Mount HDD as RW at boot on embedded pfSense
Cougar281 last edited by
I picked up an 'older' checkpoint firewall that came with a SATA HDD and has a provision for a CF card. I burned the embedded image to a CF card and after some troubleshooting, figured out why it wasn't booting and got that resolved. Now, it boots fine and updated properly from 2.1.4 to 2.1.5.
Now, I wanted to set up squid on it and use the HDD for its cache. I was able to mount the HDD in /mnt/squid, created 'logs' and 'cache' folders, and pointed the 'logs' and 'cache' paths at the respective folders. At that point, the proxy is working and caching data to the HDD. I also added '/dev/ufs/Data /mnt/squid ufs rw,sync,noatime 0 0' to fstab. The problem is it isn't mounting at boot and when the box reboots, the proxy is broken because it can't write to its cache location.
This may all be moot as it seems like the caching slows it down - big time. I tried downloading a pfSense fime to test the proxy, and the first download ran at less than 200KB/sec and well over 5 minutes, wheras the same file not going through the proxy was a few seconds (I have 100Mbps down). Is this slowdown normal, or am I missing something?
Assuming it's not normal and it can be improved to not slow things down, how can I get the HDD to mount read/write at boot so that everything will work when the device reboots?
Edit to add: It seems like it's might not be using the HDD for its cache, despite me pointing it at '/mnt/squid/cache' - I've noticed in my testing that my '/' FS is filling up as I download files to test, whereas the '/mnt/squid' seems to be staying at the same 4.2MB used despite downloading two pfSense images - According to the web console, my disk usage is now at 92% of 442MB - if it's actually writing to the CF card, that might explain why it's so slow. Any thoughts on that?
So you're booting from the CF card with a Nano image on it, yes?
Two issues. Nano doesn't use the fstab to mount the filesystems. The Nano image disables DMA so disk access is slow. Fortunately others have been here before you. :) Have read through this thread: