Embed Size (px)
DESCRIPTION
Installing pfSense
Citation preview
3/2/2014 Installing pfSense - PFSenseDocs
https://doc.pfsense.org/index.php/Installing_pfSense 1/15
Search
Personal tools
Log in
Installing pfSense
From PFSenseDocs
Contents
1 pfSense Installation and Configuration
2 Booting and Media2.1 Embedded
2.1.1 Special Information2.1.2 Writing the image
2.1.2.1 Windows2.1.2.2 Linux
2.1.2.3 PXE2.1.3 Booting pfSense the first time
2.2 Tutorial for setting up a PC-Engines WRAP2.3 LiveCD / Hard Drive
2.3.1 The Install option2.4 Virtual Machine Install
3 Initial pfSense configuration
3.1 Assigning Interfaces
3.1.1 VLANS
3.1.2 LAN, WAN, OPTx3.1.3 Auto Assign Procedure
4 Finishing steps
4.1 pfSense default configuration
4.2 Storing your configfile on a writable media4.3 Accessing the webgui
5 Installing pfSense to Hard Disk
6 Additional Information
3/2/2014 Installing pfSense - PFSenseDocs
https://doc.pfsense.org/index.php/Installing_pfSense 2/15
pfSense Installation and Configuration
This section will guide you through selecting your hardware, the initial pfSense configuration, and installing pfSense toyour hard drive
Booting and Media
Embedded
The embedded builds are made for embedded hardware platforms like the popular PC-Engines ALIX or WRAP andSoekris 4X01 amongst many other suitable platforms.
Before you begin with pfSense 1.2.3 NanoBSD images, you might want to check out the following articles:
1. NanoBSD on WRAP
2. ALIX BIOS Update Procedure
Special Information
1. Provided as flashable image (can be written to CF-Card, USB-Stick, harddisk, disk-on-module, ...)
2. Read-only filesystem due to limited write cycles of flash media, will only be mounted to write the configuration file
or for small, infrequent alterations.
3. Video and keyboard is disabled as some embedded systems don't have this hardware.
4. All console output is at COM1 and 9600 baud (use a nullmodem-cable to connect with a terminal emulation like
PuTTY, terraterm, or hyperterminal).
5. Package support starting with NanoBSD-based images for pfSense 1.2.3 and newer. Only for packages which
have been altered to work with limited writes.6. Small footprint: 512MB boot media is sufficient, 128MB for older (1.2.2 and earlier) embedded images.
Writing the image
You can download the embedded image from one of the pfSense mirrors (http://pfsense.com/mirror.php?section=downloads) .
Windows
When using a windows machine the easiest way to write your media is with physdiskwrite(http://m0n0.ch/wall/physdiskwrite.php) .
Place physdiskwrite and the pfSense image in the same folder. Attach the media you want to store pfSense on (i.e. CF-Reader and CF-Card). Then issue the following command:
physdiskwrite pfSense-1.2.3-RELEASE-xg-nanobsd.img.gz
Physdiskwrite will show you a numbered list of suitable devices (USB-stick, CF-cards in USB-readers, harddisks,...).Enter the number of the desired media.
3/2/2014 Installing pfSense - PFSenseDocs
https://doc.pfsense.org/index.php/Installing_pfSense 3/15
Linux
For Linux machines, use the built in dd (http://en.wikipedia.org/wiki/Dd_%28Unix%29) command from a terminal shell.Extract the downloaded gzipped archive first with unp (http://www.unixmen.com/unp-universel-file-extractor/) .
unp pfSense-1.2.3-RELEASE-xg-nanobsd.img.gz
If the convenience utility unp is not installed, use gunzip (http://en.wikipedia.org/wiki/Gzip#gunzip_and_zcat) instead.The img file is a raw copy of the target compact flash disk, including the partition table, mbr, boot sectors and filesystem. Write it to your media with dd.
dd if=pfSense-2.0.1-RELEASE-1g-i386-nanobsd.img of=/dev/sdz
You will need to amend if= (input file) when your downloaded file name varies. Destination of= (output file) is where theimage is written to. It should be a block device, and the first 1Gb will be overwritten. It is set to the seldom used sdz inthe above example, to prevent accidental overwrite if the command is pasted directly. Use df(http://en.wikipedia.org/wiki/Df_%28Unix%29) or lsusb to determine the device name for your compact flash.
WARNING
By choosing the wrong destination you might wipe one of your hard disks! Check and recheck your
selection again!!
