Boot pfsense from a network share - possible?



  • Is it possible to boot pfsense from a network share?

    I've only found this link,
    http://serverfault.com/questions/140979/pxe-boot-freebsd-iso-from-pxelinux-server

    but before I dig any deeper, thought I'd ask in case I'm wasting my time on something not possible.

    TIA.



  • @firewalluser:

    Is it possible to boot pfsense from a network share?

    I've only found this link,
    http://serverfault.com/questions/140979/pxe-boot-freebsd-iso-from-pxelinux-server

    but before I dig any deeper, thought I'd ask in case I'm wasting my time on something not possible.

    TIA.

    I have no idea if this is possible or not. However I am curious as to why you would want to?



  • pxeboot is a way to bring up a machine from scratch, something that has a network interface, a destination disk but no other attached devices (like USB or CD/DVD drives).  It's used quite often for building machines.

    Now could a pfSense image be used to pxeboot another machine?  I don't know, I've never tried it, not sure if anyone else here has tried.  If I had to take a guess, I'd say "it's possible, but I don't know how much effort it would take, how to do it, so I can't tell you exactly how"


  • LAYER 8 Netgate

    Or why you would want to. It's a firewall, not a network boot source.



  • @pfRoss, easier to automate cloning and reloading of images.

    @mer, Only one way to find out and give it a go I guess.


  • Banned

    PXE boot from ISO has been broken since FreeBSD 9.0; don't think anything changed there.



  • Thanks dok, I did not know that.  I was speaking in generalities;  we do stuff with pxeboot @work on Linux systems.  I took the OPs question about it meaning "could I do this to create/install pfSense" not that he was intending to do it all the time (LiveCD-ish).

    OP: you could post a question over in one of the FreeBSD forums (hackers/general questions) as to state of pxeboot.



  • My intention was to have what would normally sit on the hard disk, on the network share.

    This way I can have another program monitor the changes made to the file system sat on the network share which would give me the ability to find changes made which are otherwise unaccountable.

    It doesnt solve the problem of stuff running in memory only though, but frequent reboots help counter that problem as a new pattern would develop as the (re)infection process takes place again, but its related to my other post about the Arp table showing the wrong info, latest example of my observations being here.
    https://forum.pfsense.org/index.php?action=post;quote=563341;topic=100968.0;last_msg=563341

    Based on the malware I have got here which isnt being detected entirely by AV software, people/businesses need to start thinking about isolating their internet facing services, like web and/or email servers from their private networks and start to go physical machines.

    In a way virtualisation puts all your eggs in one basket, which is no different to MS Small Business Server or Linux LAMP servers in a way, so by having an individual machine for each public facing service, you need to automate the installation and setup process as quickly as possible by spinning up a new server whilst also treating it as a disposable pawn. Breaking all encryption at the firewall even for browsers is a must or have separate machines used exclusively for encrypted online access like for online banking in order to reduce risks across a LAN, business data getting compromised and so on.

    Whats interesting about DuQu2.0 only spotted by Kaspersky labs, is it steals MS SQL databases and email contacts from MS Exchange amongst other things, which is commercially advantageous in many ways especially as the global economy contracted by $13 trillion since June this year. The planets total GDP is only around $74 trillion if the investment websites quoting this info is correct, if not ignore the financial bit.

    Its also possible DuQu2.0 targets opensource software as well as a delivery conduit and might be whats buggering up my systems here, teh catch 22 is no AV has hard facts only traces of something.

    Edit. My catch 22 is, my email servers are down (have been for months as they keep getting hacked) so I only have the ability to post here my observations at the moment as all forum registrations need email to register aka a catch22.


Log in to reply