next »

[storkus]

I have no idea what I'm doing wrong.  I see most people here having installations that will at least boot and run.

Unfortunately, I'm not one of them.  I've tried downloading the 1.2 RC4 ISO twice, once on my vista laptop (working on getting SlamD64 on it) and once on my older Slackware machine, and verified it against  md5 hash on the latter.  Everything checks that way.

Yet I can't get it to run!  It crashes in various places with various errors that vary between machines, and I've tried several.  On all but one of these (ironically, the one I wanted to use as the firewall!), DSL
(Damn Small Linux) boots and runs with no trouble.

Both images were downloaded from the Seattle mirror, if that makes any difference.

My second question is hopefully simpler: I work at a motel and we just want to keep the leechers out from next door so our guests can use our wireless system without the load being too high.  Since security isn't a huge issue, I was thinking of running some servers of my own and it would be ideal to put both the firewall and other daemons on a box running a full OS installation.  But the software on top of the firewall stuff in the daemon (the webGUI, captive portal, and so on) don't seem to be available separate from the stripped-down OS.   This also seems to be the case with m0n0wall and others.  Am I missing something?

Thanks for any help!

Mike

[mhab12]

You should be able to do everything you want with one box running a full install.  You can use the captive portal to keep the neighbors off your wireless, and could create a second network for your servers (VLANs and/or optional/extra interfaces).  The firewall functions would be on this box as well.

[Cry Havok]

Details of the hardware and crash messages might help.  However one simple test is to download the FreeBSD 6.3 disk one ISO and see if that installs.

[storkus]

Havok, I'll try the full install idea.  Also, considering the number of errors I've seen with rc4, I think I'll try an earlier version (probably rc2 since everyone seemed to be happy with that) and off a different mirror or the master server if I can, and preferably compressed in case our current router or something else along the way is mangling certain bytes in there (I've seen it before).

BTW, I don't know if it's in a FAQ, but one question I've had for a while: if pfSense runs on top of pf from OpenBSD, why did they put it on FreeBSD instead?

You should be able to do everything you want with one box running a full install.  You can use the captive portal to keep the neighbors off your wireless, and could create a second network for your servers (VLANs and/or optional/extra interfaces).  The firewall functions would be on this box as well.

I suspected I wrote that badly and now re-reading it and your response confirms it.  So let me try this again:

Our current network is an ADSL connection (I think, I'm not actually 100% sure because we also have a T-1 coming in here for our voice lines) going through a cheap Netgear router (the source of a lots of crashes as well) and then via 100base-T to 4 separate access points.  The leechers combined with the router's crashing all the time is what lead to this idea.

What I want to do is stick a box where the router is.  The firewall can be configured with the webGUI from our non-tech front desk staff (which is why that feature is so important) so that a guest wanting access can be given a temporary password when they check in while stopping the riff-raff at the captive portal (usually truckers parked in our lot without us knowing or at the hotel next door which, unlike us, charges for their wireless--ours is included with the room).

What I'd like to do extra for myself and the other techie guy here is also put some basic services up, preferably on the same box: DHCP (obviously a requirement), caching DNS, some file service, NTP, etc.
The problem is that "same box" part since every single one of these firewall packages comes on a liveCD with the OS and everything.  I just want to set up the OS and then drop pfSense or other firewall manager suite in as just another package running on top of a full-blown OS.  Since nothing on this network needs high security (the motel computers are on a completely separate network, even down to using a DirecPC/HughesNet satellite to get to the outside world!), I wouldn't think this would be much of a problem.  Except where can I get the software by itself to do that?  That's my question.

Thanks, Mike

P.S. That "file service" would be a BT client running niced all the way down and QoS'd at the firewall to the bottom setting.  I may also consider an MTA if we need it...

[mhab12]

The full install of pfSense - the iso version - is a full blown version of FreeBSD 6.2 (assuming you're downloading 1.2 RC4).  Again, everything you want to do can be done on one box.  We use pfsense as our firewall, transparent caching proxy, DNS, and captive portal.  The interface is very easy to use - a front desk type could create captive portal users with expiration dates very easily.  The only issue is that there is only one admin login, so they could manipulate other settings if they so desired.  There is an option to set expiration dates of Captive users.

As far as NTP, I'm not sure.  I just use NTP over the internet, but installing an NTP server on FreeBSD must be documented somewhere and is probably  as simple as 'pkg_add -r http://url-to-ntp-server'.

For BT, I can't say.  MTA, sure, but you'd have to configure/install yourself in FreeBSD.

Boot the 1.2 rc4 liveCD.  Choose your interfaces, let it start up, then choose 99 at the menu to install.  Get rid of that Netgear.  You could even add a third NIC and ditch your Hughes if you have the bandwidth for it via your DSL.  Good luck.

[Cry Havok]

BTW, I don't know if it's in a FAQ, but one question I've had for a while: if pfSense runs on top of pf from OpenBSD, why did they put it on FreeBSD instead?

Because the developers decided to go with FreeBSD I suspect

What I'd like to do extra for myself and the other techie guy here is also put some basic services up, preferably on the same box: DHCP (obviously a requirement), caching DNS, some file service, NTP, etc.
The problem is that "same box" part since every single one of these firewall packages comes on a liveCD with the OS and everything.  I just want to set up the OS and then drop pfSense or other firewall manager suite in as just another package running on top of a full-blown OS.  Since nothing on this network needs high security (the motel computers are on a completely separate network, even down to using a DirecPC/HughesNet satellite to get to the outside world!), I wouldn't think this would be much of a problem.  Except where can I get the software by itself to do that?  That's my question.

The point of pfSense is to be, effectively, a drop in solution.  It's not a "firewall manager", it's far more.

For your "add lots of stuff to it" solution, that's not the point of the firewall.  You'll find a thread about installing a bittorrent client onto pfSense and the developers views on that.  However, given that this is FreeBSD you can "just" add FreeBSD packages - though that's unsupported and may cause you problems.

You may find that going with FreeBSD and the fwbuilder or pfw ports suit your needs better.

[storkus]

Ok, here's an update: pfSense is working fine on a different box (the one the store owner wanted to sell me in the first place!).  The errors went away on that box when the 2nd NIC was installed and it boots without error on that machine.  The firewall is configured and running smoothly now!

The Netvista box wouldn't run with anything.  I'll play with that when I have time, but it's not a priority.

And pfSense still doesn't boot on my Acer Aspire 5520-5912 AMD Turion X2 laptop, "oopsing" and spilling registers while still in the boot loader.  I'm taking a wild guess it doesn't like 64 bit chips or laptop hardware, but I really have no idea since it doesn't even hit the kernel yet when this happens.

Thanks again to everyone for the help.  And as far as the thread on adding stuff, I'll make sure to read that later--maybe it is better, even on such a simple network as this, to run one machine as dedicated.

Mike