PXE
Some Alix boards can PXE boot from the network. If you boot a sysresccd (http://www.sysresccd.org/Sysresccd-manual-en_PXE_network_booting) serial console image, you could then write the pfSense image to the compact flashwith the above steps, without having to physically remove it from the firewall device. You can auto start scriptsysresccd, and could therefore clean install and customize many firewall devices unattended.
Booting pfSense the first time
Before attempting to boot, if you are using NanoBSD (pfSense 1.2.3 or newer) on ALIX hardware, ensure you havethe latest BIOS (at least 0.99h) and set CHS mode in the BIOS.
After your media is successfully written, place it in your system as bootmedia. Check your BIOS to select the correctboot priority and configure the device.
If everything is configured correctly you should see the kernel beginning to load. At systems with VGA the output willstop displaying a "/" at the screen. From that point on all output is at COM1. Please check the bootup process there byusing a null modemcable and a terminal program.
The image has a default config that works with the ALIX and the SOEKRIS. With these platforms simply connect aclient to the LAN Interface and it gets an IP by DHCP. You can access pfSense at 192.168.1.1. Logon with user"admin" and password "pfsense". If you are using a direct connect from your client to the pfSense interface rememberthat you need a crossover cable.
For other systems please continue at "Initial pfSense configuration" as you most likely have to assign interfaces beforeyou can access pfSense's webgui.
3/2/2014 Installing pfSense - PFSenseDocs
https://doc.pfsense.org/index.php/Installing_pfSense 4/15
Tutorial for setting up a PC-Engines WRAP
A tutorial how to set up pfSense for a PC-Engines WRAP can be found here (http://pfsense.com/mirror.php?section=/tutorials/wrap_install/wrap_install.htm) .
LiveCD / Hard Drive
The LiveCD (http://pfsense.com/mirror.php?section=downloads) can be used to evaluate pfSense. You need a CD-Burner and a CD-Writing application that is capable of writing a CD from an iso file like i.e. the free CD Burner XP(http://cdburnerxp.se/) . A system with at least 2 NICs and a CDROM to boot from is needed. After bootup, you canchoose any detected usable media like (floppy, usb-stick, ...) to store your custom config on (Option 98 at the shellmenu). The LiveCD is searching on all available medias for the config file on bootup. This way you can run the systemfrom CD and config media only.
The Install option
At the same time the LiveCD is the installer which can setup pfSense to your hard disk. It's recommended that you firstconfigure pfSense before you run the installer (option 99 at the shell menu).
Virtual Machine Install
You can install pfSense in a VM, and use either entirely within the host (in which case you will not need any additionalNICs) or to connect to physical networks (when you will need extra NICs as you would for a normal installation).
There is a detailed guide to setting up pfSense under VMWare Server, running under Windows server 2003
Installing_pfSense_in_vmware_under_windows
There is also a guide to setting up pfSense under VMware ESXi 5.x at PfSense 2 on VMware ESXi 5
Initial pfSense configuration
Assigning Interfaces
The first time pfSense boots up it will ask you to assign the interfaces if it has not found a configfile or interfaceconfiguration is different from what was found in the config file.
VLANS
You now have the option to assign VLANs. If you don't need VLANs or don't know what VLANs are choose nohere. VLANs are optional and are only needed for advanced networking. You as well need VLAN-capable equipmentif you plan to use it. (better description and config steps still needed here)
LAN, WAN, OPTx
The first interface it asks you to assign is the LAN interface. If you know the interface you want to assign LAN to enterthe name of the interface like "fxp0" and hit enter.
The second interface you have to assign is the WAN interface. Enter the appropriate interface like "fxp1" and hit enteragain.
3/2/2014 Installing pfSense - PFSenseDocs
https://doc.pfsense.org/index.php/Installing_pfSense 5/15
You at least need two interfaces (LAN and WAN) to setup pfSense. If you have more interfaces available you can goon and assign them as OPTx interfaces. The procedure is the same like for the already assigned interfaces.
Auto Assign Procedure
There is another procedure to assign interfaces which is especially designed if your nics are all of the same kind and youdon't know which physical nic matches which detected nic as they all then will appear for example as fxpX. In this caseyou simply can enter "a" when you are asked for the nic name. pfSense now is waiting for a linkup event at one of thenics. Just plug in a cable to the nic you want to assign and wait for the link light to turn on at the nic. Hit enter after that.pfSense has detected the linkup and you can continue with the next interface.
If you have no more interfaces left just hit enter without entering a NIC name and apply the settings by confirming themwith "y".
Finishing steps
pfSense now will make the finishing touches to configure the interfaces.
