Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Boot pfsense from a network share - possible?

    General pfSense Questions
    5
    8
    1591
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      firewalluser last edited by

      Is it possible to boot pfsense from a network share?

      I've only found this link,
      http://serverfault.com/questions/140979/pxe-boot-freebsd-iso-from-pxelinux-server

      but before I dig any deeper, thought I'd ask in case I'm wasting my time on something not possible.

      TIA.

      1 Reply Last reply Reply Quote 0
      • P
        pfRoss last edited by

        @firewalluser:

        Is it possible to boot pfsense from a network share?

        I've only found this link,
        http://serverfault.com/questions/140979/pxe-boot-freebsd-iso-from-pxelinux-server

        but before I dig any deeper, thought I'd ask in case I'm wasting my time on something not possible.

        TIA.

        I have no idea if this is possible or not. However I am curious as to why you would want to?

        1 Reply Last reply Reply Quote 0
        • M
          mer last edited by

          pxeboot is a way to bring up a machine from scratch, something that has a network interface, a destination disk but no other attached devices (like USB or CD/DVD drives).  It's used quite often for building machines.

          Now could a pfSense image be used to pxeboot another machine?  I don't know, I've never tried it, not sure if anyone else here has tried.  If I had to take a guess, I'd say "it's possible, but I don't know how much effort it would take, how to do it, so I can't tell you exactly how"

          1 Reply Last reply Reply Quote 0
          • Derelict
            Derelict LAYER 8 Netgate last edited by

            Or why you would want to. It's a firewall, not a network boot source.

            1 Reply Last reply Reply Quote 0
            • F
              firewalluser last edited by

              @pfRoss, easier to automate cloning and reloading of images.

              @mer, Only one way to find out and give it a go I guess.

              1 Reply Last reply Reply Quote 0
              • D
                doktornotor Banned last edited by

                PXE boot from ISO has been broken since FreeBSD 9.0; don't think anything changed there.

                1 Reply Last reply Reply Quote 0
                • M
                  mer last edited by

                  Thanks dok, I did not know that.  I was speaking in generalities;  we do stuff with pxeboot @work on Linux systems.  I took the OPs question about it meaning "could I do this to create/install pfSense" not that he was intending to do it all the time (LiveCD-ish).

                  OP: you could post a question over in one of the FreeBSD forums (hackers/general questions) as to state of pxeboot.

                  1 Reply Last reply Reply Quote 0
                  • F
                    firewalluser last edited by

                    My intention was to have what would normally sit on the hard disk, on the network share.

                    This way I can have another program monitor the changes made to the file system sat on the network share which would give me the ability to find changes made which are otherwise unaccountable.

                    It doesnt solve the problem of stuff running in memory only though, but frequent reboots help counter that problem as a new pattern would develop as the (re)infection process takes place again, but its related to my other post about the Arp table showing the wrong info, latest example of my observations being here.
                    https://forum.pfsense.org/index.php?action=post;quote=563341;topic=100968.0;last_msg=563341

                    Based on the malware I have got here which isnt being detected entirely by AV software, people/businesses need to start thinking about isolating their internet facing services, like web and/or email servers from their private networks and start to go physical machines.

                    In a way virtualisation puts all your eggs in one basket, which is no different to MS Small Business Server or Linux LAMP servers in a way, so by having an individual machine for each public facing service, you need to automate the installation and setup process as quickly as possible by spinning up a new server whilst also treating it as a disposable pawn. Breaking all encryption at the firewall even for browsers is a must or have separate machines used exclusively for encrypted online access like for online banking in order to reduce risks across a LAN, business data getting compromised and so on.

                    Whats interesting about DuQu2.0 only spotted by Kaspersky labs, is it steals MS SQL databases and email contacts from MS Exchange amongst other things, which is commercially advantageous in many ways especially as the global economy contracted by $13 trillion since June this year. The planets total GDP is only around $74 trillion if the investment websites quoting this info is correct, if not ignore the financial bit.

                    Its also possible DuQu2.0 targets opensource software as well as a delivery conduit and might be whats buggering up my systems here, teh catch 22 is no AV has hard facts only traces of something.

                    Edit. My catch 22 is, my email servers are down (have been for months as they keep getting hacked) so I only have the ability to post here my observations at the moment as all forum registrations need email to register aka a catch22.

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post

                    Products

                    • Platform Overview
                    • TNSR
                    • pfSense
                    • Appliances

                    Services

                    • Training
                    • Professional Services

                    Support

                    • Subscription Plans
                    • Contact Support
                    • Product Lifecycle
                    • Documentation

                    News

                    • Media Coverage
                    • Press
                    • Events

                    Resources

                    • Blog
                    • FAQ
                    • Find a Partner
                    • Resource Library
                    • Security Information

                    Company

                    • About Us
                    • Careers
                    • Partners
                    • Contact Us
                    • Legal
                    Our Mission

                    We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                    Subscribe to our Newsletter

                    Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                    © 2021 Rubicon Communications, LLC | Privacy Policy