Project:Sandbox

Title: Soekris 6501 USB Flash install

This Howto shows a way to install pfSense on the Soekris net6501 using a USB flash. The setup is for a typical WiFi home router with all LAN ports including WIFI acting as a switch (bridge).

The version of pfSense used is 2.01 (which does not support 802.11N, but 2.1 probably will)

Hardware used

 * Soekris net6501-50 with case (CPU: Intel Atom E6xx 1000 Mhz, 1GB Ram, 4x Intel 82574IT Gigabit Ethernet, PCIe)
 * Power Supply
 * Sandisk 8GB Cruzer Fit USB Drive
 * Null-modem cable
 * D-Link DWA-556 Wireless N PCIe Desktop Adapter
 * A computer with ethernet and serial port/usb2serial adapter

Before deciding to buy a wifi card, do some research. See Even though a card is reported to be working, a later revision of the card might use a different chipset. Some people advice to use a dedicated Wireless Access Point.

Prepare boot media
Image used in this Howto: pfSense-2.0.1-RELEASE-4g-i386-nanobsd.img

Copy image to USB flash according to HOWTO Install pfSense

See this for alternate copy method on Windows: Installing from USB drive in Windows- UPDATED

First boot
Insert USB flash in internal USB port

Hookup serial cable

FreeBSD by default uses 9600 baud for the serial console. Soekris BIOS by default uses 19200. This must be changed to 9600.

Start your terminal client (on Windows e.g. PuTTY) and set it to 19200 8 N 1

Power on the Soekris

POST: 0123456789bcefghipsajklnopqr,,,tvwxy comBIOS ver. 1.41a 20111203  Copyright (C) 2000-2011 Soekris Engineering. net6501 1024 Mbyte Memory                       CPU Atom E6xx 1000 Mhz SATA AHCI BIOS ver. 0.6 20110902 Copyright (C) 2003-2011 Intel Corporation Controller Bus#02, Device#06, Function#00: 02 Ports No device found Soekris USB Expansion ROM ver. 1.01 20111203 80: USB 01 SanDisk Cruzer Fit      Xlt 973-255-63  7816 Mbyte Initializing Intel(R) Boot Agent GE v1.3.72 PXE 2.1 Build 089 (WfM 2.0) Slot  Vend Dev  ClassRev Cmd  Stat CL LT HT  Base1    Base2   Int 00:00:0 8086 4114 06000003 0007 0000 00 00 00 00000000 00000000 00:23:0 8086 8184 06040000 0107 0010 08 00 01 1FFF1000 A0FFA000 10 00:24:0 8086 8185 06040000 0107 0010 08 00 01 3FFF2000 A2FFA100 11 00:25:0 8086 8180 06040000 0107 0010 08 00 01 5FFF4000 A4FFA300 05 00:26:0 8086 8181 06040000 0107 0010 08 00 01 0FFF1000 A5FFA500 09 00:31:0 8086 8186 06010000 0003 0000 00 00 80 00000000 00000000 02:02:0 8086 8804 0C031001 0106 0010 00 00 80 A0000B00 00000000 09 02:02:1 8086 8805 0C031001 0106 0010 00 00 80 A0000C00 00000000 09 02:02:2 8086 8806 0C031001 0106 0010 00 00 80 A0000D00 00000000 09 02:02:3 8086 8807 0C032001 0106 0010 00 00 80 A0000E00 00000000 09 02:06:0 8086 880B 01060101 0107 0010 00 00 00 00000000 00000000 11 02:08:0 8086 880C 0C031001 0106 0010 00 00 80 A0004800 00000000 10 02:08:1 8086 880D 0C031001 0106 0010 00 00 80 A0004900 00000000 10 02:08:2 8086 880E 0C031001 0106 0010 00 00 80 A0004A00 00000000 10 02:08:3 8086 880F 0C032001 0106 0010 00 00 80 A0004B00 00000000 10 02:10:1 8086 8811 07000200 0107 0010 00 00 80 00001041 A0004D00 09 02:10:2 8086 8812 07000200 0107 0010 00 00 80 00001049 A0004D10 09 02:12:2 8086 8817 0C800000 0106 0010 00 00 80 00000000 A0005000 05 02:12:3 8086 8818 0C090000 0106 0010 00 00 80 00000000 A0005200 05 03:00:0 111D 803A 0604000E 0107 0010 08 00 01 3FFF2000 A2FFA100 05:00:0 8086 10D3 02000000 0107 0010 08 00 00 A1000000 00000000 09 06:00:0 8086 10D3 02000000 0107 0010 08 00 00 A2000000 00000000 10 08:00:0 111D 803A 0604000E 0107 0010 08 00 01 5FFF4000 A4FFA300 10:00:0 8086 10D3 02000000 0107 0010 08 00 00 A3000000 00000000 10 11:00:0 8086 10D3 02000000 0107 0010 08 00 00 A4000000 00000000 11 13:00:0 168C 0024 02800001 0107 2010 08 00 00 A5000004 00000000 09 5 Seconds to automatic boot. Press Ctrl-P for entering Monitor.