After it went through the configuration you'll end up with a shell menu and a number of options. pfSense now is ready tobe accessed at the interface you assigned as LAN with the webgui.
3/2/2014 Installing pfSense - PFSenseDocs
https://doc.pfsense.org/index.php/Installing_pfSense 6/15
pfSense default configuration
By default pfSense will have the following configuration.
WAN is configured as DHCP client, all incoming connections are blocked by default.
LAN is configured at 192.168.1.1/24 and acts as DHCP-Server and offers a DNS-forwarder.OPTx interfaces are disabled, you have to enable and configure them at the webgui.
WebGUI runs at port 80, username is "admin", password "pfsense".
SSH is disabled.
Storing your configfile on a writable media
If you are planning to run the LiveCD with a writable configmedia run option 98 to assign the drive that should hold yourconfigfile. The LiveCD will browse all available medias on bootup for a valid configfile and use it if found.
Accessing the webgui
You now should modify the configuration to fit your needs at the webgui. Make sure your client got an IP and use yourfavourite browser to access http://192.168.1.1 using "admin" as user and "pfsense" as password. The easiest way to gothrough all the basic settings is to run the setup wizard that can be found in the webgui-menu at System>Setup Wizard.
Installing pfSense to Hard Disk
If you are satisfied and want to setup pfSense to your hard drive run option 99 from the shell menu now. Theconfiguration you did will be transferred to the hard drive by the installer.
3/2/2014 Installing pfSense - PFSenseDocs
https://doc.pfsense.org/index.php/Installing_pfSense 7/15
(Basically you can run through the installer by just accepting all suggestions the installer is offering)
First you get some settings to localize your keyboard or change your console appearance. Change what you need orjust go one by accepting the settings.
3/2/2014 Installing pfSense - PFSenseDocs
https://doc.pfsense.org/index.php/Installing_pfSense 8/15
Next pfSense will present a list with detected suitable installmedias to you. Please make sure you are not accidentlyoverwriting data you still need. It's recommended to have a dedicated media only for your install. Any otherconstelations are not officially supported. Choose your media and hit enter to continue.
You should format the disk to prepare it for the installation. Beware this will whipe your entire media!
3/2/2014 Installing pfSense - PFSenseDocs
https://doc.pfsense.org/index.php/Installing_pfSense 9/15
At the next step pfSense will show you the detected drive geometry. You should leave this the way it was detected aslong as you don't run into any troubles while installing with these settings. In case you get errors try to alter your biossettings befor manually entering values here. Setting your drive from auto to lba or chs in bioas already might help todetect the right settings.
Now you are at the point of no return: Only hit "Format xxX" if you are really sure there is no valuable dataleft at this media!
3/2/2014 Installing pfSense - PFSenseDocs
https://doc.pfsense.org/index.php/Installing_pfSense 10/15
The media is now prepared to continue with partitioning. Just hit enter to move on.
pfSense suggests using the complete space of your drive for the installation. You usually should just keep this setting andmove on to the next step.
3/2/2014 Installing pfSense - PFSenseDocs
https://doc.pfsense.org/index.php/Installing_pfSense 11/15
In case your partitioning was the same like before as this is a reinstall confirm the changes.
You typically can confirm the following step. If you encounter problems with the bootloader after the installation is donererun the installation and check "Packet mode" at this screen.
3/2/2014 Installing pfSense - PFSenseDocs
https://doc.pfsense.org/index.php/Installing_pfSense 12/15
Select the just created partition as target for your installation.
Confirm this step. In case you skipped the above settings this is the point where your data on the media will beoverwritten.
3/2/2014 Installing pfSense - PFSenseDocs
https://doc.pfsense.org/index.php/Installing_pfSense 13/15
pfSense suggests a setting for your subpartitioning now which you usually should just keep.
After accepting the above settings pfSense is starting to transfer the system to the prepared media.
3/2/2014 Installing pfSense - PFSenseDocs
https://doc.pfsense.org/index.php/Installing_pfSense 14/15
You will be asked after a short time to remove the CD and reboot the system to boot your new install.
The system is now going down for reboot and your installation is finished
3/2/2014 Installing pfSense - PFSenseDocs
https://doc.pfsense.org/index.php/Installing_pfSense 15/15
Additional Information
For additional information on Installing pfSense, see the page Category:Installation.
Retrieved from "https://doc.pfsense.org/index.php?title=Installing_pfSense&oldid=5415"
Categories: Documentation Installation
Privacy policy About PFSenseDocs Disclaimers
This page was last modified on 9 October 2013, at 09:20. This page has been accessed 485,377 times.
