pfSense on Watchguard M270
-
Hi,
I am in the same boat as howdoyouturn69
Was tricked in buying a Watchguard M270 H 'with 3 yr license and support.'
But never got the small print stating this was only valid when you buy a second one.
anyway these are the specs:
Lanner mainboard NCB-WG2511 v.0.5
Intel Denverton C3558 4 cores (64bit)
4GB RAM
16 GB mSATA SD card
8 Netw. ports (assume 2 times quad Intel)
extremely unhappy that as an owner I did not receive the bios password
I bought a second mSATA card 128GB and am able to connect that to my pc
via usb or via SATA 2.5 " disk adapter.
I am strugling a lot to get a working image written to the card
I noticed that the embedded nano image was greyed out
When i use the CD version, i cant get the network cards activated (interfaces down)
And i dont have a console with that, so i cant see what is failing.
If i use the serial image, i am not able to write that as an bootable image to the SD card
Needless to say that the bios is cripled to use a second
device like a usb memory stick, or usb dvd. I am able to connect to the serial console port and use that.
Does anyone know which image i need to use, and how to write it to the msata cd card?
It would help a lot if the serial port or a LAN network port was working.. -
I have one of those thanks to a kind donation.
It will boot pfSense pretty easily, just install to the mSATA (or a different mSATA) in something else then move it back.
If that other thing isn't a serail console device then be sure to enable the serial console in System > Advanced > Admin Access before you shut it down and move the mSATA.
However the bad news here is that all the ports on the M270 are connected via an internal switch. There is no way to configure the switch in a useful way from CE.
I'm still investigating what might be possible as time allows but right now it looks like a non-viable target for pfSense.
Steve
-
That is a pitty, I was convinced that it were just 2 Intel i350-AM4 network interfaces..
https://ark.intel.com/content/www/us/en/ark/products/52966/intel-ethernet-controller-i350-am4.html
But I will dive into that a bit more now. -
I split this into a new topic to avoid confusion.
The C3558 (like all C3K CPUs) is a SoC that includes up to 4 ix NICs and that's what they use:
[2.4.5-RELEASE][admin@m270.stevew.lan]/root: ifconfig -a ix0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=e400bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,VLAN_HWTSO,RXCSUM_IPV6,TXCSUM_IPV6> ether 00:a0:c9:00:00:02 hwaddr 00:a0:c9:00:00:02 inet6 fe80::2a0:c9ff:fe00:2%ix0 prefixlen 64 scopeid 0x1 inet 172.21.16.216 netmask 0xffffff00 broadcast 172.21.16.255 nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL> media: Ethernet autoselect (2500Base-KX <full-duplex,rxpause,txpause>) status: active ix1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=e400bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,VLAN_HWTSO,RXCSUM_IPV6,TXCSUM_IPV6> ether 34:12:78:56:01:03 hwaddr 34:12:78:56:01:03 inet 192.168.216.1 netmask 0xffffff00 broadcast 192.168.216.255 inet6 fe80::1:1%ix1 prefixlen 64 scopeid 0x2 nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL> media: Ethernet autoselect (2500Base-KX <full-duplex,rxpause,txpause>) status: active lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384 options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6> inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0xd inet 127.0.0.1 netmask 0xff000000 nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL> groups: lo enc0: flags=41<UP,RUNNING> metric 0 mtu 1536 nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL> groups: enc pfsync0: flags=0<> metric 0 mtu 1500 groups: pfsync pflog0: flags=100<PROMISC> metric 0 mtu 33160 groups: pflog ipsec1000: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1400 tunnel inet 172.21.16.216 --> 172.21.16.22 inet6 fe80::2a0:c9ff:fe00:2%ipsec1000 prefixlen 64 scopeid 0x11 inet 10.10.41.1 --> 10.10.41.2 netmask 0xfffffffc nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL> reqid: 1000 groups: ipsec
Note the link rate at 2500Base-KX indicates no PHY. It's connected to the switch internally directly.
Steve
-
@stephenw10 我想请教你,你的Watchguard M270现在能使用其他的系统吗?
Edit, translation:
I want to ask you, can your Watchguard M270 use other systems now? -
@stephenw10 我测试了很多种系统网卡都启动不了无法使用。
-
It is possible to run pfSense Plus on the M270. It contains the required switch code and drivers to attach to it. So when that becomes available for 'white box' devices that may be an option for some. It still requires some hackery though. I use a script to setup the switch at boot as the M270 is not recognised as a device that has a switch.
Steve
-
@stephenw10 非常感谢你的回复,有软件下载链接吗请给我个谢谢。。。
-
@haowei said in pfSense on Watchguard M270:
Thank you very much for your reply, is there a software download link, please give me a thank you.
No, not yet. pfSense Plus is planned for release for whitebox devices in the near future but all the pieces to allow that are not yet in place.
Steve
-
@stephenw10 再次感谢你得回复祝福你身体健康万事如意。。
-
@stephenw10 你好再次求教你的M270主板BIOS有解锁或者去掉密码吗?
-
@haowei said in pfSense on Watchguard M270:
Hello again, is there any unlocking or removing the password for your M270 motherboard BIOS?
No, there is no unlocked BIOS available and the password is unknown. Also it probably going to be very difficult to do so since Lanner do not appear to make an equivalent unbranded model.
Steve
-
@stephenw10 技术支持应该快了这是我查到有关信息。https://www.freebsd.org/releases/13.0R/announce/
https://forum.openwrt.org/t/intel-quick-assist-v1-5-drivers-and-openssl-1-1-1e-acceleration-engine-for-19-07-2/58692 -
This is an English language forum, please post in English. Otherwise I have to use Google translate every time.
We already have that in Plus though:
[21.05-RELEASE][admin@m270.stevew.lan]/root: pciconf -lv qat0 qat0@pci0:1:0:0: class=0x0b4000 card=0x00008086 chip=0x19e28086 rev=0x11 hdr=0x00 vendor = 'Intel Corporation' device = 'Atom Processor C3000 Series QuickAssist Technology' class = processor
Steve
-
@stephenw10 Are you running on m270 now?
-
Yes, that is it shown above.
-
@stephenw10 any chance you can share what that setup script looks like? I've got pfsense running no problem but can't get any of the interfaces functioning.
-
The script looks like this:
#!/bin/sh # # Script to setup the switch in the M270 # # SteveW 5/6/2020 # echo "Configuring switch..." logger Configuring switch... etherswitchcfg vlangroup1 vlan 1 members 9 etherswitchcfg vlangroup2 vlan 2 members 3,4,5,6,7,8,10 etherswitchcfg vlangroup3 vlan 3 members 2,4,5,6,7,8,10 etherswitchcfg vlangroup4 vlan 4 members 2,3,5,6,7,8,10 etherswitchcfg vlangroup5 vlan 5 members 2,3,4,6,7,8,10 etherswitchcfg vlangroup6 vlan 6 members 2,3,4,5,7,8,10 etherswitchcfg vlangroup7 vlan 7 members 2,3,4,5,6,8,10 etherswitchcfg vlangroup8 vlan 8 members 2,3,4,5,6,7,10 etherswitchcfg vlangroup9 vlan 9 members 1 etherswitchcfg vlangroup10 vlan 10 members 2,3,4,5,6,7,8 etherswitchcfg port1 forwarding etherswitchcfg port2 forwarding etherswitchcfg port3 forwarding etherswitchcfg port4 forwarding etherswitchcfg port5 forwarding etherswitchcfg port6 forwarding etherswitchcfg port7 forwarding etherswitchcfg port8 forwarding etherswitchcfg port9 forwarding etherswitchcfg port10 forwarding echo "done" logger done
But it will only run in Plus. None of the switch stuff is in CE.
It's still not really perfect there. The required loader hints are lost at upgrade currently.Steve
-
Hey, i bought a Watchgaurd M270 and installed pfsense on a new mSata drive, activated pfsense plus home.
After i stick it in the M270, it boots up but ich can not config the etherswitch.
I get this error:etherswitchcfg: Can't open control file: /dev/etherswitch0: No such file or directory
-
You need the loader hints to create the switch device. Add these lines to /boot/device.hints:
hint.mdio.0.at="ix1" hint.e6000sw.0.addr=0 hint.e6000sw.0.is6190=1 hint.e6000sw.0.port0disabled=1 hint.e6000sw.0.port9cpu=1 hint.e6000sw.0.port10cpu=1 hint.e6000sw.0.port9speed=2500 hint.e6000sw.0.port10speed=2500
Unfortunately as I said those are lost at upgrade. The file handling for the 7100 switch adds/removes those lines when needed and the m270 is not recognised. Been a while since I looked at it though. Might be different in 22.01.
Edit: Nope still removed at upgrade so you need console access to add it back.Steve