Any PFsense on a Nokia IP290?
-
I got myself a Nokia IP290 as a leftover from a pile of equipment. I have fiddled around a bit to get PFsens running on it, but run in to a blocking issue.
Preparing the unit is fairly standard: put a PFsense image on a CF card and console to serial. But when booting, PFsense doesn't seem to recognize any of the six 1gbe interfaces due to missing MAC addresses. I found some old references to the same issue, it seems that the MAC addresses of the interfaces are assigned by the software, rather than the ROM of the network chips. In one of those references I found that there was a hacked BSD driver set created in which MAC addresses were assigned by the driver that PFsense uses. I can't find that driver set anywhere. Tried spoofmac, no win. Is there still someone who knows what I'm talking about? I'll place the links and nicks concerning tomorrow. Many thanks in advance!
[Edit]
http://forum.m0n0.ch/forum/topic,5596.0.html for m0n0wall, but explains the issue
https://forum.pfsense.org/index.php?topic=41629.0 claims to be working, couldn't get it to work -
I've experienced the same problems when installing Pfsense 2.2.6. The six onboard 1gbe interfaces doesn't came up because the invalid MAC address. Ther is also the possibility to add en expansion card ( 4 x 1gbe). These NICs are detected correctly and came up (they have a valid MAC) BUT regardless they doesn't seem to work correctly. Can't ping anything in the network.
I hope someone can help finding the problem or got an useful hint where to look. Maybe a new driver could fix the problem.
-
So I had similar fun with a Nokia IPxxx box a few weeks back. I gave up on it, as it was only 10/100, but having seen a number of posts revolving around the same issue, my guess is that the Nokia software works the same on multiple bits of hardware.
I think the Checkpoint/Nokia software assigns the NICs a MAC address, thus in pFsense, you have to do the same.
I got the box installed, looked on the unit for a MAC address and then incremented the final digit by one a few times to give me the four MAC addresses I needed.
if you dive into the shell, open up your /conf/config.xml in the editor.
You can then add a line like this:<spoofmac>aa:bb:cc:dd:ee:ff</spoofmac>
within each interfaces configuration. I saw the same behavior (saw the NICs, couldn't ping/route traffic), and I put it down to the fact that the software can't figure out which interface the packets arrived on/where any replies should be sent.
Let me know if you need further pointers, I can probably find the unit again and put together a few pictures
-
Thanks for the Info olobley. I'm at a point where I'm running out of ideas what else I can do, to get the interfaces up and running.
I've tried different thinks found by google.Already tested older versions (1.2.2 and 2.0) of pfsense, but all have the same problem.
Tuning different parameters didn't change anything. What I've tested so far:
- hw.pci.enable_msix=0
- hw.pci.enable_msi=0
- Disable checksumming ("ifconfig em0 -rxcsum")
- kern.ipc.nmbclusters="655356"
What I noticed: Running wireshark on my host and initiate a ping from the pfsense I see the "ARP Request" and the "ARP Reply" but no ICMP paket from pf.
Has anyone an idea what else I can do?
-
I know this topic is a little old now, but just wondering whether you've made any progress with this? I found one in a pile of junk at work, and haven't had a chance to play with it yet (and won't now for a month or so). I've seen another post which suggests it does, but without much detail at all.
Thanks
-
Tl;DR: installs & runs right out of the box on 2.3.2
I was expecting a difficult road to get this running. Having spent my 3 months on secondment in a small country town, 800km away from my IP290, I began doing what research I could, and obtaining the parts I was going to need to get this running. I expected it to be largely a problem with the Intel NIC drivers, so had planned exactly how I was going to accomplish driver development on a system that boots from compact flash. I now am in the possession of a number of CF cards, as well as a wifi SD card, which I had intended to hack to allow me to replace the drivers wirelessly, rather than swapping out CF cards.
I started out by accidentally writing the installer to my test CF card. As the boot messages scrolled by, I noted that each NIC interface was acquiring a unique MAC address. Which was the major problem I was expecting to need to solve. Once I figured out that I needed to write the nanobsd version instead, it became a working system, without lifting a single finger other than to walk through the wizard. No configuration changes, no source code modifications, no compilation. A rather anticlimactic job. My device doesn't seem to be particularly new (it came with IPSO 4.2, which I couldn't access without the password, and I couldn't reset it), so I don't think there's any changes which would have been made to this.
I've not really had much of a chance to put it through it's paces (Sunday Wing Night!) but so far, I can access the web interface on the device now that it's racked up. Flip around a few ethernet cables, and it'll take over as the router for my homelab, and eventually the home network. Looking forward to seeing how well it handles 100/40mbps with VPN…
So perhaps, like the post I linked to in my previous post, it just works. Maybe try the newest version??
-
Hey @seniorpine,
I have the exact same device, and I'm tryin with nanobsd version, but still no luck!
Did you just wrote the installer to your CF and installed to the HDD from it? If so I will also try that.
I just want to use this box as the firewall in our office.