Project:Sandbox

Title: Soekris 6501 USB Flash installation

This Howto shows a way to install pfSense on the Soekris net6501 using the embedded image on a USB flash. The setup is for a typical WiFi home router with all LAN ports including WiFi acting as a switch (bridge).

Hardware used

 * Soekris net6501-50 with case (CPU: Intel Atom E6xx 1000 Mhz, 1GB Ram, 4x Intel 82574IT Gigabit Ethernet, PCIe)
 * Power Supply
 * Sandisk 8GB Cruzer Fit USB Drive
 * Null-modem cable
 * D-Link DWA-556 Wireless N PCIe Desktop Adapter
 * A computer with ethernet and serial port/usb2serial adapter

Wireless
Before deciding to buy a wifi card, do some research. Even though a card is reported to be working, a later revision of the card might use a different chipset. Some people advice to use a dedicated Wireless Access Point.

FreeBSD 8.x doesn't support 802.11N which pfSense 2.01 (and later 2.1) is based upon.


 * 
 * http://wiki.freebsd.org/WiFi
 * Status of Atheros Wifi Hardware

DWA-556
This card uses the Atheros 5416 chipset.

It will only work in b-mode.

Trying g-mode gives the following error ath0: unable to reset hardware; hal status 14

Prepare boot media
Image used in this Howto: pfSense-2.0.1-RELEASE-4g-i386-nanobsd.img

Copy image to USB flash according to this document: HOWTO Install pfSense

See this for alternate copy method on Windows: Installing from USB drive in Windows- UPDATED

First boot
Insert USB flash in internal USB port

Hookup serial cable

FreeBSD by default uses 9600 baud for the serial console. Soekris BIOS by default uses 19200. This must be changed to match FreeBSD.

Start your terminal client (on Windows e.g. PuTTY) and set it to 19200 8 N 1

Power on the Soekris

POST: 0123456789bcefghipsajklnopqr,,,tvwxy comBIOS ver. 1.41a 20111203  Copyright (C) 2000-2011 Soekris Engineering. net6501 1024 Mbyte Memory                       CPU Atom E6xx 1000 Mhz SATA AHCI BIOS ver. 0.6 20110902 Copyright (C) 2003-2011 Intel Corporation Controller Bus#02, Device#06, Function#00: 02 Ports No device found Soekris USB Expansion ROM ver. 1.01 20111203 80: USB 01 SanDisk Cruzer Fit      Xlt 973-255-63  7816 Mbyte Initializing Intel(R) Boot Agent GE v1.3.72 PXE 2.1 Build 089 (WfM 2.0) Slot  Vend Dev  ClassRev Cmd  Stat CL LT HT  Base1    Base2   Int 00:00:0 8086 4114 06000003 0007 0000 00 00 00 00000000 00000000 00:23:0 8086 8184 06040000 0107 0010 08 00 01 1FFF1000 A0FFA000 10 00:24:0 8086 8185 06040000 0107 0010 08 00 01 3FFF2000 A2FFA100 11 00:25:0 8086 8180 06040000 0107 0010 08 00 01 5FFF4000 A4FFA300 05 00:26:0 8086 8181 06040000 0107 0010 08 00 01 0FFF1000 A5FFA500 09 00:31:0 8086 8186 06010000 0003 0000 00 00 80 00000000 00000000 02:02:0 8086 8804 0C031001 0106 0010 00 00 80 A0000B00 00000000 09 02:02:1 8086 8805 0C031001 0106 0010 00 00 80 A0000C00 00000000 09 02:02:2 8086 8806 0C031001 0106 0010 00 00 80 A0000D00 00000000 09 02:02:3 8086 8807 0C032001 0106 0010 00 00 80 A0000E00 00000000 09 02:06:0 8086 880B 01060101 0107 0010 00 00 00 00000000 00000000 11 02:08:0 8086 880C 0C031001 0106 0010 00 00 80 A0004800 00000000 10 02:08:1 8086 880D 0C031001 0106 0010 00 00 80 A0004900 00000000 10 02:08:2 8086 880E 0C031001 0106 0010 00 00 80 A0004A00 00000000 10 02:08:3 8086 880F 0C032001 0106 0010 00 00 80 A0004B00 00000000 10 02:10:1 8086 8811 07000200 0107 0010 00 00 80 00001041 A0004D00 09 02:10:2 8086 8812 07000200 0107 0010 00 00 80 00001049 A0004D10 09 02:12:2 8086 8817 0C800000 0106 0010 00 00 80 00000000 A0005000 05 02:12:3 8086 8818 0C090000 0106 0010 00 00 80 00000000 A0005200 05 03:00:0 111D 803A 0604000E 0107 0010 08 00 01 3FFF2000 A2FFA100 05:00:0 8086 10D3 02000000 0107 0010 08 00 00 A1000000 00000000 09 06:00:0 8086 10D3 02000000 0107 0010 08 00 00 A2000000 00000000 10 08:00:0 111D 803A 0604000E 0107 0010 08 00 01 5FFF4000 A4FFA300 10:00:0 8086 10D3 02000000 0107 0010 08 00 00 A3000000 00000000 10 11:00:0 8086 10D3 02000000 0107 0010 08 00 00 A4000000 00000000 11 13:00:0 168C 0024 02800001 0107 2010 08 00 00 A5000004 00000000 09 5 Seconds to automatic boot. Press Ctrl-P for entering Monitor.

Press Ctrl-P and change console speed in BIOS

comBIOS Monitor. Press ? for help. > set ConSpeed=9600

Change to 9600 on the terminal client

Press reset button

[...] ugen7.1:  at usbus7 uhub7:  on usbus7 uhub5: 1 port with 1 removable, self powered uhub6: 1 port with 1 removable, self powered uhub3: 3 ports with 3 removable, self powered uhub7: 3 ports with 3 removable, self powered ugen7.2:  at usbus7 umass0:  on usbus7 SMP: AP CPU #1 Launched! da0 at umass-sim0 bus 0 scbus0 target 0 lun 0 da0:  Removable Direct Access SCSI-5 device da0: 40.000MB/s transfers da0: 7633MB (15633408 512 byte sectors: 255H 63S/T 973C) GEOM: da0s1: geometry does not match label (16h,63s != 255h,63s). GEOM: da0s2: geometry does not match label (16h,63s != 255h,63s). Trying to mount root from ufs:/dev/ufs/pfsense0 Configuring crash dumps... Mounting filesystems...  Setting up embedded specific environment... done. ___  ___/ f \ / p \___/ Sense \___/  \      \___/  Welcome to pfSense 2.0.1-RELEASE  ...  Creating symlinks......done. External config loader 1.0 is now starting... da0s3 Launching the init system... done. Initializing............................ done. Starting device manager (devd)...done. Loading configuration......done.