Press Ctrl-P, change speed and boot (also change speed on the terminal client)

comBIOS Monitor. Press ? for help. > set ConSpeed=9600 > reboot

Really test this and write up afterwards

Reset

1 pfSense 2 pfSense F6 PXE Boot: 1 /boot.config: -h Consoles: serial port BIOS drive C: is disk0 BIOS 627kB/1047424kB available memory FreeBSD/i386 bootstrap loader, Revision 1.1 (root@FreeBSD_8.0_pfSense_2.0-snaps.pfsense.org, Mon Dec 12 18:43:24 EST 2011) Loading /boot/defaults/loader.conf /boot/kernel/kernel text=0x8a1d18 data=0x3c9e54+0x9b6a0 syms=[0x4+0x94100+0x4+0xcaf47] \ Hit [Enter] to boot immediately, or any other key for command prompt. Type '?' for a list of commands, 'help' for more detailed help. OK set kern.cam.boot_delay=10000 OK boot Copyright (c) 1992-2010 The FreeBSD Project. Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994 The Regents of the University of California. All rights reserved. FreeBSD is a registered trademark of The FreeBSD Foundation. FreeBSD 8.1-RELEASE-p6 #0: Mon Dec 12 18:59:41 EST 2011 root@FreeBSD_8.0_pfSense_2.0-snaps.pfsense.org:/usr/obj./usr/pfSensesrc/src/sys/pfSense_wrap.8.i386 i386 Timecounter "i8254" frequency 1193182 Hz quality 0 CPU: Genuine Intel(R) CPU       @ 1.00GHz (1000.00-MHz 686-class CPU) Origin = "GenuineIntel" Id = 0x20661  Family = 6  Model = 26  Stepping = 1 Features=0xbfe9fbff Features2=0x40e3bd AMD Features=0x20100000 AMD Features2=0x1 TSC: P-state invariant real memory = 1073610752 (1023 MB) avail memory = 1032044544 (984 MB) ACPI Error: A valid RSDP was not found (20100331/tbxfroot-309) MPTable:  FreeBSD/SMP: Multiprocessor System Detected: 2 CPUs FreeBSD/SMP: 1 package(s) x 1 core(s) x 2 HTT threads cpu0 (BSP): APIC ID: 0 cpu1 (AP/HT): APIC ID: 1 ioapic0: Assuming intbase of 0 ioapic0  irqs 0-23 on motherboard netisr_init: forcing maxthreads to 1 and bindthreads to 0 for device polling wlan: mac acl policy registered ipw_bss: You need to read the LICENSE file in /usr/share/doc/legal/intel_ipw/. ipw_bss: If you agree with the license, set legal.intel_ipw.license_ack=1 in /boot/loader.conf. module_register_init: MOD_LOAD (ipw_bss_fw, 0xc0710010, 0) error 1 ipw_ibss: You need to read the LICENSE file in /usr/share/doc/legal/intel_ipw/. ipw_ibss: If you agree with the license, set legal.intel_ipw.license_ack=1 in /boot/loader.conf. module_register_init: MOD_LOAD (ipw_ibss_fw, 0xc07100b0, 0) error 1 wpi: You need to read the LICENSE file in /usr/share/doc/legal/intel_wpi/. wpi: If you agree with the license, set legal.intel_wpi.license_ack=1 in /boot/loader.conf. module_register_init: MOD_LOAD (wpi_fw, 0xc0883050, 0) error 1 ipw_monitor: You need to read the LICENSE file in /usr/share/doc/legal/intel_ipw/. ipw_monitor: If you agree with the license, set legal.intel_ipw.license_ack=1 in /boot/loader.conf. module_register_init: MOD_LOAD (ipw_monitor_fw, 0xc0710150, 0) error 1 ACPI Error: A valid RSDP was not found (20100331/tbxfroot-309) ACPI: Table initialisation failed: AE_NOT_FOUND ACPI: Try disabling either ACPI or apic support. cryptosoft0: on motherboard padlock0: No ACE support. pcib0:  pcibus 0 on motherboard pci0:  