Security : Security management STP : Spanning Tree Protocol Aggr : Link Aggregation LACP : Link Aggregation Control Protocol LLDP : Link Layer Discovery Protocol EEE : Energy Efficient Ethernet QoS : Quality of Service Mirror : Port mirroring Config : Load/Save of configuration via TFTP Firmware : Download of firmware via TFTP Loop Protect: Loop Protection IPMC : MLD/IGMP Snooping Debug : Switch debug facilities Type '<group>' to enter command group, e.g. 'port'. Type '<group> ?' to get list of group commands, e.g. 'port ?'. Type '<command> ?' to get help on a command, e.g. 'port mode ?'. Commands may be abbreviated, e.g. 'por co' instead of 'port configuration'. >~~. Invalid command >~~ Invalid command >~. Invalid command -
I said nothing, in copy / paste it works with
~.>~. Invalid command >~ [EOT] [2.4.5-RELEASE][admin@pfsense-SN300A.home]/root: ~. -
Hmm, weird. I will say the terminal only looks for escape characters immediately following a return. I usually hit return a couple of time before ending it to be sure.
Steve
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.