If you get ROOT MOUNT ERROR see

Now interfaces must be assigned: ath0 is the wireless card

Network interface mismatch -- Running interface assignment option. Valid interfaces are: em0  00:00:24:ce:80:70   (up) Intel(R) PRO/1000 Network Connection 7.2.3 em1  00:00:24:ce:80:71   (up) Intel(R) PRO/1000 Network Connection 7.2.3 em2  00:00:24:ce:80:72   (up) Intel(R) PRO/1000 Network Connection 7.2.3 em3  00:00:24:ce:80:73   (up) Intel(R) PRO/1000 Network Connection 7.2.3 ath0 cc:b2:55:c3:58:84   (up) Atheros 5416 Do you want to set up VLANs first? If you are not going to use VLANs, or only for optional interfaces, you should say no here and use the webConfigurator to configure VLANs later, if required. Do you want to set up VLANs now [y|n]? n

No vlans for this setup.

Assign all interfaces

*NOTE* pfSense requires *AT LEAST* 1 assigned interface(s) to function. If you do not have *AT LEAST* 1 interfaces you CANNOT continue. If you do not have at least 1 *REAL* network interface card(s) or one interface with multiple VLANs then pfSense *WILL NOT* function correctly. If you do not know the names of your interfaces, you may choose to use auto-detection. In that case, disconnect all interfaces now before hitting 'a' to initiate auto detection. Enter the WAN interface name or 'a' for auto-detection: em0 Enter the LAN interface name or 'a' for auto-detection NOTE: this enables full Firewalling/NAT mode. (or nothing if finished): em1 Enter the Optional 1 interface name or 'a' for auto-detection (or nothing if finished): em2 Enter the Optional 2 interface name or 'a' for auto-detection (or nothing if finished): em3 Enter the Optional 3 interface name or 'a' for auto-detection (or nothing if finished): ath0 Enter the Optional 4 interface name or 'a' for auto-detection (or nothing if finished): The interfaces will be assigned as follows: WAN -> em0 LAN -> em1 OPT1 -> em2 OPT2 -> em3 OPT3 -> ath0 Do you want to proceed [y|n]?y Writing configuration...done. Updating configuration...done. Cleaning backup cache...done. Setting up extended sysctls...done. Setting timezone...done. Starting Secure Shell Services...done. Setting up polling defaults...done. Setting up interfaces microcode...done. Configuring LAGG interfaces...done. Configuring VLAN interfaces...done. Configuring QinQ interfaces...done. Configuring WAN interface...done. Configuring LAN interface...done. Syncing OpenVPN settings...done. Starting syslog...done. Configuring firewall......done. Starting PFLOG...done. Setting up gateway monitors...done. Synchronizing user settings...done. Starting webConfigurator...done. Configuring CRON...done. Starting DHCP service...done. Starting DNS forwarder...done. Configuring firewall......done. Starting OpenNTP time client...done. Generating RRD graphs...done. Starting CRON... done. Bootup complete FreeBSD/i386 (pfSense.localdomain) (console) *** Welcome to pfSense 2.0.1-RELEASE-nanobsd (i386) on pfSense *** WAN (wan)                -> em0        -> 192.168.10.122 (DHCP) LAN (lan)                -> em1        -> 192.168.1.1 OPT1 (opt1)              -> em2        -> NONE OPT2 (opt2)              -> em3        -> NONE OPT3 (opt3)              -> ath0_wlan0 -> NONE 0) Logout (SSH only)                 8) Shell 1) Assign Interfaces                 9) pfTop 2) Set interface(s) IP address      10) Filter Logs 3) Reset webConfigurator password   11) Restart webConfigurator 4) Reset to factory defaults        12) pfSense Developer Shell 5) Reboot system                    13) Upgrade from console 6) Halt system                      14) Enable Secure Shell (sshd) 7) Ping host Enter an option:

Now the Soekris box is up.

Connect a PC to Eth1 (LAN) and use a browser to access the admin GUI on https://192.168.1.1 Ignore the certificate error and login in with user: admin and password: pfsense

Go through the initial setup wizard. (remove the Block private networks filter on the WAN interface if on a private network, e.g. when testing)

Bridging
First some terminology There is actually three different but connected uses of the word (network) interface here
 * 1) Hardware interface port, labled Eth0 to Eth3 on the Soekris case (a common abbreviation used is NIC: Network Interface Card)
 * 2) FreeBSD network interface driver: em0 to em3 (from Shell try: ifconfig)
 * 3) pfSense interface: WAN, LAN, OPTx

There is a direct relationship between Eth0 and em0. em0 can then be assigned to a pfSense interface like WAN.

To make the LAN ports (Eth1-3) act as a switch the interfaces must be enabled, firewall rules added and a bridge created. Interfaces must be enable for them to be added to a bridge. Firewall rules must be added for trafiic to pass.

When creating a bridge we could just add LAN and all the OPTx interfaces to the bridge, and it would work. That is to say: as long as Eth1 is up. The IP address will be bound to em1 (Eth1). For the gateway to be accessible regardsless of the state of Eth1, the IP address must be assigned to the bridge itself. See: Wireless adapter bridged to LAN stops working if LAN unplugged

Enable interfaces
Use the menu Interfaces and enable all OPTx interfaces.

Change the Description to match the case label: ETHx, WIFI

To enable the wireless interface, Mode must be set to Access Point and SSID must be set.

Add firewall rules
Go to Firewall -> Rules On all OPTx interfaces add a rule to let all traffic pass (blocked by default) Click + to add rule with Protocol: any

Apply changes when all rules are added.

