7/30/2019 Pfsense Server

1/16

This section will guide you through selecting your hardware, the initial pfSense configuration, andinstalling pfSense to your hard drive

Booting and Media

EmbeddedThe embedded builds are made for embedded hardware platforms like the popular PC-Engines ALIX orWRAP and Soekris 4X01 amongst many other suitable platforms.

Before you begin with pfSense 1.2.3 NanoBSD images, you might want to check out the followingarticles:

1. NanoBSD on WRAP2. ALIX BIOS Update Procedure

Special Information

1. Provided as flashable image (can be written to CF-Card, USB-Stick, harddisk, disk-on-module,...)

2. Read-only filesystem due to limited write cycles of flash media, will only be mounted to write theconfiguration file or for small, infrequent alterations.

3. Video and keyboard is disabled as some embedded systems don't have this hardware.4. All console output is at COM1 and 9600 baud (use a nullmodem-cable to connect with a terminal

emulation like PuTTY, terraterm, or hyperterminal).

5. Package support starting with NanoBSD-based images for pfSense 1.2.3 and newer. Only forpackages which have been altered to work with limited writes.

6. Small footprint: 512MB boot media is sufficient, 128MB for older (1.2.2 and earlier) embeddedimages.

Writing the image

You can download the embedded image from one of the pfSense mirrors.

Windows

When using a windows machine the easiest way to write your media is with physdiskwrite.

Place physdiskwrite and the pfSense image in the same folder. Attach the media you want to storepfSense on (i.e. CF-Reader and CF-Card). Then issue the following command:

physdiskwrite pfSense-1.2.3-RELEASE-xg-nanobsd.img.gz

Physdiskwrite will show you a numbered list of suitable devices (USB-stick, CF-cards in USB-readers,

harddisks,...). Enter the number of the desired media.Linux

For Linux machines, use the built in dd command from a terminal shell. Extract the downloaded gzippedarchive first withunp.

unp pfSense-1.2.3-RELEASE-xg-nanobsd.img.gz

http://doc.pfsense.org/index.php/NanoBSD_on_WRAPhttp://doc.pfsense.org/index.php/ALIX_BIOS_Update_Procedurehttp://pfsense.com/mirror.php?section=downloadshttp://m0n0.ch/wall/physdiskwrite.phphttp://en.wikipedia.org/wiki/Dd_%28Unix%29http://www.unixmen.com/unp-universel-file-extractor/http://www.unixmen.com/unp-universel-file-extractor/http://en.wikipedia.org/wiki/Dd_%28Unix%29http://m0n0.ch/wall/physdiskwrite.phphttp://pfsense.com/mirror.php?section=downloadshttp://doc.pfsense.org/index.php/ALIX_BIOS_Update_Procedurehttp://doc.pfsense.org/index.php/NanoBSD_on_WRAP

7/30/2019 Pfsense Server

2/16

If the convenience utility unp is not installed, use gunzip instead. The img file is a raw copy of the targetcompact flash disk, including the partition table, mbr, boot sectors and file system. Write it to your media

with dd.

dd if=pfSense-2.0.1-RELEASE-1g-i386-nanobsd.img

of=/dev/sdz

You will need to amend if= (input file) when your downloaded file name varies. Destination of= (outputfile) is where the image is written to. It should be a block device, and the first 1Gb will be overwritten. Itis set to the seldom used sdz in the above example, to prevent accidental overwrite if the command is

pasted directly. Use dfor lsusb to determine the device name for your compact flash.

WARNING

By choosing the wrong destination you might wipe one of your hard disks! Check and recheck yourselection again!!

PXE

Some Alix boards can PXE boot from the network. If you boot a sysresccd serial console image, youcould then write the pfSense image to the compact flash with the above steps, without having to

physically remove it from the firewall device. You can auto start script sysresccd, and could therefore

clean install and customize many firewall devices unattended.

Booting pfSense the first time

Before attempting to boot, if you are using NanoBSD (pfSense 1.2.3 or newer) on ALIX hardware, ensureyou have the latest BIOS (at least 0.99h) and set CHS mode in the BIOS.

After your media is successfully written, place it in your system as bootmedia. Check your BIOS to select

the correct boot priority and configure the device.

If everything is configured correctly you should see the kernel beginning to load. At systems with VGAthe output will stop displaying a "/" at the screen. From that point on all output is at COM1. Please checkthe bootup process there by using a null modemcable and a terminal program.

The image has a default config that works with the ALIX and the SOEKRIS. With these platforms simplyconnect a client to the LAN Interface and it gets an IP by DHCP. You can access pfSense at 192.168.1.1.Logon with user "admin" and password "pfsense". If you are using a direct connect from your client to the

pfSense interface remember that you need a crossover cable.

For other systems please continue at "Initial pfSense configuration" as you most likely have to assign

interfaces before you can access pfSense's webgui.

Tutorial for setting up a PC-Engines WRAP

A tutorial how to set up pfSense for a PC-Engines WRAP can be found here.

