Running pfsense without a gfx-card?
Is it possible to run pfsense without a graphics card in the computer? Either with a premade configuration file or installed to a harddrive and then have the gfx-card removed?
It certainly is possible - there are many people running pfSense on embedded hardware such as Soekris and PCEngines boards that has no graphics hardware. For this reason, the embedded image is set to use a serial console by default.
However, many PC BIOSes won't pass the POST stage without a graphics card in the system. Server hardware typically has low end graphics hardware on the motherboard - much as it hardly gets used. On my current rack mount servers, I only used the graphics hardware to set up the network configuration on the remote management card; if I had remembered the (unfortunately static IP - thanks Dell) defaults I wouldn't even have needed to do that.
If you do have a machine with no graphics card, it's a good idea to have a serial port available that you can use as a serial console.
If you want to pull the graphics card to free up a PCI Express slot for a NIC, could you use VLANs (802.1q capable switches are inexpensive now) or NICs with higher port density?
If you are short of a graphics card, there's always eBay - someone is bound to be clearing out some obsolete card with the correct interface that would be fine for your pfSense box.
Why do you want to run without a graphics card?
Got loads of old gfx-cards to use, but i don't want a heat generating unnecessary component in my router :) So i should use the imbedded image and it should work fine without the grapchis card on my pc?
However, many PC BIOSes won't pass the POST stage without a graphics card in the system. Server hardware typically has low end graphics hardware on the motherboard
That really depends on your BIOS.
If your BIOS can boot without a VGA Cards it should work.
I'd use the ordinary image and switch to a serial console - there's nothing special about the embedded image when it comes to graphics cards, only that the default is to use a serial port (which covers the situation where there is no graphics card).
The question is whether your BIOS will allow you to boot without a graphics card - you can only find out!
Personally I'd put the lowest end passively cooled graphics card that you can find in the machine and leave it there. With just a text console on screen, the card should only be using a small amount of power. However, it's up to you!
Yes it can run without a gfxcard, had none when ubuntu was installed.
I've tried to remove the gfxcard, and the computer boots up, the cd starts spinning and reading some, but then nothing happends for a couple of minutes. so i guess it doesn't work with pfsense…
The LiveCD is not the embedded Version of pfSense.
You have to take the harddisk out and install the embedded version from another computer onto this harddisk.
Take a look at the howtos for installation of a WRAP.
It applies to your case too.
I've seen that people are using the com ports to access pfsense (and monowall) on headless boxes, but how to do it? It would beat having to lug a monitor, keyboard, and mouse over to the pfsense box if you could just plug in a laptop.
Is it a special cable from D-9 to VGA (D-15?), a double-ended male D-9 to attach to the com port on a second pc, or something else? Then how to pull in the graphics image from the headless box on to the viewing machine (that might be running either Ubuntu or Windows?
it's a console?
Ok, the UART Wikipedia link didn't help…discusses the protocol, but not the "how to"...
from a prior note in this link... it implies it's quite simple to hook into the serial port: "and switch to a serial console...the default is to use a serial port (which covers the situation where there is no graphics card)"
Not having seen anyone do it, nor any real description of the cables/devices to use, and unsuccessful google searches (probably because it's a trivial task if you've seen it done once) - I'm still curious.
Is it as simple as a two-ended serial cable, starting 'terminal in Linux on the viewing machine, and typing a "cat serial cable to screen" kind of command? Or a specific software package?
You need a null modem cable - almost certainly a 9 pin to 9 pin one. It's very rare to find a 25 pin serial port on a modern computer.
A VT100 terminal emulation will complete the job - something basic like Hyperterminal in Windows is fine. I use Vandyke SecureCRT, simply because it's the terminal emulator I'm comfortable with (I do enough SSH based work to justify a commercial program).
For Linux, there have to be many free options - anything suitable for configuring a switch or wireless access point via its serial port is fine. You don't need anything complicated for the pfSense console.
Thanks for the start!
Seems the magic query is "serial console" and "null modem" to get going on google searches.