Create Bridge
Go to Interfaces -> (assign): Bridges Click + and add all OPTx to Member interfaces (hold CTRL while clicking)

Reassign interfaces
Interfaces -> (assign)

Problem
For some reason LAN connectivity is now lost. The settings is not applied properly by pfSense.

Two solutions:
 * 1) Reboot
 * 2) Admin GUI has been enabled on the WAN side and a computer can reach it Go to Interfaces -> LAN, Click Save and then Apply Changes

Assign em3
Interfaces -> (assign) Click + and assign em3

Go to Interfaces -> (assign): Bridges and add the interface to the bridge. Then add firewall rule as done previously

What's next?
Now the basic setup is done. The box behaves as a regular WiFi router.

The following is some suggestions on what to do next.


 * Make services on the local network available to the WAN side: http://doc.pfsense.org/index.php/How_can_I_forward_ports_with_pfSense%3F
 * pfSense articles about firewall rules: Category:Firewall Rules
 * More complex firewall rules with Floating Rules
 * Understand pf better with: Firewalling with OpenBSD's PF packet filter
 * Get pfSense: The Definitive Guide. I found it to be a gentle introduction to pfSense and the connected networking topics. Highly recommended. Read the reviews on Amazon.

LEDs
It would be desirable to control the Ready LED from software. Maybe a flashing Ready while booting, and steady light when finished.

There is currently no easy way to do this.

When pfSense starts using FreeBSD 9.x, gpioctl will hopefully be available and useable for this.

LEDs on net6501 Red Error LED:  I/O port 069C bit 0, 0=off, 1=on. Green Ready LED: I/O port 069D bit 0, 0=off, 1=on.

WebGUI from WAN
How can I access the webGUI from the WAN?

Firewall -> Rules : WAN

Add rule

Problems
If making a change doesn't do what you are certain it should, try rebooting.

Root Mount error
When compiling this Howto, pfSense reported a Root Mount Error. The error was not present when using pfSense LiveCD or FreeBSD 8.2. The solution is presented here: Booting from USB


 * kern.cam.boot_delay
 * Delay (in ms) of root mount for CAM bus registration, useful for USB sticks as root

Note: If the default is not changed in new versions, this must be done on each upgrade. Upgrade Guide

uhub7: 3 ports with 3 removable, self powered Root mount waiting for: usbus7 ugen7.2:  at usbus7 umass0:  on usbus7 Root mount waiting for: usbus7 Trying to mount root from ufs:/dev/ufs/pfsense0 ROOT MOUNT ERROR: If you have invalid mount options, reboot, and first try the following from the loader prompt: set vfs.root.mountfrom.options=rw and then remove invalid mount options from /etc/fstab. Loader variables: vfs.root.mountfrom=ufs:/dev/ufs/pfsense0 vfs.root.mountfrom.options=ro,sync,noatime Manual root filesystem specification: : Mount using filesystem eg. ufs:/dev/da0s1a eg. cd9660:/dev/acd0 This is equivalent to: mount -t cd9660 /dev/acd0 / ?                 List valid disk boot devices Abort manual input mountroot>

Reboot (press the reset key at the back of the box) and escape to the boot loader.

If it boots immediately, begin tapping a key when data= shows on the /boot/kernel/kernel line

FreeBSD/i386 bootstrap loader, Revision 1.1 (root@FreeBSD_8.0_pfSense_2.0-snaps.pfsense.org, Mon Dec 12 18:43:24 EST 2011) Loading /boot/defaults/loader.conf /boot/kernel/kernel text=0x8a1d18 data=0x3c9e54+0x9b6a0 syms=[0x4+0x94100+0x4+0xcaf47] \ Hit [Enter] to boot immediately, or any other key for command prompt. Type '?' for a list of commands, 'help' for more detailed help. OK set kern.cam.boot_delay=10000 OK boot

Next step is to make this setting persistent. To do this the root partition must be remounted as writeable. (alternative method) On the console menu, enter 8) Shell

root(1): mount /dev/ufs/pfsense0 on / (ufs, local, noatime, read-only, synchronous) [...] root(2): mount -uw /dev/ufs/pfsense0 root(3): mount /dev/ufs/pfsense0 on / (ufs, local) /root(4): vi /boot/loader.conf.local kern.cam.boot_delay="10000" root(5): mount -ur /dev/ufs/pfsense0 root(6): mount /dev/ufs/pfsense0 on / (ufs, local, read-only) root(7): exit

5) Reboot system to make sure it works.

Stuck Beacon
ath0: stuck beacon; resetting (bmiss count4)

The log can fill up with these. Changing channel may be a solution.

During the compilation of this Howto I had this error at the beginning, but now it is gone.

It has apparently been a well known problem for a long time.
 * The Infamous Stuck Beacon Problem
 * beacon stuck solution
 * Yet another Atheros upgrade horror story

Geometry mismatch
I haven't found an easy solution to this. Apparently it's just cosmetic (for our use case).

From boot log GEOM: da0s1: geometry does not match label (16h,63s != 255h,63s). GEOM: da0s2: geometry does not match label (16h,63s != 255h,63s).

Hardware Manual Chapter 5 excerpt
 * Preloading the storage device on another system. The net6501 uses a simple algorithm for sector
 * translation for storage devices, if there are less than 1024 tracks, it will use the native CHS that the
 * device reports, if more than 1024 tracks, it will use LBA translation. So the host system will need to
 * match that, and that will also normally be the case. In some cases it may be necessary to change the
 * translation settings in the host system’s BIOS or to do manually configuration of the boot loader used.


