Does Restoring Factory Defaults Preserve Interface Assignments?

cmcdonald · May 23, 2013, 4:48 AM

Title basically says it all.

If I factory restore, will it preserve the interfaces that I have assigned or will it simply go down the list em0 -> wan, em1 -> lan ??

Just found this out the hard way, I was expecting the box to return in a usable state. However, you are forced to plug in a monitor/keyboard and assign interfaces. That sucks… It should at least remember the interface assignments prior to the restore and automatically assign them.

stephenw10 · May 23, 2013, 8:35 AM

It wouldn't be a factory restore if some things were remembered. You may want to do that specifically to remove the interface assignments.

You can always restore a config backup from a known good point such as just after you've assigned your interfaces.

Steve

cmcdonald · May 23, 2013, 4:17 PM

I understand.

However, it would be nice if there was an option to do so. So that the box as actually usable without interfacing with the console after a factory reset.

stephenw10 · May 23, 2013, 6:14 PM

Yep, I understand. There are a few boxes that automatically start with LAN preconfigured so you can do everything via the web interface, like a SOHO router. I think the Alix does this. However that's a special case. The hardware is fixed and known. There are too many combinations to be able to do it rationally. Most importantly it's always safest to default to asking for interface config rather than making some assumption that could conceivably open up your network.

Steve

jasonlitka · May 23, 2013, 10:02 PM

I had this same issue today with a headless Soekris box. I told my sys admin to reset a box I brought from home so he could use it for testing on a project and I was expecting it to come back up with the first port assigned to LAN. Instead, I'm pretty sure it's sitting there at the with a prompt on the console waiting for someone to configure it. We couldn't find a null modem adapter so we're stalled until I can bring one in from home tomorrow.

cmcdonald · May 24, 2013, 2:49 AM

I have a good amount of programming knowledge but due to my lake of experience with the pfSense stack, I would be completely lost as to where to begin adding this functionality. Even if it was just a simple checkbox "Assign LAN to the first recognized interface". That would be a amazing. And it would scale to "any" installation and could be transparent of hardware configuration.

wallabybob · May 24, 2013, 3:54 AM

@vbman213:

Even if it was just a simple checkbox "Assign LAN to the first recognized interface".

It is not obvious to me which interface would be "the first recognised interface". Hence I agree with Steve
@stephenw10:

it's always safest to default to asking for interface config rather than making some assumption that could conceivably open up your network.

jasonlitka · May 24, 2013, 4:46 PM

@wallabybob:

@vbman213:

Even if it was just a simple checkbox "Assign LAN to the first recognized interface".

It is not obvious to me which interface would be "the first recognised interface". Hence I agree with Steve
@stephenw10:

it's always safest to default to asking for interface config rather than making some assumption that could conceivably open up your network.

I'd say it's the first one that shows up in /var/log/dmesg.boot.

Set that NIC as LAN with a DHCP scope of 1 IP, no WAN interface, and a simple firewall rule set that doesn't allow access to anything but the pfSense box. People with a KB & monitor or Serial cable attached can walk through the setup wizard on the console, those with headless boxes (or who have just lost their null modem adapter) can run it through the web UI.

wallabybob · May 24, 2013, 11:06 PM

@Jason:

@wallabybob:

@vbman213:

Even if it was just a simple checkbox "Assign LAN to the first recognized interface".

It is not obvious to me which interface would be "the first recognised interface". Hence I agree with Steve
@stephenw10:

it's always safest to default to asking for interface config rather than making some assumption that could conceivably open up your network.

I'd say it's the first one that shows up in /var/log/dmesg.boot.

Unfortunately it is not easy for someone who doesn't have access to the startup text to determine which socket corresponds to the first (wired) NIC that shows up in the startup text. And even if they knew sk0 (say) was the first, how would they tell which socket on the box is sk0.

I presume this problem applies to a reset of factory defaults through the web page Diagnostics -> Factory Defaults. That page says:

If you click "Yes", the firewall will:

Reset to factory defaults
LAN IP address will be reset to 192.168.1.1
System will be configured as a DHCP server on the default LAN interface
Reboot after changes are installed
WAN interface will be set to obtain an address automatically from a DHCP server
webConfigurator admin username will be reset to 'admin'
webConfigurator admin password will be reset to 'pfsense'
Are you sure you want to proceed?

I think a reasonable interpretation of that text is that LAN and WAN interface assignments will be preserved. If the action is that ALL interface assignments are cleared UNLESS you are on a Alix (or some other specific box or boxes) then the text should say so.

cmcdonald · May 24, 2013, 11:15 PM

I think a reasonable interpretation of that text is that LAN and WAN interface assignments will be preserved. If the action is that ALL interface assignments are cleared UNLESS you are on a Alix (or some other specific box or boxes) then the text should say so.

Precisely my point. It don't think it is unreasonable to provide an option to select the lan interface through this interface prior to executing the reset.

jasonlitka · May 25, 2013, 6:51 PM

Yeah, the text in the web interface is what confused me. It strongly implies that there will be a default LAN interface (not necessarily the same port, but that there would be one).

stephenw10 · May 25, 2013, 7:12 PM

Hmm, yes I agree the text is confusing.