I found a "data transfer" double D-9 cable in my big box-o-wires out in the garage that matched the pinouts of the "0-modem" project page linked above (also found a straight-through as well as an odd-ball one).
I found and installed "gtkterm" from the X/K/Ubuntu list of available programs (also the old Kermit program, though less friendly) that is supposed to interface with this setup.
So I hooked up the cable to the pfsense box, launched a laptop with gtkterm on the other end, changed the pfsense Advanced option to 'enable serial console' and checked the gtkterm settings…. and... nothing so far. Doing a reboot and some more testing.
Any special "gotchas" I should look for?
No offence jvin but you do seem to be making a bit of a meal of it.
I was running on an old 2.5 laptop hard drive that I knew was faulty and would reboot once a week. I backed up the config and then installed the embedded version (guide found here) onto a tinny Sony 1GB USB pen drive booted and restored the config and now couldn’t be happier as I no longer have the rattle of the hardrive or the need for a graphics card or keyboard.
Any special "gotchas" I should look for?
Make sure you found right cable, it has to have at least these pins connected (both ends of the cable are femails)
And use speed=9600 Parity=None Stop-bits=1 FlowControl=none in your terminal program.
The cable I am using matches those three pin-outs you list (I just double-checked), DB9M on both ends. It's a Belkin F3B207-10 and no manufacturer pinouts on google.. 9600/8/N/1 settings were used.
Oddity: on the pfsense box, under the console initiation option it has a warning note about not being able to see the regular gfx card/monitor after saving/rebooting.. yet I am still able to see that after making the change (I tried rebooting a couple of times with and without the monitor, though I left the gfx card in.. I might try taking that out next). And no display through the serial port.
I did get a couple of stray random "AT&F" commands that popped up on the laptop terminal program but nothing consistent to debug with. I tried DTR and RTF toggles on/off as I saw in other post solutions, but nothing there. The pfsense box has two serial ports and I tried both. I'm going to next try a different laptop to ensure no blown com port on the first tested one. Or the two laptops to each other.
If your terminal program is sending AT&F, it appears to be expecting to work with a modem. AT&F is the reset command - these days, the AT command set is ubiquitous for modems.
You need to turn off modem support or find a different program. You need a simple serial terminal. As I said in an earlier reply, something that's suitable for configuring managed switches and similar hardware via the serial port is ideal.
If you have only checked 2-3, 3-2 and 5-5, you haven't verified that the cable has wired for hardware handshaking in the cable. That being the case, DTR/DSR and RTS/CTS must be off. I'm not sure whether pfSense configures the serial port for XON/XOFF - but I'd turn this off too.
Connecting two machines running the same terminal program back to back with the cable and settings you've listed should be instructive. If all is well, you should be able to type on one machine and see what you've typed on the other. When you're to that point, connect the cable to the pfSense machine and, so long as the serial console is enabled, all should be well. If you don't see anything, press Return a time or two.
The AT&F would only pop up if I plugged in the cable to a different port - so I think just a stray connection voltage would trigger it.
Late last night I ended up testing the one laptop I'd used to connect with pfsense with a second laptop, both running gtkterm (on Xubuntu) and the same serial cable (I'd checked all the pinouts against the 0-modem page link and it matched the other day, then rechecked the 2,3,5 per Eugene's last night and all ok). Anyway, the two laptops connected via the same cable and using gtkterm on both worked fine.. all typing from one machine went to the second while the second would go to the first, I tried with both local echo on/off for both and both settings worked as expected without issue.
So I went back to pfsense with a verified working cable and software setup and still nothing (serial console on pfsense is on). I pulled the video card and the machine wouldn't boot (checked BIOS for possible settings) - threw a BIOS beep.
I'm going to next try a couple of things… While I think I tried the Xon/Xoff you suggested, I'll recheck, then see if my Xubuntu 8.04 liveCD will boot on the machine (128MB) to run gtkterm and verify hardware (if not I'll try DSL, that has miniterm), probably a monowall liveCD, and if still nothing I'll set up a second pfsense box with two network cards.