LiveCD / Hard Drive

The LiveCD can be used to evaluate pfSense. You need a CD-Burner and a CD-Writing application that

is capable of writing a CD from an iso file like i.e. the free CD Burner XP. A system with at least 2 NICsand a CDROM to boot from is needed. After bootup, you can choose any detected usable media like(floppy, usb-stick, ...) to store your custom config on (Option 98 at the shell menu). The LiveCD issearching on all available medias for the config file on bootup. This way you can run the system from CDand config media only.

http://en.wikipedia.org/wiki/Gzip#gunzip_and_zcathttp://en.wikipedia.org/wiki/Df_%28Unix%29http://www.sysresccd.org/Sysresccd-manual-en_PXE_network_bootinghttp://pfsense.com/mirror.php?section=/tutorials/wrap_install/wrap_install.htmhttp://pfsense.com/mirror.php?section=downloadshttp://cdburnerxp.se/http://doc.pfsense.org/index.php/File:Important30.pnghttp://doc.pfsense.org/index.php/File:Important30.pnghttp://doc.pfsense.org/index.php/File:Important30.pnghttp://doc.pfsense.org/index.php/File:Important30.pnghttp://cdburnerxp.se/http://pfsense.com/mirror.php?section=downloadshttp://pfsense.com/mirror.php?section=/tutorials/wrap_install/wrap_install.htmhttp://www.sysresccd.org/Sysresccd-manual-en_PXE_network_bootinghttp://en.wikipedia.org/wiki/Df_%28Unix%29http://en.wikipedia.org/wiki/Gzip#gunzip_and_zcat

7/30/2019 Pfsense Server

3/16

The Install option

At the same time the LiveCD is the installer which can setup pfSense to your hard disk. It's recommended

that you first configure pfSense before you run the installer (option 99 at the shell menu).

Virtual Machine Install

You can install pfSense in a VM, and use either entirely within the host (in which case you will not need

any additional NICs) or to connect to physical networks (when you will need extra NICs as you would fora normal installation). There is a detailed guide to setting up pfSense under VMWare server, runningunder Windows server 2003Installing_pfSense_in_vmware_under_windows

Initial pfSense configurationAssigning Interfaces

The first time pfSense boots up it will ask you to assign the interfaces if it has not found a configfile orinterface configuration is different from what was found in the config file.

VLANS

You now have the option to assign VLANs. If you don't need VLANs or don't know what VLANs arechoose no here. VLANs are optional and are only needed for advanced networking. You as well need

VLAN-capable equipment if you plan to use it. (better description and config steps still needed here)

LAN, WAN, OPTx

The first interface it asks you to assign is the LAN interface. If you know the interface you want to assignLAN to enter the name of the interface like "fxp0" and hit enter.

The second interface you have to assign is the WAN interface. Enter the appropriate interface like "fxp1"

and hit enter again.

You at least need two interfaces (LAN and WAN) to setup pfSense. If you have more interfaces available

you can go on and assign them as OPTx interfaces. The procedure is the same like for the already

assigned interfaces.Auto Assign Procedure

There is another procedure to assign interfaces which is especially designed if your nics are all of thesame kind and you don't know which physical nic matches which detected nic as they all then will appearfor example as fxpX. In this case you simply can enter "a" when you are asked for the nic name. pfSensenow is waiting for a linkup event at one of the nics. Just plug in a cable to the nic you want to assign and

wait for the link light to turn on at the nic. Hit enter after that. pfSense has detected the linkup and youcan continue with the next interface.

If you have no more interfaces left just hit enter without entering a NIC name and apply the settings by

confirming them with "y".

Finishing stepspfSense now will make the finishing touches to configure the interfaces.

http://doc.pfsense.org/index.php/Installing_pfSense_in_vmware_under_windowshttp://doc.pfsense.org/index.php/Installing_pfSense_in_vmware_under_windows

7/30/2019 Pfsense Server

4/16

After it went through the configuration you'll end up with a shell menu and a number of options. pfSensenow is ready to be accessed at the interface you assigned as LAN with the webgui.

http://doc.pfsense.org/index.php/File:Pfsense_main_menu.pnghttp://doc.pfsense.org/index.php/File:Typical_pfsense_boot.pnghttp://doc.pfsense.org/index.php/File:Pfsense_main_menu.pnghttp://doc.pfsense.org/index.php/File:Typical_pfsense_boot.png

7/30/2019 Pfsense Server

5/16

pfSense default configuration

By default pfSense will have the following configuration.

WAN is configured as DHCP client, all incoming connections are blocked by default. LAN is configured at 192.168.1.1/24 and acts as DHCP-Server and offers a DNS-forwarder. OPTx interfaces are disabled, you have to enable and configure them at the webgui. WebGUI runs at port 80, username is "admin", password "pfsense". SSH is disabled.Storing your configfile on a writable media

If you are planning to run the LiveCD with a writable configmedia run option 98 to assign the drive thatshould hold your configfile. The LiveCD will browse all available medias on bootup for a valid configfileand use it if found.