 * GEOM: ad0s2: geometry does not match label (255h,63s != 16h,255s)
 * Testing out FreeBSD 8.0-RC1

Console boot messages
POST: 0123456789bcefghipsajklnopqr,,,tvwxy comBIOS ver. 1.41a 20111203  Copyright (C) 2000-2011 Soekris Engineering. net6501 1024 Mbyte Memory                       CPU Atom E6xx 1000 Mhz SATA AHCI BIOS ver. 0.6 20110902 Copyright (C) 2003-2011 Intel Corporation Controller Bus#02, Device#06, Function#00: 02 Ports No device found Soekris USB Expansion ROM ver. 1.01 20111203 80: USB 01 SanDisk Cruzer Fit      Xlt 973-255-63  7816 Mbyte Initializing Intel(R) Boot Agent GE v1.3.72 PXE 2.1 Build 089 (WfM 2.0) Slot  Vend Dev  ClassRev Cmd  Stat CL LT HT  Base1    Base2   Int 00:00:0 8086 4114 06000003 0007 0000 00 00 00 00000000 00000000 00:23:0 8086 8184 06040000 0107 0010 08 00 01 1FFF1000 A0FFA000 10 00:24:0 8086 8185 06040000 0107 0010 08 00 01 3FFF2000 A2FFA100 11 00:25:0 8086 8180 06040000 0107 0010 08 00 01 5FFF4000 A4FFA300 05 00:26:0 8086 8181 06040000 0107 0010 08 00 01 0FFF1000 A5FFA500 09 00:31:0 8086 8186 06010000 0003 0000 00 00 80 00000000 00000000 02:02:0 8086 8804 0C031001 0106 0010 00 00 80 A0000B00 00000000 09 02:02:1 8086 8805 0C031001 0106 0010 00 00 80 A0000C00 00000000 09 02:02:2 8086 8806 0C031001 0106 0010 00 00 80 A0000D00 00000000 09 02:02:3 8086 8807 0C032001 0106 0010 00 00 80 A0000E00 00000000 09 02:06:0 8086 880B 01060101 0107 0010 00 00 00 00000000 00000000 11 02:08:0 8086 880C 0C031001 0106 0010 00 00 80 A0004800 00000000 10 02:08:1 8086 880D 0C031001 0106 0010 00 00 80 A0004900 00000000 10 02:08:2 8086 880E 0C031001 0106 0010 00 00 80 A0004A00 00000000 10 02:08:3 8086 880F 0C032001 0106 0010 00 00 80 A0004B00 00000000 10 02:10:1 8086 8811 07000200 0107 0010 00 00 80 00001041 A0004D00 09 02:10:2 8086 8812 07000200 0107 0010 00 00 80 00001049 A0004D10 09 02:12:2 8086 8817 0C800000 0106 0010 00 00 80 00000000 A0005000 05 02:12:3 8086 8818 0C090000 0106 0010 00 00 80 00000000 A0005200 05 03:00:0 111D 803A 0604000E 0107 0010 08 00 01 3FFF2000 A2FFA100 05:00:0 8086 10D3 02000000 0107 0010 08 00 00 A1000000 00000000 09 06:00:0 8086 10D3 02000000 0107 0010 08 00 00 A2000000 00000000 10 08:00:0 111D 803A 0604000E 0107 0010 08 00 01 5FFF4000 A4FFA300 10:00:0 8086 10D3 02000000 0107 0010 08 00 00 A3000000 00000000 10 11:00:0 8086 10D3 02000000 0107 0010 08 00 00 A4000000 00000000 11 13:00:0 168C 0024 02800001 0107 2010 08 00 00 A5000004 00000000 09 1 Seconds to automatic boot. Press Ctrl-P for entering Monitor. 1 pfSense 2 pfSense F6 PXE Boot: 1 /boot.config: -h Consoles: serial port BIOS drive C: is disk0 BIOS 627kB/1047424kB available memory FreeBSD/i386 bootstrap loader, Revision 1.1 (root@FreeBSD_8.0_pfSense_2.0-snaps.pfsense.org, Mon Dec 12 18:43:24 EST 2011) Loading /boot/defaults/loader.conf /boot/kernel/kernel text=0x8a1d18 data=0x3c9e54+0x9b6a0 syms=[0x4+0x94100+0x4+0xcaf47] - Hit [Enter] to boot immediately, or any other key for command prompt. Booting [/boot/kernel/kernel]... .. Copyright (c) 1992-2010 The FreeBSD Project. Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994 The Regents of the University of California. All rights reserved. FreeBSD is a registered trademark of The FreeBSD Foundation. FreeBSD 8.1-RELEASE-p6 #0: Mon Dec 12 18:59:41 EST 2011 root@FreeBSD_8.0_pfSense_2.0-snaps.pfsense.org:/usr/obj./usr/pfSensesrc/src/sys/pfSense_wrap.8.i386 i386 Timecounter "i8254" frequency 1193182 Hz quality 0 CPU: Genuine Intel(R) CPU       @ 1.00GHz (1000.01-MHz 686-class CPU) Origin = "GenuineIntel" Id = 0x20661  Family = 6  Model = 26  Stepping = 1 Features=0xbfe9fbff Features2=0x40e3bd AMD Features=0x20100000 AMD Features2=0x1 TSC: P-state invariant real memory = 1073610752 (1023 MB) avail memory = 1032044544 (984 MB) ACPI Error: A valid RSDP was not found (20100331/tbxfroot-309) MPTable:  FreeBSD/SMP: Multiprocessor System Detected: 2 CPUs FreeBSD/SMP: 1 package(s) x 1 core(s) x 2 HTT threads cpu0 (BSP): APIC ID: 0 cpu1 (AP/HT): APIC ID: 1 ioapic0: Assuming intbase of 0 ioapic0  irqs 0-23 on motherboard netisr_init: forcing maxthreads to 1 and bindthreads to 0 for device polling wlan: mac acl policy registered ipw_bss: You need to read the LICENSE file in /usr/share/doc/legal/intel_ipw/. ipw_bss: If you agree with the license, set legal.intel_ipw.license_ack=1 in /boot/loader.conf. module_register_init: MOD_LOAD (ipw_bss_fw, 0xc0710010, 0) error 1 ipw_ibss: You need to read the LICENSE file in /usr/share/doc/legal/intel_ipw/. ipw_ibss: If you agree with the license, set legal.intel_ipw.license_ack=1 in /boot/loader.conf. module_register_init: MOD_LOAD (ipw_ibss_fw, 0xc07100b0, 0) error 1 wpi: You need to read the LICENSE file in /usr/share/doc/legal/intel_wpi/. wpi: If you agree with the license, set legal.intel_wpi.license_ack=1 in /boot/loader.conf. module_register_init: MOD_LOAD (wpi_fw, 0xc0883050, 0) error 1 ipw_monitor: You need to read the LICENSE file in /usr/share/doc/legal/intel_ipw/. ipw_monitor: If you agree with the license, set legal.intel_ipw.license_ack=1 in /boot/loader.conf. module_register_init: MOD_LOAD (ipw_monitor_fw, 0xc0710150, 0) error 1 ACPI Error: A valid RSDP was not found (20100331/tbxfroot-309) ACPI: Table initialisation failed: AE_NOT_FOUND ACPI: Try disabling either ACPI or apic support. cryptosoft0: on motherboard padlock0: No ACE support. pcib0:  pcibus 0 on motherboard pci0:  on pcib0 pcib1:  irq 16 at device 23.0 on pci0 pci1: <PCI bus> on pcib1 pcib2: <PCI-PCI bridge> irq 16 at device 0.0 on pci1 pci2: <PCI bus> on pcib2 pci2: at device 0.0 (no driver attached) pci2: <network, ethernet> at device 0.1 (no driver attached) pci2: at device 0.2 (no driver attached) ohci0: <OHCI (generic) USB controller> mem 0xa0000b00-0xa0000bff irq 19 at device 2.0 on pci2 ohci0: [ITHREAD] usbus0: <OHCI (generic) USB controller> on ohci0 ohci1: <OHCI (generic) USB controller> mem 0xa0000c00-0xa0000cff irq 19 at device 2.1 on pci2 ohci1: [ITHREAD] usbus1: <OHCI (generic) USB controller> on ohci1 ohci2: <OHCI (generic) USB controller> mem 0xa0000d00-0xa0000dff irq 19 at device 2.2 on pci2 ohci2: [ITHREAD] usbus2: <OHCI (generic) USB controller> on ohci2 ehci0: <EHCI (generic) USB 2.0 controller> mem 0xa0000e00-0xa0000eff irq 19 at device 2.3 on pci2 ehci0: [ITHREAD] usbus3: EHCI version 1.0 usbus3: <EHCI (generic) USB 2.0 controller> on ehci0 pci2: <serial bus, USB> at device 2.4 (no driver attached) pci2: <base peripheral, SD host controller> at device 4.0 (no driver attached) pci2: <base peripheral, SD host controller> at device 4.1 (no driver attached) atapci0: <Intel AHCI controller> port 0x1020-0x103f mem 0xa0004400-0xa00047ff irq 17 at device 6.0 on pci2 atapci0: [ITHREAD] atapci0: AHCI v1.10 controller with 2 3Gbps ports, PM supported ata2: <ATA channel 0> on atapci0 ata2: [ITHREAD] ata3: <ATA channel 1> on atapci0 ata3: [ITHREAD] ohci3: <OHCI (generic) USB controller> mem 0xa0004800-0xa00048ff irq 16 at device 8.0 on pci2 ohci3: [ITHREAD] usbus4: <OHCI (generic) USB controller> on ohci3 ohci4: <OHCI (generic) USB controller> mem 0xa0004900-0xa00049ff irq 16 at device 8.1 on pci2 ohci4: [ITHREAD] usbus5: <OHCI (generic) USB controller> on ohci4 ohci5: <OHCI (generic) USB controller> mem 0xa0004a00-0xa0004aff irq 16 at device 8.2 on pci2 ohci5: [ITHREAD] usbus6: <OHCI (generic) USB controller> on ohci5 ehci1: <EHCI (generic) USB 2.0 controller> mem 0xa0004b00-0xa0004bff irq 16 at device 8.3 on pci2 ehci1: [ITHREAD] usbus7: EHCI version 1.0 usbus7: <EHCI (generic) USB 2.0 controller> on ehci1 pci2: at device 10.0 (no driver attached) pci2: <simple comms, UART> at device 10.1 (no driver attached) pci2: <simple comms, UART> at device 10.2 (no driver attached) pci2: <simple comms, UART> at device 10.3 (no driver attached) pci2: <simple comms, UART> at device 10.4 (no driver attached) pci2: at device 12.0 (no driver attached) pci2: at device 12.1 (no driver attached) pci2: at device 12.2 (no driver attached) pci2: at device 12.3 (no driver attached) pci2: at device 12.4 (no driver attached) pcib3: <PCI-PCI bridge> irq 17 at device 24.0 on pci0 pci3: <PCI bus> on pcib3 pcib4: <PCI-PCI bridge> at device 0.0 on pci3 pci4: <PCI bus> on pcib4 pcib5: <PCI-PCI bridge> at device 2.0 on pci4 pci5: <PCI bus> on pcib5 em0: <Intel(R) PRO/1000 Network Connection 7.2.3> port 0x2000-0x201f mem 0xa1000000-0xa101ffff,0xa1020000-0xa1023fff irq 19 at device 0.0 on pci5 em0: Using MSIX interrupts with 3 vectors em0: [ITHREAD] em0: [ITHREAD] em0: [ITHREAD] pcib6: <PCI-PCI bridge> at device 3.0 on pci4 pci6: <PCI bus> on pcib6 em1: <Intel(R) PRO/1000 Network Connection 7.2.3> port 0x3000-0x301f mem 0xa2000000-0xa201ffff,0xa2020000-0xa2023fff irq 16 at device 0.0 on pci6 em1: Using MSIX interrupts with 3 vectors em1: [ITHREAD] em1: [ITHREAD] em1: [ITHREAD] pcib7: <PCI-PCI bridge> at device 4.0 on pci4 pci7: <PCI bus> on pcib7 pcib8: <PCI-PCI bridge> irq 18 at device 25.0 on pci0 pci8: <PCI bus> on pcib8 pcib9: <PCI-PCI bridge> at device 0.0 on pci8 pci9: <PCI bus> on pcib9 pcib10: <PCI-PCI bridge> at device 2.0 on pci9 pci10: <PCI bus> on pcib10 em2: <Intel(R) PRO/1000 Network Connection 7.2.3> port 0x4000-0x401f mem 0xa3000000-0xa301ffff,0xa3020000-0xa3023fff irq 16 at device 0.0 on pci10 em2: Using MSIX interrupts with 3 vectors em2: [ITHREAD] em2: [ITHREAD] em2: [ITHREAD] pcib11: <PCI-PCI bridge> at device 3.0 on pci9 pci11: <PCI bus> on pcib11 em3: <Intel(R) PRO/1000 Network Connection 7.2.3> port 0x5000-0x501f mem 0xa4000000-0xa401ffff,0xa4020000-0xa4023fff irq 17 at device 0.0 on pci11 em3: Using MSIX interrupts with 3 vectors em3: [ITHREAD] em3: [ITHREAD] em3: [ITHREAD] pcib12: <PCI-PCI bridge> at device 4.0 on pci9 pci12: <PCI bus> on pcib12 pcib13: <PCI-PCI bridge> irq 19 at device 26.0 on pci0 pci13: <PCI bus> on pcib13 ath0: <Atheros 5416> mem 0xa5000000-0xa500ffff irq 19 at device 0.0 on pci13 ath0: [ITHREAD] ath0: AR5418 mac 12.10 RF2133 phy 8.1 isab0: <PCI-ISA bridge> at device 31.0 on pci0 isa0: <ISA bus> on isab0 cpu0 on motherboard cpu1 on motherboard ata0 at port 0x1f0-0x1f7,0x3f6 irq 14 on isa0 ata0: [ITHREAD] ata1 at port 0x170-0x177,0x376 irq 15 on isa0 ata1: [ITHREAD] atrtc0: <AT Real Time Clock> at port 0x70 irq 8 on isa0 ppc0: parallel port not found. uart0: <Non-standard ns8250 class UART with FIFOs> at port 0x3f8-0x3ff irq 4 flags 0x10 on isa0 uart0: [FILTER] uart0: console (9600,n,8,1) Timecounters tick every 10.000 msec IPsec: Initialized Security Association Processing. usbus0: 12Mbps Full Speed USB v1.0 usbus1: 12Mbps Full Speed USB v1.0 ugen0.1: <(0x8086)> at usbus0 uhub0: <(0x8086) OHCI root HUB, class 9/0, rev 1.00/1.00, addr 1> on usbus0 ugen1.1: <(0x8086)> at usbus1 uhub1: <(0x8086) OHCI root HUB, class 9/0, rev 1.00/1.00, addr 1> on usbus1 usbus2: 12Mbps Full Speed USB v1.0 usbus3: 480Mbps High Speed USB v2.0 ugen2.1: <(0x8086)> at usbus2 uhub2: <(0x8086) OHCI root HUB, class 9/0, rev 1.00/1.00, addr 1> on usbus2 ugen3.1: <Intel> at usbus3 uhub3: <Intel EHCI root HUB, class 9/0, rev 2.00/1.00, addr 1> on usbus3 uhub0: 1 port with 1 removable, self powered uhub1: 1 port with 1 removable, self powered usbus4: 12Mbps Full Speed USB v1.0 uhub2: 1 port with 1 removable, self powered ugen4.1: <(0x8086)> at usbus4 uhub4: <(0x8086) OHCI root HUB, class 9/0, rev 1.00/1.00, addr 1> on usbus4 usbus5: 12Mbps Full Speed USB v1.0 usbus6: 12Mbps Full Speed USB v1.0 ugen5.1: <(0x8086)> at usbus5 uhub5: <(0x8086) OHCI root HUB, class 9/0, rev 1.00/1.00, addr 1> on usbus5 ugen6.1: <(0x8086)> at usbus6 uhub6: <(0x8086) OHCI root HUB, class 9/0, rev 1.00/1.00, addr 1> on usbus6 usbus7: 480Mbps High Speed USB v2.0 uhub4: 1 port with 1 removable, self powered ugen7.1: <Intel> at usbus7 uhub7: <Intel EHCI root HUB, class 9/0, rev 2.00/1.00, addr 1> on usbus7 uhub5: 1 port with 1 removable, self powered uhub6: 1 port with 1 removable, self powered uhub3: 3 ports with 3 removable, self powered uhub7: 3 ports with 3 removable, self powered ugen7.2: <SanDisk> at usbus7 umass0: <SanDisk Cruzer Fit, class 0/0, rev 2.00/1.26, addr 2> on usbus7 SMP: AP CPU #1 Launched! da0 at umass-sim0 bus 0 scbus0 target 0 lun 0 da0: <SanDisk Cruzer Fit 1.26> Removable Direct Access SCSI-5 device da0: 40.000MB/s transfers da0: 7633MB (15633408 512 byte sectors: 255H 63S/T 973C) GEOM: da0s1: geometry does not match label (16h,63s != 255h,63s). GEOM: da0s2: geometry does not match label (16h,63s != 255h,63s). Trying to mount root from ufs:/dev/ufs/pfsense0 Configuring crash dumps... Mounting filesystems...  Setting up embedded specific environment... done. ___  ___/ f \ / p \___/ Sense \___/  \      \___/  Welcome to pfSense 2.0.1-RELEASE  ...  Creating symlinks......done. External config loader 1.0 is now starting... da0s3 Launching the init system... done. Initializing............................ done. Starting device manager (devd)...done. Loading configuration......done. Updating configuration...done. Cleaning backup cache........done. Setting up extended sysctls...done. Setting timezone...done. Starting Secure Shell Services...done. Setting up polling defaults...done. Setting up interfaces microcode...done. Configuring LAGG interfaces...done. Configuring VLAN interfaces...done. Configuring QinQ interfaces...done. Configuring WAN interface...em0: link state changed to UP done. Configuring ETH1 interface...done. Configuring ETH2 interface...done. Configuring ETH3 interface...done. Configuring WIFI interface...wlan0: changing name to 'ath0_wlan0' em1: link state changed to UP done. em1: link state changed to DOWN em1: promiscuous mode enabled em2: promiscuous mode enabled em3: promiscuous mode enabled em1: link state changed to UP ath0_wlan0: promiscuous mode enabled Configuring LAN interface...done. Syncing OpenVPN settings...done. Starting syslog...done. Configuring firewall......done. Starting PFLOG...done. Setting up gateway monitors... Warning: mkdir: File exists in /etc/inc/gwlb.inc on line 233 done. Synchronizing user settings...done. Starting webConfigurator...done. Configuring CRON...done. Starting DHCP service...done. Starting DNS forwarder...done. Configuring firewall......done. Starting OpenNTP time client...done. Generating RRD graphs...done. Starting CRON... done. Bootup complete FreeBSD/i386 (pfSense.localdomain) (console) *** Welcome to pfSense 2.0.1-RELEASE-nanobsd (i386) on pfSense *** WAN (wan)                -> em0        -> 192.168.10.122 (DHCP) LAN (lan)                -> bridge0    -> 192.168.1.1 ETH1 (opt1)              -> em1        -> NONE ETH2 (opt2)              -> em2        -> NONE ETH3 (opt3)              -> em3        -> NONE WIFI (opt4)              -> ath0_wlan0 -> NONE 0) Logout (SSH only)                 8) Shell 1) Assign Interfaces                 9) pfTop 2) Set interface(s) IP address      10) Filter Logs 3) Reset webConfigurator password   11) Restart webConfigurator 4) Reset to factory defaults        12) pfSense Developer Shell 5) Reboot system                    13) Upgrade from console 6) Halt system                      14) Enable Secure Shell (sshd) 7) Ping host Enter an option:

amd64 boot messages
The pfSense-2.0.1-RELEASE-1g-amd64-nanobsd.img image fails to boot

See FreeBSD/amd64 on Net6501 working!
 * I was able to boot FreeBSD/amd64 9.0-RC3 just now.
 * The key was to enable mptable and atpic support in the kernel.
 * device     atpic          # Optional legacy pic support
 * device     mptable        # Optional MPSPEC mptable support
 * I also removed "device acpi", but that may not have been necessary.
 * I also removed "device acpi", but that may not have been necessary.
 * I also removed "device acpi", but that may not have been necessary.

1 Seconds to automatic boot. Press Ctrl-P for entering Monitor. 1 pfSense 2 pfSense 5 Drive 1 F6 PXE Boot: 1 /boot.config: -h Consoles: serial port BIOS drive C: is disk0 BIOS drive D: is disk1 BIOS 627kB/1047424kB available memory FreeBSD/i386 bootstrap loader, Revision 1.1 (root@FreeBSD_8.0_pfSense_2.0-AMD64.snaps.pfsense.org, Mon Dec 12 19:02:10 EST 2011) Loading /boot/defaults/loader.conf /boot/kernel/kernel text=0x8663f0 data=0x3ff8c8+0xbe798 syms=[0x8+0xda178+0x8+0xc796a] \ Hit [Enter] to boot immediately, or any other key for command prompt. Booting [/boot/kernel/kernel]... .. ACPI Error: A valid RSDP was not found (20100331/tbxfroot-309) Copyright (c) 1992-2010 The FreeBSD Project. Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994 The Regents of the University of California. All rights reserved. FreeBSD is a registered trademark of The FreeBSD Foundation. FreeBSD 8.1-RELEASE-p6 #0: Mon Dec 12 19:25:42 EST 2011 root@FreeBSD_8.0_pfSense_2.0-AMD64.snaps.pfsense.org:/usr/obj./usr/pfSensesrc/src/sys/pfSense_wrap.8.amd64 amd64 Timecounter "i8254" frequency 1193182 Hz quality 0 CPU: Genuine Intel(R) CPU       @ 1.00GHz (1000.01-MHz K8-class CPU) Origin = "GenuineIntel" Id = 0x20661  Family = 6  Model = 26  Stepping = 1 Features=0xbfe9fbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CLFLUSH,DTS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE> Features2=0x40e3bd<SSE3,DTES64,MON,DS_CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,MOVBE> AMD Features=0x20100800<SYSCALL,NX,LM> AMD Features2=0x1<LAHF> TSC: P-state invariant real memory = 1073610752 (1023 MB) avail memory = 1016238080 (969 MB) WARNING: Non-uniform processors. WARNING: Using suboptimal topology. netisr_init: forcing maxthreads to 1 and bindthreads to 0 for device polling wpi: You need to read the LICENSE file in /usr/share/doc/legal/intel_wpi/. wpi: If you agree with the license, set legal.intel_wpi.license_ack=1 in /boot/loader.conf. module_register_init: MOD_LOAD (wpi_fw, 0xffffffff8056cd10, 0) error 1 ipw_bss: You need to read the LICENSE file in /usr/share/doc/legal/intel_ipw/. ipw_bss: If you agree with the license, set legal.intel_ipw.license_ack=1 in /boot/loader.conf. module_register_init: MOD_LOAD (ipw_bss_fw, 0xffffffff804066b0, 0) error 1 ipw_ibss: You need to read the LICENSE file in /usr/share/doc/legal/intel_ipw/. ipw_ibss: If you agree with the license, set legal.intel_ipw.license_ack=1 in /boot/loader.conf. module_register_init: MOD_LOAD (ipw_ibss_fw, 0xffffffff80406750, 0) error 1 ipw_monitor: You need to read the LICENSE file in /usr/share/doc/legal/intel_ipw/. ipw_monitor: If you agree with the license, set legal.intel_ipw.license_ack=1 in /boot/loader.conf. module_register_init: MOD_LOAD (ipw_monitor_fw, 0xffffffff804067f0, 0) error 1 wlan: mac acl policy registered ACPI Error: A valid RSDP was not found (20100331/tbxfroot-309) ACPI: Table initialisation failed: AE_NOT_FOUND ACPI: Try disabling either ACPI or apic support. cryptosoft0: on motherboard padlock0: No ACE support. pcib0: <Host to PCI bridge> pcibus 0 on motherboard pci0: <PCI bus> on pcib0 pcib1: <PCI-PCI bridge> irq 10 at device 23.0 on pci0 pci1: <PCI bus> on pcib1 pcib2: <PCI-PCI bridge> irq 10 at device 0.0 on pci1 pci2: <PCI bus> on pcib2 pci2: at device 0.0 (no driver attached) pci2: <network, ethernet> at device 0.1 (no driver attached) pci2: at device 0.2 (no driver attached) ohci0: <OHCI (generic) USB controller> mem 0xa0000b00-0xa0000bff irq 9 at device 2.0 on pci2 ohci0: Could not allocate irq device_attach: ohci0 attach returned 6 ohci1: <OHCI (generic) USB controller> mem 0xa0000c00-0xa0000cff irq 9 at device 2.1 on pci2 ohci1: Could not allocate irq device_attach: ohci1 attach returned 6 ohci2: <OHCI (generic) USB controller> mem 0xa0000d00-0xa0000dff irq 9 at device 2.2 on pci2 ohci2: Could not allocate irq device_attach: ohci2 attach returned 6 ehci0: <EHCI (generic) USB 2.0 controller> mem 0xa0000e00-0xa0000eff irq 9 at device 2.3 on pci2 ehci0: Could not allocate irq device_attach: ehci0 attach returned 6 pci2: <serial bus, USB> at device 2.4 (no driver attached) pci2: <base peripheral, SD host controller> at device 4.0 (no driver attached) pci2: <base peripheral, SD host controller> at device 4.1 (no driver attached) atapci0: <Intel AHCI controller> port 0x1020-0x103f mem 0xa0004400-0xa00047ff irq 11 at device 6.0 on pci2 atapci0: unable to map interrupt device_attach: atapci0 attach returned 6 ohci3: <OHCI (generic) USB controller> mem 0xa0004800-0xa00048ff irq 10 at device 8.0 on pci2 ohci3: Could not allocate irq device_attach: ohci3 attach returned 6 ohci4: <OHCI (generic) USB controller> mem 0xa0004900-0xa00049ff irq 10 at device 8.1 on pci2 ohci4: Could not allocate irq device_attach: ohci4 attach returned 6 ohci5: <OHCI (generic) USB controller> mem 0xa0004a00-0xa0004aff irq 10 at device 8.2 on pci2 ohci5: Could not allocate irq device_attach: ohci5 attach returned 6 ehci1: <EHCI (generic) USB 2.0 controller> mem 0xa0004b00-0xa0004bff irq 10 at device 8.3 on pci2 ehci1: Could not allocate irq device_attach: ehci1 attach returned 6 pci2: at device 10.0 (no driver attached) pci2: <simple comms, UART> at device 10.1 (no driver attached) pci2: <simple comms, UART> at device 10.2 (no driver attached) pci2: <simple comms, UART> at device 10.3 (no driver attached) pci2: <simple comms, UART> at device 10.4 (no driver attached) pci2: at device 12.0 (no driver attached) pci2: at device 12.1 (no driver attached) pci2: at device 12.2 (no driver attached) pci2: at device 12.3 (no driver attached) pci2: at device 12.4 (no driver attached) pcib3: <PCI-PCI bridge> irq 11 at device 24.0 on pci0 pci3: <PCI bus> on pcib3 pcib4: <PCI-PCI bridge> at device 0.0 on pci3 pci4: <PCI bus> on pcib4 pcib5: <PCI-PCI bridge> at device 2.0 on pci4 pci5: <PCI bus> on pcib5 em0: <Intel(R) PRO/1000 Network Connection 7.2.3> port 0x2000-0x201f mem 0xa1000000-0xa101ffff,0xa1020000-0xa1023fff irq 9 at device 0.0 on pci5 em0: Using MSIX interrupts with 0 vectors em0: Unable to allocate bus resource: interrupt device_attach: em0 attach returned 6 pcib6: <PCI-PCI bridge> at device 3.0 on pci4 pci6: <PCI bus> on pcib6 em1: <Intel(R) PRO/1000 Network Connection 7.2.3> port 0x3000-0x301f mem 0xa2000000-0xa201ffff,0xa2020000-0xa2023fff irq 10 at device 0.0 on pci6 em1: Using MSIX interrupts with 0 vectors em1: Unable to allocate bus resource: interrupt device_attach: em1 attach returned 6 pcib7: <PCI-PCI bridge> at device 4.0 on pci4 pci7: <PCI bus> on pcib7 pcib8: <PCI-PCI bridge> irq 5 at device 25.0 on pci0 pci8: <PCI bus> on pcib8 pcib9: <PCI-PCI bridge> at device 0.0 on pci8 pci9: <PCI bus> on pcib9 pcib10: <PCI-PCI bridge> at device 2.0 on pci9 pci10: <PCI bus> on pcib10 em2: <Intel(R) PRO/1000 Network Connection 7.2.3> port 0x4000-0x401f mem 0xa3000000-0xa301ffff,0xa3020000-0xa3023fff irq 10 at device 0.0 on pci10 em2: Using MSIX interrupts with 0 vectors em2: Unable to allocate bus resource: interrupt device_attach: em2 attach returned 6 pcib11: <PCI-PCI bridge> at device 3.0 on pci9 pci11: <PCI bus> on pcib11 em3: <Intel(R) PRO/1000 Network Connection 7.2.3> port 0x5000-0x501f mem 0xa4000000-0xa401ffff,0xa4020000-0xa4023fff irq 11 at device 0.0 on pci11 em3: Using MSIX interrupts with 0 vectors em3: Unable to allocate bus resource: interrupt device_attach: em3 attach returned 6 pcib12: <PCI-PCI bridge> at device 4.0 on pci9 pci12: <PCI bus> on pcib12 pcib13: <PCI-PCI bridge> irq 9 at device 26.0 on pci0 pci13: <PCI bus> on pcib13 ath0: <Atheros 5416> mem 0xa5000000-0xa500ffff irq 9 at device 0.0 on pci13 ath0: could not map interrupt device_attach: ath0 attach returned 6 isab0: <PCI-ISA bridge> at device 31.0 on pci0 isa0: <ISA bus> on isab0 cpu0 on motherboard atrtc0: <AT Real Time Clock> at port 0x70 irq 8 on isa0 atrtc0: Warning: Couldn't map Interrupt. ppc0: cannot reserve I/O port range uart0: at port 0x3f8-0x3ff irq 4 flags 0x10 on isa0 uart0: console (9600,n,8,1) Timecounter "TSC" frequency 1000005870 Hz quality 800 Timecounters tick every 10.000 msec IPsec: Initialized Security Association Processing.