Netgate SG-1000 microFirewall

Author Topic: Questions about LiveCD and other bits...  (Read 4319 times)

0 Members and 1 Guest are viewing this topic.

Offline Aussie_Bear

  • Jr. Member
  • **
  • Posts: 35
  • Karma: +0/-0
    • View Profile
Questions about LiveCD and other bits...
« on: November 22, 2005, 11:34:53 pm »
I'm testing out pfSense 0.94.4 LiveCD version with the following system...

Celeron 1.2Ghz
512MB RDRAM
Sony 50x CD-ROM
3x Intel i82559 NICs
Sony Floppy drive
15inch LCD (initial setup only)
Cheapo keyboard (initial setup only)

I've assigned the following.
fxp0 => LAN
fxp1 => WAN
fxp2 => OPT1 (which I'll re-designate as WAN 2)

The problem is, after when I've done all the initial configuration setting up the NICs and
assigning the LAN IP to what I want (using static IP) with the keyboard.

I try to : "move the configuration file to removable device", floppy (fd0) in this case,
by selecting option 98. I get an error message that quickly blows by.

Processing: moving...removing old...linking...done.
You're configuration has been moved to fd0

Warning: file_get_contents(/cf/cinf/config.xml): failed to open stream:
No such file or directory in /etc/inc/config.inc on line 68


Question 1a : Is there a way to save the configuration onto floppy like M0n0Wall?
Question 1b : If not, I'm assuming you need a hard disk or Compact Flash or some other storage solution?

Reason is because the current firewall that I'm using (non-test box)
is a really old Pentium 150Mhz with 48MB, using M0n0Wall ver 1.2.

I just wanna have one box handling 2 ISPs instead of two.
I don't wish to load balance, but do some manual routing.

Question 2 : Would pfSense work with this low end hardware?

Question 3 : I'm a bit of a network newbie and I'm not quite familiar with the way pfSense handles
Multi-WAN (non load-balancing setup)...Is there a guide to how I go about doing this?


Network setup currently looks like this...

     ISP 1                          ISP 2
       |                                 |
     FW 1                           FW 2
       \                                 /
        \                               /
         \                             /
          \                           /
           \                         /
            \                       /
             \                     /
              \                   /
               \                 /
               ========
               |    Switch   |
               ========
                       |
                       |
               A bunch of PCs

FW 1
WAN : DHCP
LAN : 192.168.0.1
Subnet Mask : 255.255.255.0

FW 2
WAN : DHCP
LAN : 192.168.0.2
Subnet Mask : 255.255.255.0

PC 1 to 5 (Mainly Windows boxes)
NIC : 192.168.0.3 to 192.168.0.8
DNS : (Whatever the ISP 1 or 2 is)
DNS suffix : (Whatever the ISP 1 or 2 is)

Any opinions?

Offline colin_

  • Newbie
  • *
  • Posts: 15
  • Karma: +0/-0
    • View Profile
Re: Questions about LiveCD and other bits...
« Reply #1 on: November 23, 2005, 02:22:01 pm »
I try to : "move the configuration file to removable device", floppy (fd0) in this case,
by selecting option 98. I get an error message that quickly blows by.

Processing: moving...removing old...linking...done.
You're configuration has been moved to fd0

Warning: file_get_contents(/cf/cinf/config.xml): failed to open stream:
No such file or directory in /etc/inc/config.inc on line 68


Whoops, looks like there are a few typos in config.inc. I'll take care of these when I get home if someone else hasn't already.

Reason is because the current firewall that I'm using (non-test box)
is a really old Pentium 150Mhz with 48MB, using M0n0Wall ver 1.2.

I would suggest picking up a nicer system for this sort of thing - 48MB of RAM is pretty minimal, and you won't get much performance out of something that slow.

Question 3 : I'm a bit of a network newbie and I'm not quite familiar with the way pfSense handles
Multi-WAN (non load-balancing setup)...Is there a guide to how I go about doing this?

I don't run multi-WAN, so I'll punt this to the other developers.

Offline hoba

  • Hero Member
  • *****
  • Posts: 5837
  • Karma: +8/-0
  • What was the problem to this solution again?
    • View Profile
    • pfSense
Re: Questions about LiveCD and other bits...
« Reply #2 on: November 23, 2005, 03:27:39 pm »
I agree with colin, this is pretty low end and at least the ram has to be upgraded but a bit more horsepower is suggested as well. pfSense supports policy based routing, so you can specify what traffic goes out which wan by creating rules for that traffic and selecting the apropriate gateway. You also need a gateway entry at the optional wan interface and correct nat rules.

I got a howto today about setting up multiwan. I have to review it first and convert it to pdf. Check the tutorial section at pfsense.com from time to time. It should appear there soon.

Offline Aussie_Bear

  • Jr. Member
  • **
  • Posts: 35
  • Karma: +0/-0
    • View Profile
Re: Questions about LiveCD and other bits...
« Reply #3 on: November 24, 2005, 12:36:48 am »
Awesome, thanks for your (and whoever contributed) efforts...
(Regarding the Multi-WAN situation)



Well, a few comments on the low-end system.
It seems to handle pfSense...Just barely.

Sometimes I get the box killing a process due to "lack of swap space"
(The WebGUI would load halfway through something and stop...
But if you refresh, its OK again).

So yes, I think you need 64MB.
(pfSense system status screen says about 70% RAM used when under
load, and 59% when idle).

48MB RAM is possible, but I don't recommend it.
I guess I need to hunt for some old EDO or PC66 SDRAM modules.
(Maybe get a PowerLeap CPU upgrade adaptor to bring this old box
up to a 400Mhz K6-2 setup?)

I used the low-end box on a 10Mbit Cable, and it seems fine, as I'm
getting full speed...Not sure of two 10Mbit lines though...Time will tell.

A bit of a side question...
The chipset the mobo has is an Intel 430VX. This does not
allow for more than 64MB RAM to be cacheable. Its total capacity is 128MB RAM.

Would this affect pfSense performance if it were to reside in the non-cacheable
area of memory?


I'm asking this as I'm not sure how BSD works under this scenario.
(I know Windows would load into the upper regions when the RAM is non-cacheable
and this would cause performance issues).

My other box would be to use an EPIA PD10000...Which would be more
than enough grunt for what I want to use a multi-wan firewall solution for.