Some questions about the FreeBSD underneath pfSense



  • I keep getting confused with all the unix command line attributes. Which *nix had what arguments to which command? As a regular Linux/Win user i'm not used to the FreeBSD dialect of things, so i was hoping you could quickly fill me in on some basic FreeBSD tricks for 'hacking' pfsense on the shell?

    • raw-failsave edit /cf/config.xml in single-user. As i keep screwing up low-level interface configs and therefore locking myself out from any networking means, i really like to raw-undo my last changes in the singleusermode sometimes, but i must admit, i was just not able to remount the /CF as read-write. how the heck can i do that just on the device itself, serial/console booting failsave?

    • status of (listen-) sockets ( 'netstat -anp'/'netstat.exe -an'). how do i find all tcp-sessions of e.g. the sshd?

    • tailing system logs:  tail -f /var/log/system.log    squirts some chars at the end and stops tailing…. what is the best way to console-trace system logs?

    • how do i use the rest of my storage/harddrive not used by pfsense itself? The CF image comes in a fixed size, but if your Card is bigger (e.g. 8GB), there's at least half lost. creating and using a fourth DOS-Style partition seems to work, what is the FreeBSD way of creating a msdos partition type a5? 'newfs /dev/ad0s4' formats it  ... fdisk to create it?

    • automount of that additional partition, fstab '/dev/ad0s4 /DATA ufs rw,async,noatime 0 2'  is good, but it's not mounted upon boot

    As mentioned i very often use pfSense on alix or similar embedded platforms, hence doing a lot via serial/9600 (where i feel at home:))

    cheers & thx



  • Firstly, remember that pfSense generates lots  of FreeBSD stuff itself. The intention is that you set it up from the GUI. The console should only be needed for some initial config and for looking at stuff out of interest, rather than necessity.

    I will answer the easy ones off the top of my head:

    i was just not able to remount the /CF as read-write. how the heck can i do that just on the device itself?

    /etc/rc.conf_mount_rw
    /etc/rc.conf_mount_ro
    

    Look in /cf for recent backup of the config - easy to copy back a good one if you have been playing and messed it up.

    what is the best way to console-trace system logs?

    They are circular logs, you have to use the "clog" command:

    clog /var/log/system..log
    

    how do i use the rest of my storage/harddrive not used by pfsense itself?

    There is no builtin system for doing this in pfSense. If you have a CF  card nanoBSD install then you don't want to be using the CF card as a Squid cache or whatever.

    What is your objective in having an extra partition on the CF card? or is it just that you are playing for fun?


  • Netgate Administrator

    The nano images do not use the fstab to mount the slices (partitions). The easiest way is to install the shellcmd package and then add a mount command to it to run at boot. However, yes, what Phil said above, what do you want to do with the extra space?

    Steve



  • sorry for the late reply and woow thanks for the response. Exactly what i've been looking for.

    Actually, a little help with another rc-script and the 4th partition gets mounted, and the mkfs-tool shipped with the embedded img. So the embedded image deals very well with a classic 4-primary partition table. (and can mount FreeBSD (a5) and FAT (think 0c) partitions). Even DMA transfers seem to be supported by the alix-hardware (cranked up almost ~17MByte), though it will not run usb-disks too stable. :)

    Oke, there's no partitioner tool inside then - maybe a good thing, agreed

    And don't worry, just sometimes it's handy to have some extra space, like running a seldom-used-ftp or similar little abuses. Surely no caching with a lot of IO, this kind of storage is not made for this. (Though, the wrong thing to do here is to rely on this hardware and NOT having a spare card with a recent backup)

    Yes I am aware that what i'm doing here is way beyond the purpose of pfSense, and i love it for as it can actually be done!
    But I am aware as well, that it's the best non-commercial solution anyone can have, out of the box! (esp. soho environment where there's a lot of throw-away products!) :)

    thanks a lot


Log in to reply