Pfsense Install on Nokia IP390



  • @RBT-RS:

    On a side note, the box which I run pfsense has a lot of ethernet ports, but only 2 of them work:

    Eth4, on the far right of the unit, is the WAN port - em9 to pfsense.
    In slot 1, the ethernet port on the left is the LAN port - em0 to pfsense.
    How can I get the ports em1 to em8 working as LAN ports? Currently they don't do anything.. I've tried looking up tutorials but all of them are 6 years old and the options aren't even in pfsense any more.

    I want all the ports to be on the 192.168.1.0/24 subnet – with pfsense using 192.168.1.1 as the management ip.

    So you want the extra ports to function as a switch?  That's not a normal use for firewall ports, and it's not something I've tried to warp pfSense into doing.  Why not just use a $20 switch that's optimized for that?  Unless I'm missing something …



  • We already have a switch however the switch failed and I have no further budget to spend, so I need pfsense to act as a switch.. As you can see, there's no shortage of ports available


  • Netgate Administrator

    You will get people on here telling you not to do this for whatever reasons (cost, speed etc) but this looks like a very valid case. You need to bridge the ports. I wrote a guide some while ago:
    https://forum.pfsense.org/index.php/topic,48947.msg269592.html#msg269592

    Steve


  • Netgate Administrator

    The one final thing we can do to see if the led is controlled by the ICH is to set the LED in IPSO and then re-read the registers to see if anything has changed. So in IPSO try to set the yellow led on by running:

    ipsctl hw:sys_stat:state:volt_alert=1
    

    Now that should set the state which sets the LED but it  might also do some other stuff.

    Steve



  • @stephenw10:

    You will get people on here telling you not to do this for whatever reasons (cost, speed etc) but this looks like a very valid case. You need to bridge the ports. I wrote a guide some while ago:
    https://forum.pfsense.org/index.php/topic,48947.msg269592.html#msg269592

    Steve

    Hi Steve,

    Just tried to follow this tutorial: I got to step 4, but, when setting the original LAN connection to the bridge0 interface, it just locks me out, and according to windows' ipconfig, doesn't assign IP addresses any more, and will only give an IPv6 gateway. No internet through it.
    The config for the original LAN interface is as follows:

    All the other interface are in the "none" for both IPv4 and IPv6.


  • Netgate Administrator

    Did you reconnect your client to one of the interfaces in the bridge? When you re-assign LAN the old interface will become inactive.

    Did you set the sysctls before you created the bridge? If not then just reboot and the new bridge will be brought up with the new settings.
    If you have somehow not configured the firewall correctly you can temporarily disable the firewall completely from the console while you add appropriate rules:
    https://doc.pfsense.org/index.php/I_locked_myself_out_of_the_WebGUI,_help!#Remotely_Circumvent_Firewall_Lockout_by_Temporarily_Changing_the_Firewall_Rules

    Steve



  • Hmm. Yes, I did reconnect it to a bridge interface.

    If you mean sysctls as in system tuneables, then yes.. If it's something else, then.. Nope.

    I'll look into that if I have set the sysctls correctly



  • Help.. cant get ip390 to boot , ive tried 32 bit version and 64 bit version , putty com1 gets to boot 1 then just loads of crap fills the screen any ideas ?


  • Netgate Administrator

    What image are you booting?
    It could be the baud rate changes at that point, after the boot loader.
    It's 115200 if you're using 2.2.X

    Steve



  • Just a heads up..

    You can write the image to a CF card, and use that card to install to the hard drive. You can then remove the card and have it boot to the hard drive.

    I'm looking into upgrading the 1.5GHz Celeron-M (Banias) processor with a 2.0GHz Pentium-M (Dothan) for better performance.



  • cant get the ip390 to boot from hard drive



  • So, My recent adventure included….guess... pfsense and an IP390. I think this may help you guys with the LED's. The IP390 I got on eBay had a factory reset cf with ipso 4.2, and turned off the led's, where pfsense did not, I decided to dig.

    From file "ipso_startup_complete" from a seperate ipso 6.2 install at "~\ipso-6.2\ipso-6.2\etc\rc.d"

    ipsctl -w -n hw:sys_stat:state:startup 0 hw:sys_stat:state:ok

    Let me know if this is a projected that was given up on, or if someone needs ref. files.

    Adam,
    Bombshell Networks


  • Netgate Administrator

    If you have the files we can look at them but I thought they existed only as compiled binaries.

    Steve




  • Netgate Administrator

    Sorry I don't actually have an IP390 to test that.
    Someone else might be able to use the binary on the real hardware ans look for the settings it's making.

    Steve



  • Just coming back to give an update on my pfSense project on my IP390:

    It's been amazing for the time i've been running it now. Hasn't crashed once. Admittedly I didn't get all the lights working properly so it still displays the system error light but if otherwise it works fine. Only problem I had was when an engineer decided to disconnect the internal fans and it blew a power supply! I had a spare so that was fine, but recommendation: replace all those fans, and make sure they're plugged in. Seriously not cool if you don't have a spare supply around.



  • @bombshellnetworks:

    So, My recent adventure included….guess... pfsense and an IP390. I think this may help you guys with the LED's. The IP390 I got on eBay had a factory reset cf with ipso 4.2, and turned off the led's, where pfsense did not, I decided to dig.

    From file "ipso_startup_complete" from a seperate ipso 6.2 install at "~\ipso-6.2\ipso-6.2\etc\rc.d"

    ipsctl -w -n hw:sys_stat:state:startup 0 hw:sys_stat:state:ok

    Let me know if this is a projected that was given up on, or if someone needs ref. files.

    Adam,
    Bombshell Networks

    Not so much given up on, but I haven't really had the time to continue messing as late. But i'm guessing that you're talking about an IPSO command right there? I think I found that when I was digging around in the IPSO firmware that came on one of my units. I think I tried to look into this but we need the hardware reference of "sys_stat" in order to set this on or off.



  • Just wondered if you know the error codes on startup - I have an ip390 here and was working fine - restarted it and I get 41 on the on board LED and no serial output.



  • A few quick searches show "41 - OEM post memory initialization codes", maybe swap out ram, or maybe bad ram slot?



  • there are 3 LED related functions in the Check Point kernel ...

    • janus_pld_red_led_set (Bit 0x01)
    • janus_pld_yellow_led_set (Bit 0x02)
    • janus_pld_green_led_set (Bit 0x08)
      they write to port 0x348 ... this seems to be the Altera MAX II chip (PLD) next to the diag display
      btw: the PLD also monitors powersupply status
      ... and there are 4 LED related functions for 'Phalanx PLD' ...
    • phalanx_pld_red_led_set
    • phalanx_pld_yellow_led_set
    • phalanx_pld_green_led_set
    • phalanx_pld_disk_led_set *****
      this might be the explanation for the 'missing' led on the frontpanel PCB (Bit 0x04 is assume)
      hope this helps - sorry for the late reply ;)
      /paketix

Log in to reply