Watchguard Firebox XTM 8 Series
-
I downloaded your bios backup file and it opened fine in AMIBCP 3.46. :)
Here is a modified version: https://sites.google.com/site/pfsensefirebox/home/xtm8v1.rom
The only thing I have done is changed the user access level defaults from 2 (limited) to 3 (full). The MD5 of the file is f831c43035334db94f070644ca272380. I did try to add some text but it didn't like that so I that's the only change I've made.Obviously you flash this at your own risk!
Steve
-
Flashed your bios successfully.
Try to boot freedos after flashing was ok, the box is still ok.
Look into Bios still locked, i now have removed CMOS battery and wait 10 Minutes.I report soon.
Many Thanks for your great work steve!
Edit:
It' s done steve, bios is unlocked and the "view only" crap is gone :-)
But in redirect it shows only com2, there is no option to change it in anything else.Here is a screen from that menu.
http://ul.to/feznohzh
Can you tell me where the access level in amibcp is that you had modyfied?
If i can anything to try out commands or something elsa let me know.
-
Ah yes, sorry, I should have said you need to clear the cmos to force it reload the default values including the new user access level.
The setting for that is in the first tab in amibcp (edit: Setup Configuration) where you can select the bios menus. It's in the security menu. Nothing there is labelled or has any explanation of the different settings.
You don't want to choose anything other than com2 for the redirect because that's the only serial port on the box. The standard Lanner box it's based on has a com port for console access on the front and that's com1. No idea why Watchguard didn't want it. Anyway com1 is not present in the XTM8 so it's disabled in the bios. It may be possible to swap com 1 and 2 by simply reassigning their resources and thus allow pfSense nano image to boot correctly. Usually com ports are assigned a standard set of resources, if you reassign com2 to have I/O address 0x3f8 and IRQ 4 there's a good chance that nanobsd might use it. There's also a good chance it will break console redirection! ;) However you can always clear the cmos to get back to a working state.
Steve
-
Change to 3f8 and IRQ 4 but nano image of pfsense still not boot.
I tried for a test to boot from a usb stick with a ESXi on it. It shows me the initial of the boot process, so it' s able to boot usb sticks.
Later i test to boot a debian netinstall and a pfsense live image on usb stick.I think i must become the vga output to work. But i recognize not the right pin settings and i read that not all monitors allow this.
-
Damn. :(
You could try changing the redirect to 9600bps. It may be that the two processes are conflicting. Even try disabling console redirect completely. You'll have to reset the cmos afterwards to get back to the bios defaults if it doesn't work. I doubt it will since the XTM5 has those settings and it doesn't cause a problem.Annother possible way to go would be to re-programme the superIO chip to change which com port is com1. That might cause problems with the console redirect function though. Looking at the bios strings it seems all references to com1 have been removed from it.
The VGA header is standard VGA, any monitor should be able to display it. The problem is finding a suitable header cable. The 20pin header is 2mm pitch rather than the much more common 2.54mm (0.1"). You'll see that Eams did it by connecting individual wires directly to the header and using only green.
Steve
-
Ok, now i have the green screen :-)
Booted my pfsense install that i have done in a vm and it gives me an error to mount root from ufs:/dev/da0s1a
I think this is a failure trough install in a VM on the CF attached via usb.
Than i tried to boot a VMware ESXi installation by the same way. This i have done many times to usb sticks that later boot the VM ESXi Server.
It loads without errors and it shows me all NICs that the box have. Even from the doughter board.
Tomorrow i will soldering the vga cable and try to install pfsense a better way. Or to change the boot entry. But iam not so familar with bsd. In debian i came from i know there is a /etc/fstab where all the boot things are in.Before i forget it, i find out that the hdd led only lit when the cf is booting. When i boot from HDD it is never on, but on my screen via vga cable i could see the boot process.
And another interesting thing, i opened my bios backup and looked a little around the menus and entrys. I found there a entry with console redirections on 9600 baudrate. But bios is reachable with 115200 baudrate. Can it be a conflict with pfsense? -
Possibly, might as well change it and see.
I'm a bit confused about the mountroot error. That should never happen with one of the nanobsd images which always expect to be on ad0. What did you write to the CF card and how?
Steve
-
Oh sorry, thats not a nano image. This i have installed with a live cd from pfsense to a sata hdd not a cf card in a vm.
And i think thats the reason for the faulty boot path.Later i will try to bring the pfsense live image to the cf card and boot the box with that. A install to the hdd connected to the sata port could be possible.
I dont want to change more things in the bios file and flash. I think it is good to be unlocked, but every flash is risk.
-
After month of no time to bring up and running pfsense on a XTM 8 device, yesterday i found a way how it works!
A detaild setup i will bring up next year in a blog.
What i found is:
Boot nano image not working.
Box only boots from CF or HDD, USB not bootable.
I attached a ssd with a win7 installation and it boots, really nice with a green vga output ;-)
Attached a Live installation hdd boot, but it fail by wrong fstab entry.
The XTM8 will boot from /dev/ad8s1a or /dev/ad8s0a, i can not remember now. But in the afternoon i tell the correct entry.
After setup and boot the live installation in a second box (PC) and edit the fstab by:
mounting / rw
editing with vi the /etc/fstab to the right entry
poweroff the second box and attaching the hdd to the xtm8 and it boots correctlyThe nano image from cf, i think had same problems. I will test it with same way.
-
Sweet!! Keep us posted!!
-
Sweet indeed. ;)
These boxes are unfortunately so rarely available second hand that I doubt I'll get my hands on one to play with any time soon. :(
I'll just keep looking….Steve
-
OK, the xtm8 now boot pfsense from cf.
I installed the cf to a igel thin client, connect a usb cdrom and install pfsense to it with Live CD.
Found the correct entry for fstab and edit it with vi.
Put the cf in the XTM8 and boom ;-)Here the correct entrys:
HDD connected to internal sata: /dev/ad8s1a
CF Card: /dev/ad10s1aCan someone tell me why such numbers and not ad0s1a like default?
-
It's just down to the order in which they are initialised. If the board has a few SATA interfaces the numbers start adding up quick. Still ad10 is surprising.
You shouldn't really run a full install (or anything except Nano) from a CF card. The writes may kill it.Steve
-
Find it!
I had changed the bios ide settings to ahci.
Turn it back to ide it brings me the fault fstab entry. Turn back to ahci is working with the ad10s1a.
Now i have to find the correct entry for ide mode.@steve
is it possible to change the bios for a pfsense in display?Edit:
in ide mode
cf: /dev/ad7s1aNow the question stay on ahci or change to ide and edit fstab to ad7?
And is there a way a nano install to change to correct fstab settings?Will try it with my Igel Thin Client.
-
It is possible but it's risky.
On the XTM5, which has a very similar bios, I managed to produce corrupted bios images a number of times. The only way to recover from that was to flash the bios ROM directly via the spi header but that does not work on the XTM8 as Eams found. So if the image turns out corrupt it's going to brick the box. ;)
To do it you have to extrct the bios modules from the rom image, edit the correct one with a hex editor and then rebuild the image.Steve
-
ok, i let this bios. now flashed the second box with this bios to work on the nano installation and modifying the fstab on nano image. Hope i found the way to do it.
No way with nano image. It only brings a flashing prompt after bios. No output, nothing. Looks like it not looking for a bootloader.
But other things booting.Write the nano image with win32diskimager on the cf. In my xtm5 the nano cf is booting without problems..
-
As soon as the bootloader runs the console will switch to com1 which as we've seen doesn't exist on the xtm8. It should boot a cf card that has had interfaces already configured though, assuming the configuration is compatible with the box.
Steve
-
I can say that a 32 bit nano image run in the Igel Thin Client. Put it in the xtm8 but the orange led for hdd not flash. When running the full install on cf the led is flashing all the boottime. I Think this is a indicator that the nano image will not try to boot.
Edit:
Try now pfSense-2.1-RELEASE-1g-i386-nanobsd_vga.img.gz and it is booting without any problem!
Boottime is very fast!Can this point to a kernel problem?
-
I think it's likely that the standard Nano image attempts to write to the non-existent com1 and crashes. The only way around that seems to be either:
1. Reprogram the rear com port to be com1
or
2. Build a Nanobsd image that is coded to use com2I'm not sure what determines which port is seen as com1. It may be possible to switch them by altering the superIO chip register settings for example. More research needed.
Steve
-
The easy way is to use a nano_vga image. You only have to download it, write it to the cf and all is fine.
With monitor on vga header it can be configured. The console at start works on same settings with bios output (115200). At the Point after the question how to boot (default, acpi disabled . . .) the console shows nothing. Tried all settings in bios, tried to change baudrate to 14400 in pfsense. Nothing helps.This is my plan!
I will now close my first box, it is ready.
Make the second box up running pfsense 64 bit vga nano too.
Make a default configuration with em0 (dhcp use) for wan.
Make a backup from this cf.
Upload it for everyone need it.Than if need new install this must be the way:
write the backup to cf
boot the box with em0 (wan) connected to router
wan becomes an ip from the router dhcp
connect a usb keyboard
without see anything:
"8" for shell
"pfctl -d"
to disable firewall and connect to em0 IP that can be found in the router
configure pfsense with own settings for wan and lan.Correct me if there is a better way.
Think it is the only fast way without vga output to bring pfsense on it.For me, it s done!