pfSense on Watchguard M270
-
Be careful using VLAN1. I would try to avoid that if possible.
https://docs.netgate.com/pfsense/en/latest/vlan/security.html#using-the-default-vlan-1Steve
-
@stephenw10
thanks, i will change it -
Hi All,
Could someone with BIOS password for Watchguard M270, please share with me. i've got a Watchguard M270 from eWaste, and keen to have pfsense plus on it.
thanks. -
Hey guys, one more question.
I like to use the M270's WAN on my modem and the PPPoE to connect to the internet.
Generally it works, the pfsense is online. But something is wrong. I can scan for latest versions, I can DNSlookup google, but nothing more. I can not reach servers via ping or visit websites on LAN.
Firewall settings are checked. It might be something different.
Could it has something to do with VLAN setting on the WAN? Can I configure the M270 to have no VLAN on WAN, but VLANs on all LAN ports? -
If DNS lookup from the gui works and returns results from all configured servers you must have two way traffic on WAN. So that implies the switch/vlan settings must be correct.
Are you testing ping from the webgui? What error is shown?
-
This post is deleted! -
Sorry for the late answer.
I really don't know why it was not working. But I tried it out twice again, and now it is fine. In my opinion I did the same, but anyway.One other thing:
In the post from Apr. 16th you, @stephenw10 ,described to use ports as a LAGG. Can somebody let me know, what I have to change in the script, when I like to link port 2 and 3 together?
Finally I need only one VLAN on them, cause I use then the pfsense as the router to connect the ISP via PPPoE and link another main router behind on the LAGG to extend the networks behind.
Maybe this is working well.But I wasn't sure to try it out, because with the script I have, I can add LAGGs to ix0 or ix1 only at the moment. I think that's not a good idea and I may loose connection to the webGUI without doing it correctly.
Thank you
-
Hmm, you want to add a LAGG between switch ports 2 & 3 to some other router? Not a switch?
The NICs in the M270, ix0 and ix1, are connected to switch ports 9 and 10. You can LAGG ix0 and ix1 to the internal switch if you want to but you don't really gain anything by doing so.
The biggest issue is that the internal switch can only do a load-balance LAGG, it cannot do LACP. So that makes it quite limited.
-
Upgraded from 23.05.1 to 23.09 without problems.
Just re-add (from serial console, after update) to /boot/device.hints the lines to load the drivers:
hint.mdio.0.at="ix1"
hint.e6000sw.0.addr=0
hint.e6000sw.0.is6190=1
hint.e6000sw.0.port0disabled=1
hint.e6000sw.0.port9cpu=1
hint.e6000sw.0.port10cpu=1
hint.e6000sw.0.port9speed=2500
hint.e6000sw.0.port10speed=2500 -
Is the solution now not interesting any more for private use, due to the information that the plus licence become no free access any more?
I don't need the plus licence, but there was no solution for the CE one with the M270.
What are your plannings in the next month, WHO written in this post before? -
Currently that's still true. It will only run with Plus because of the requirement for the specially modified ixgbe driver.
But there may be other options.
-
Other options coming or there are some already. Can you give updates about the news here?
-
Nothing yet. If you already had a plus sub it will still be valid though.
-
@stephenw10 How are you guys getting the plus version even installed. I have my M270 with a fresh install of CE 2.7.0. i have IP'S assigned to my WAN and LAN interfaces but since they are not UP, i cant connect to the webgui or ping from my laptop.
With the interfaces being in a down state, how do you upgrade to plus?Thank you in advance,
-
When I did it I installed it in something else first then moved the drive into the m270. Of course that's easier for me as I have numerous other things I can do it with and no issues with upgrading.
If you have a Plus sub already on some other NDI we can probably migrate it to the m270 if/when you move the drive.
Steve
-
@stephenw10 Man i really appreciate you guys help. Ive been looking at you guys post on this for a few weeks. Reading it and rereading them. Trying to understand whats being said and talked about. This is my first time trying this so its COMPLETELY new to me.
So, i dont have another device that i can put the msata drive into upgrade the install to Plus so, i guess Ill have to try the USB dongle route. I looked back over other post about what a "NDI" is and all that, cant say that i completely get it but, Im going down the rabbit hole with this build now. Ill try to connect a dongle in the next few days and see if i can get access to the M270's gui.
IF i do and can get the Plus upgrade done. I guess the next thing would be the "Hints" i keep reading about and interface Scripts. Is there a past post im missing that say's How To create the scripts in Pfsense? I literally have NEVER created one. I see people have shared their Script but, from what ive read you shouldnt just copy the script and save it into Pfsense. So, if theres a past post where someone has listed the commands and steps I would really be grateful.
Thank you guys for sharing your knowledge!
-
You can use the build in Easy Editor ,
ee
, at the command line to create a script.Or, once you have access to the GUI via a USB NIC, just use the included Diag > Edit File function.
-
@stephenw10 Excellent.
I will give that a try and let you know how it goes.
PS, The BIOS password works!!!
-
@stephenw10 For anyone reading this in the future.
I bought a usb to ethernet adapter (two actually) set it to a simple static IP like 192.168.1. 40/24. Pfsense couldn't ping my connected laptop (192.168.1.41/24) and my laptop couldn't ping pfsense. Verified cables were good, both devices could ping THEMSELVES, even switched usb to ethernet adapters and verified mac addresses were seen using arp -a. But, still no pings.
So, from the menu i did a reset. And reconfigured pfsense to be the DHCP server and use the usb to ethernet adapter interface. BINGO, i can ping back and forth. I can also access the gui!
Over first hurdle, now find out how to upgrade to Plus.
Thank you for your help guys/gals.
-
@stephenw10 I think im ready for the next step. I have CE upgraded to Plus. When you guys are adding the hints, are you adding them to the existing hints or replacing them completely with the new hints?