PFSense beginner



  • Hi guys,

    first of all I want to say thanks to everyone involved in this project for all the work put into it.
    Reason why I registered is that I couldn't find clear information on installing pfsense on usb stick
    but limiting reads and writes as in embedded installation while keeping all of the functionalities of
    full installation.
    If anyone can briefly explain this or point me out to the documentation I will appreciate it a lot.

    Thanks in advance

    Max


  • Rebel Alliance Developer Netgate

    You can't have it both ways. Either you use NanoBSD and limit writes, or you use a full install and deal with the filesystem being writable.

    The closest thing to a compromise is on 2.1 you can run a full install but still use a RAM disk for the data in /var and /tmp, but you need to size them appropriately or you'll run out of room there trying to do fancy full-install things.

    Packages will still likely write to the USB stick though, so you're back to square one with handling lots of writes.

    Bottom line: If you're that worried, run NanoBSD.



  • jimp thank you for the heads up.
    I'll test with nanobsd and full install with ram mounts and usb flash writes will be crucial for choice.

    Thank you

    Max



  • @mad_max0204:

    …  clear information on installing pfsense on usb stick but limiting reads and writes as in embedded installation while keeping all of the functionalities of full installation.

    I'd like to suggest an alternative.

    The thing about Flash "write endurance" is that no-one can reliably predict failure - all is based probabilities associated transistors and management of wear leveling of erase blocks - all that that you know is that sooner or later it will. But then, … you can say that about non-solid-state storage too (with the caveat that probabilities favor the later)!

    Since USB Flash memory sticks are very cheap, disposable redundancy may be is viable: buying a few 8GB sticks, backing up installed USB (using USB Image Tool http://www.alexpage.de/usb-image-tool/) image and then re-imaging backup onto a new stick as older one fails.

    My experience is (with Sandisk USB sticks) is that they self-protect themselves - rendering read-only once write endurance prevents further writing, so, I can read latest writes before failure, should I need those logs.

    Advantage for the implementation is that you have solid-state storage, consuming less power, producing less heat, lower susceptibility to environment whilst still having access to logs between reboots.

    Admittedly, this isn't a scalable solution, but multiple pfSense installations is outside the context of this proposal.