pfSense on Watchguard M270
-
When the switch is powered on it comes up with all the ports disabled by default. That's how the switch chip has been configured in hardware.
There are several way to run a script. As discussed above I use a shellcmd to do it.
-
@stephenw10 I created a file with the script that was given before, but it gives me the above problem when I want to run the command. could you (if you are able) write how it is formed exactly and started, I looked for it on the forum but I didn't succeed. Thank you
-
It depends where the script is and what it's named. But here I would use:
[23.05-RELEASE][admin@6100.stevew.lan]/root: ls .cshrc .k5login .profile .ssh backup switch_config.sh .hushlogin .login .shrc .tcshrc realtek-re-kmod-197.00.pkg [23.05-RELEASE][admin@6100.stevew.lan]/root: chmod +x switch_config.sh [23.05-RELEASE][admin@6100.stevew.lan]/root: ls .cshrc .k5login .profile .ssh backup switch_config.sh .hushlogin .login .shrc .tcshrc realtek-re-kmod-197.00.pkg
-
@stephenw10
thank you for the explanation, i will run the skript while booting -
i have done the boot precedure alsow with cron, and run the sript with an crontab
*corntab -e
@reboot /usr/local/bin/setup_switch.sh*
an it runs :)
the most tricky thing was the commands of the vi-editor in the crontab :(for all who arn't using vi-editor (like me):
(i ... for text input | ESC ... for changing to commandline | w: ... for write out | x: ... for exit the Vi-editor) -
For mere mortals like most of us use the included EasyEditor
ee
.Or for cron just install the cron package and use the gui.
-
@stephenw10
i tried arround now for a while, the skript with the WAN and the LAN on all ports works realy fine.the thing with the vlan_mode DOT1Q and the diferent Vlans on the Ports does not.
i've tried it with the Skripft from aboth + the forwarding part, but i don't get an IP (DHCP) on the WAN, when i activate DHCP-server on the LAN - WAN will get the IP from the LAN-DHCP ??the DHCPs on the LAN and OPT-Lans does not work.
wthat i've done wrong?
-
What does your script contain?
How are the interfaces configured?
-
This post is deleted! -
@reiter_f said in pfSense on Watchguard M270:
WAN (wan) -> ix0 -> v4/DHCP4: 192.168.2.102/24
LAN (lan) -> ix1.1 -> v4: 192.168.2.1/24Whatever was configured at that point it's a subnet conflict between WAN and LAN.
-
i have found the mistake :) ...
i deleted all the interfaces and made them new ix1.### ( ### are now the same number as the Vlans from the skript )
now i can use all seperate Ports with seperate Vlans ...
(WAN-DHCP dosen't work but i think i'll start the config again with cloneing my disk from my hyper-V setup)
-
I started the setup now new. the mistake of the WAN DHCP was that i did not to the WAN interface in the VLAN (ix0.###) now every thing works.
thank you for our support, now i'll be able to change all M270s to PFsense.
if it would help someone ... this was my skript, it run while booting in crontab
/usr/local/bin/setup_switch.sh
#!/bin/sh # # Script to setup the switch in the M270 # echo "Congifguring switch ... " logger Configuring switch ... etherswitchcfg config vlan_mode DOT1Q etherswitchcfg vlangroup0 vlan 1 members 1,9t etherswitchcfg vlangroup1 vlan 101 members 2,10t etherswitchcfg vlangroup2 vlan 102 members 3,10t etherswitchcfg vlangroup3 vlan 103 members 4,10t etherswitchcfg vlangroup4 vlan 104 members 5,10t etherswitchcfg vlangroup5 vlan 105 members 6,10t etherswitchcfg vlangroup6 vlan 106 members 7,10t etherswitchcfg vlangroup7 vlan 107 members 8,10t etherswitchcfg port1 pvid 1 etherswitchcfg port2 pvid 101 etherswitchcfg port3 pvid 102 etherswitchcfg port4 pvid 103 etherswitchcfg port5 pvid 104 etherswitchcfg port6 pvid 105 etherswitchcfg port7 pvid 106 etherswitchcfg port8 pvid 107 etherswitchcfg port1 forwarding etherswitchcfg port2 forwarding etherswitchcfg port3 forwarding etherswitchcfg port4 forwarding etherswitchcfg port5 forwarding etherswitchcfg port6 forwarding etherswitchcfg port7 forwarding etherswitchcfg port8 forwarding etherswitchcfg port9 forwarding etherswitchcfg port10 forwarding echo "done" logger done
then i've done the " 1) Assing Interfaces" - configuration
with creating on ix0 the Vlan 1 (ix0.1), on ix1 the Vlans 101-107 (ix1.101, ... ,ix1.107)
(finisching without selecting/using the ix0 and ix1)