Accessing the webgui

You now should modify the configuration to fit your needs at the webgui. Make sure your client got an IP

and use your favourite browser to access http://192.168.1.1 using "admin" as user and "pfsense" aspassword. The easiest way to go through all the basic settings is to run the setup wizard that can be foundin the webgui-menu at System>Setup Wizard.

Installing pfSense to Hard DiskIf you are satisfied and want to setup pfSense to your hard drive run option 99 from the shell menu now.The configuration you did will be transferred to the hard drive by the installer.

(Basically you can run through the installer by just accepting all suggestions the installer is

offering)

http://192.168.1.1/http://192.168.1.1/

7/30/2019 Pfsense Server

6/16

First you get some settings to localize your keyboard or change your console appearance. Change whatyou need or just go one by accepting the settings.

http://doc.pfsense.org/index.php/File:Pfsense_initial_installer_screen.pnghttp://doc.pfsense.org/index.php/File:Pfsense_main_menu.pnghttp://doc.pfsense.org/index.php/File:Pfsense_initial_installer_screen.pnghttp://doc.pfsense.org/index.php/File:Pfsense_main_menu.png

7/30/2019 Pfsense Server

7/16

Next pfSense will present a list with detected suitable installmedias to you. Please make sure you are notaccidently overwriting data you still need. It's recommended to have a dedicated media only for your

install. Any other constelations are not officially supported. Choose your media and hit enter to continue.

You should format the disk to prepare it for the installation. Beware this will whipe your entire media!

http://doc.pfsense.org/index.php/File:Installer_select_a_disk.png

7/30/2019 Pfsense Server

8/16

At the next step pfSense will show you the detected drive geometry. You should leave this the way it wasdetected as long as you don't run into any troubles while installing with these settings. In case you geterrors try to alter your bios settings befor manually entering values here. Setting your drivefrom auto to lba orchs in bioas already might help to detect the right settings.

http://doc.pfsense.org/index.php/File:Installer_format_this_disk.png

7/30/2019 Pfsense Server

9/16

Now you are at the point of no return: Only hit "Format xxX" if you are really sure there is no

valuable data left at this media!

http://doc.pfsense.org/index.php/File:Installer_about_to_format_proceed.pnghttp://doc.pfsense.org/index.php/File:Installer_select_geometry.pnghttp://doc.pfsense.org/index.php/File:Installer_about_to_format_proceed.pnghttp://doc.pfsense.org/index.php/File:Installer_select_geometry.png

7/30/2019 Pfsense Server

10/16

The media is now prepared to continue with partitioning. Just hit enter to move on.

pfSense suggests using the complete space of your drive for the installation. You usually should just keepthis setting and move on to the next step.

http://doc.pfsense.org/index.php/File:Installer_partition_disk.png

7/30/2019 Pfsense Server

11/16

In case your partitioning was the same like before as this is a reinstall confirm the changes.

http://doc.pfsense.org/index.php/File:Installer_partition_anyway.pnghttp://doc.pfsense.org/index.php/File:Installer_edit_partitions.pnghttp://doc.pfsense.org/index.php/File:Installer_partition_anyway.pnghttp://doc.pfsense.org/index.php/File:Installer_edit_partitions.png

7/30/2019 Pfsense Server

12/16

You typically can confirm the following step. If you encounter problems with the bootloader after theinstallation is done rerun the installation and check "Packet mode" at this screen.

Select the just created partition as target for your installation.

http://doc.pfsense.org/index.php/File:Installer_install_bootblocks.png

7/30/2019 Pfsense Server

13/16

Confirm this step. In case you skipped the above settings this is the point where your data on the mediawill be overwritten.

http://doc.pfsense.org/index.php/File:Installer_are_you_sure.pnghttp://doc.pfsense.org/index.php/File:Installer_select_a_partition_for_install.pnghttp://doc.pfsense.org/index.php/File:Installer_are_you_sure.pnghttp://doc.pfsense.org/index.php/File:Installer_select_a_partition_for_install.png

7/30/2019 Pfsense Server

14/16

pfSense suggests a setting for your subpartitioning now which you usually should just keep.

After accepting the above settings pfSense is starting to transfer the system to the prepared media.

http://doc.pfsense.org/index.php/File:Installer_executing_commands_41.pnghttp://doc.pfsense.org/index.php/File:Installer_select_subpartitions.pnghttp://doc.pfsense.org/index.php/File:Installer_executing_commands_41.pnghttp://doc.pfsense.org/index.php/File:Installer_select_subpartitions.png

7/30/2019 Pfsense Server

15/16

You will be asked after a short time to remove the CD and reboot the system to boot your new install.

The system is now going down for reboot and your installation is finished

http://doc.pfsense.org/index.php/File:Pfsense_is_now_rebooting_after_installation.pnghttp://doc.pfsense.org/index.php/File:Installer_reboot.pnghttp://doc.pfsense.org/index.php/File:Pfsense_is_now_rebooting_after_installation.pnghttp://doc.pfsense.org/index.php/File:Installer_reboot.png

7/30/2019 Pfsense Server

16/16

Additional Information