Friday, August 31, 2007

install pfsense on a CF card

Having just gone through my first pfsense & m0n0wall installation *yawn* I thought I would share and record this before I forget. Installing pfsense on a compact flash can be pain since the embedded images are meant to be used on a small appliance device that doesn't have VGA support. You will hear the line that it supports serial access only.

If you try to boot up a CF card with the regular embedded image you will get a message that looks like this:

Searching for Boot Record from IDE-0..OK

BTX Loader 1.00 BTX version is 1.01 Consoles: internal video/keyboard BIOS drive C: is disk0 BIOS 639KB/257024kB available memory

FreeBSD/i386 bootstrap loader, Revision 1.1 (sullrich@builder.livebsd.com, Sun Oct 29 01:30:00 UTC 2006) Loading /boot/defaults/loader.conf /

and then it hangs. It is actually working in the background, just not echoed to the screen.

In order to get pfsense onto your compact flash card with vga support you will need a 3rd party modified version of the image. Hacom is currently a source for those images:

Network Appliances \ pfSense Appliances \ pfSense Firewall Software

When you get there, you will see file names like this:

You will notice that there are several version of each firmware:

pfSense-1.2-RC2-1gb-ad0.img.gz

The first part is the firmware version, in this case it's version 1.2 RC2.

pfSense-1.2-RC2-1gb-ad0.img.gz

The second portion is the the size of the compact flash card you will be using not RAM (e.g.128, 256, 512, 1gb). The example is for a 1 GB memory card. They have already expanded the images to make up to that size usable, I'm guessing this is much the way a Tivo hard drive upgrade works).

pfSense-1.2-RC2-1gb-ad0.img.gz

The next part is the location of the CF card on your IDE chain (e.g. ad0, ad2, da0). I'm no expert but I believe this is what they mean:

  • ad0: primary master IDE (/dev/ad0)
  • ad1: primary slave IDE (/dev/ad1)
  • ad2: secondary master IDE (/dev/ad2)
  • ad3: secondary slave IDE (/dev/ad3)
  • da0: USB memory stick (/dev/da0)

and the final section just shows that it is a gzipped image.

To write these onto a compact flash card, unzip them and use physdiskwrite.

http://m0n0.ch/wall/physdiskwrite.php

  1. Connect your compact flash to your computer.
  2. save phydiskwrite.exe and the ungzipped pfsense image (pfSense-1.2-RC2-1gb-ad0.img) to the same directory
    • c:\temp\phydiskwrite.exe
    • c:\temp\pfSense-1.2-RC2-1gb-ad0.img
  3. open DOS window
    • start > run > cmd
  4. navigate to the directory
    • c:
    • cd \temp
  5. start phydiskwrite
    • phydiskwrite pfSense-1.2-RC2-1gb-ad0.img
    • if the image file you're writing to the compact flash card is larger than 2GB then you may need to use the "-u" switch. Currently 1Gb is the largest size downloadable.
      • phydiskwrite -u pfSense-1.2-RC2-1gb-ad0.img
  6. phydiskwrite will now ask for which device to write to. If you pick the wrong one you could over write your hard drive. Make absolutely sure before you select one.
    • Roadkil's Disk Image is another utility to write an image and is GUI based, it looks friendlier than phydiskwrite, but I haven't used it before. Try at your own risk.
  7. Get those thumbs twiddling. If you are writing the 1GB image, it will take a looooooong time, over an hour.
  8. Properly drop the compact flash using the Safely Disconnect Hardware utility in your system tray.
  9. YOU'RE DONE!!!!!!!!!!!
Sept 20, 2007: Just an update that everything is amazingly still working great!

1 comment:

Trav said...

heres you a new link for downloads...
http://www.hacom.net/catalog/pub/pfsense/