and at last " 2) Setup interface(s) IP adress"*** Welcome to Netgate pfSense Plus 23.05-RELEASE (amd64) on pfSense *** WAN (wan) -> ix0.1 -> v4/DHCP4: 192.168.16.58/24 LAN (lan) -> ix1.101 -> v4: 192.168.2.1/24 OPT1 (opt1) -> ix1.102 -> v4: 192.168.102.1/24 OPT2 (opt2) -> ix1.103 -> OPT3 (opt3) -> ix1.104 -> OPT4 (opt4) -> ix1.105 -> OPT5 (opt5) -> ix1.106 -> OPT6 (opt6) -> ix1.107 -> 0) Logout (SSH only) 9) pfTop 1) Assign Interfaces 10) Filter Logs 2) Set interface(s) IP address 11) Restart webConfigurator 3) Reset webConfigurator password 12) PHP shell + Netgate pfSense Plus tools 4) Reset to factory defaults 13) Update from console 5) Reboot system 14) Enable Secure Shell (sshd) 6) Halt system 15) Restore recent configuration 7) Ping host 16) Restart PHP-FPM 8) Shell
the result was:
[23.05-RELEASE][root@pfSense.home.arpa]/usr/local/bin: etherswitchcfg etherswitch0: VLAN mode: DOT1Q port1: pvid: 1 state=8<FORWARDING> flags=0<> media: Ethernet autoselect (1000baseT <full-duplex>) status: active port2: pvid: 101 state=8<FORWARDING> flags=0<> media: Ethernet autoselect (1000baseT <full-duplex>) status: active port3: pvid: 102 state=8<FORWARDING> flags=0<> media: Ethernet autoselect (none) status: no carrier port4: pvid: 103 state=8<FORWARDING> flags=0<> media: Ethernet autoselect (none) status: no carrier port5: pvid: 104 state=8<FORWARDING> flags=0<> media: Ethernet autoselect (none) status: no carrier port6: pvid: 105 state=8<FORWARDING> flags=0<> media: Ethernet autoselect (none) status: no carrier port7: pvid: 106 state=8<FORWARDING> flags=0<> media: Ethernet autoselect (none) status: no carrier port8: pvid: 107 state=8<FORWARDING> flags=0<> media: Ethernet autoselect (none) status: no carrier port9: pvid: 1 state=8<FORWARDING> flags=1<CPUPORT> media: Ethernet 2500Base-KX <full-duplex> status: active port10: pvid: 1 state=8<FORWARDING> flags=1<CPUPORT> media: Ethernet 2500Base-KX <full-duplex> status: active vlangroup0: vlan: 1 members 1,9t vlangroup1: vlan: 101 members 2,10t vlangroup2: vlan: 102 members 3,10t vlangroup3: vlan: 103 members 4,10t vlangroup4: vlan: 104 members 5,10t vlangroup5: vlan: 105 members 6,10t vlangroup6: vlan: 106 members 7,10t vlangroup7: vlan: 107 members 8,10t
and now only the Firewall-configuration with the web-gui 192.168.2.1
thanks for all the help
-
Be careful using VLAN1. I would try to avoid that if possible.
https://docs.netgate.com/pfsense/en/latest/vlan/security.html#using-the-default-vlan-1Steve
-
@stephenw10
thanks, i will change it -
Hi All,
Could someone with BIOS password for Watchguard M270, please share with me. i've got a Watchguard M270 from eWaste, and keen to have pfsense plus on it.
thanks. -
Hey guys, one more question.
I like to use the M270's WAN on my modem and the PPPoE to connect to the internet.
Generally it works, the pfsense is online. But something is wrong. I can scan for latest versions, I can DNSlookup google, but nothing more. I can not reach servers via ping or visit websites on LAN.
Firewall settings are checked. It might be something different.
Could it has something to do with VLAN setting on the WAN? Can I configure the M270 to have no VLAN on WAN, but VLANs on all LAN ports? -
If DNS lookup from the gui works and returns results from all configured servers you must have two way traffic on WAN. So that implies the switch/vlan settings must be correct.
Are you testing ping from the webgui? What error is shown?
-
This post is deleted! -
Sorry for the late answer.
I really don't know why it was not working. But I tried it out twice again, and now it is fine. In my opinion I did the same, but anyway.One other thing:
In the post from Apr. 16th you, @stephenw10 ,described to use ports as a LAGG. Can somebody let me know, what I have to change in the script, when I like to link port 2 and 3 together?
Finally I need only one VLAN on them, cause I use then the pfsense as the router to connect the ISP via PPPoE and link another main router behind on the LAGG to extend the networks behind.
Maybe this is working well.But I wasn't sure to try it out, because with the script I have, I can add LAGGs to ix0 or ix1 only at the moment. I think that's not a good idea and I may loose connection to the webGUI without doing it correctly.
Thank you
-
Hmm, you want to add a LAGG between switch ports 2 & 3 to some other router? Not a switch?
The NICs in the M270, ix0 and ix1, are connected to switch ports 9 and 10. You can LAGG ix0 and ix1 to the internal switch if you want to but you don't really gain anything by doing so.
The biggest issue is that the internal switch can only do a load-balance LAGG, it cannot do LACP. So that makes it quite limited.