on pcib0 pcib1:  irq 16 at device 23.0 on pci0 pci1:  on pcib1 pcib2:  irq 16 at device 0.0 on pci1 pci2:  on pcib2 pci2: at device 0.0 (no driver attached) pci2:  at device 0.1 (no driver attached) pci2: at device 0.2 (no driver attached) ohci0:  mem 0xa0000b00-0xa0000bff irq 19 at device 2.0 on pci2 ohci0: [ITHREAD] usbus0:  on ohci0 ohci1:  mem 0xa0000c00-0xa0000cff irq 19 at device 2.1 on pci2 ohci1: [ITHREAD] usbus1: <OHCI (generic) USB controller> on ohci1 ohci2: <OHCI (generic) USB controller> mem 0xa0000d00-0xa0000dff irq 19 at device 2.2 on pci2 ohci2: [ITHREAD] usbus2: <OHCI (generic) USB controller> on ohci2 ehci0: <EHCI (generic) USB 2.0 controller> mem 0xa0000e00-0xa0000eff irq 19 at device 2.3 on pci2 ehci0: [ITHREAD] usbus3: EHCI version 1.0 usbus3: <EHCI (generic) USB 2.0 controller> on ehci0 pci2: <serial bus, USB> at device 2.4 (no driver attached) pci2: <base peripheral, SD host controller> at device 4.0 (no driver attached) pci2: <base peripheral, SD host controller> at device 4.1 (no driver attached) atapci0: <Intel AHCI controller> port 0x1020-0x103f mem 0xa0004400-0xa00047ff irq 17 at device 6.0 on pci2 atapci0: [ITHREAD] atapci0: AHCI v1.10 controller with 2 3Gbps ports, PM supported ata2: <ATA channel 0> on atapci0 ata2: [ITHREAD] ata3: <ATA channel 1> on atapci0 ata3: [ITHREAD] ohci3: <OHCI (generic) USB controller> mem 0xa0004800-0xa00048ff irq 16 at device 8.0 on pci2 ohci3: [ITHREAD] usbus4: <OHCI (generic) USB controller> on ohci3 ohci4: <OHCI (generic) USB controller> mem 0xa0004900-0xa00049ff irq 16 at device 8.1 on pci2 ohci4: [ITHREAD] usbus5: <OHCI (generic) USB controller> on ohci4 ohci5: <OHCI (generic) USB controller> mem 0xa0004a00-0xa0004aff irq 16 at device 8.2 on pci2 ohci5: [ITHREAD] usbus6: <OHCI (generic) USB controller> on ohci5 ehci1: <EHCI (generic) USB 2.0 controller> mem 0xa0004b00-0xa0004bff irq 16 at device 8.3 on pci2 ehci1: [ITHREAD] usbus7: EHCI version 1.0 usbus7: <EHCI (generic) USB 2.0 controller> on ehci1 pci2: at device 10.0 (no driver attached) pci2: <simple comms, UART> at device 10.1 (no driver attached) pci2: <simple comms, UART> at device 10.2 (no driver attached) pci2: <simple comms, UART> at device 10.3 (no driver attached) pci2: <simple comms, UART> at device 10.4 (no driver attached) pci2: at device 12.0 (no driver attached) pci2: at device 12.1 (no driver attached) pci2: at device 12.2 (no driver attached) pci2: at device 12.3 (no driver attached) pci2: at device 12.4 (no driver attached) pcib3: <PCI-PCI bridge> irq 17 at device 24.0 on pci0 pci3: <PCI bus> on pcib3 pcib4: <PCI-PCI bridge> at device 0.0 on pci3 pci4: <PCI bus> on pcib4 pcib5: <PCI-PCI bridge> at device 2.0 on pci4 pci5: <PCI bus> on pcib5 em0: <Intel(R) PRO/1000 Network Connection 7.2.3> port 0x2000-0x201f mem 0xa1000000-0xa101ffff,0xa1020000-0xa1023fff irq 19 at device 0.0 on pci5 em0: Using MSIX interrupts with 3 vectors em0: [ITHREAD] em0: [ITHREAD] em0: [ITHREAD] pcib6: <PCI-PCI bridge> at device 3.0 on pci4 pci6: <PCI bus> on pcib6 em1: <Intel(R) PRO/1000 Network Connection 7.2.3> port 0x3000-0x301f mem 0xa2000000-0xa201ffff,0xa2020000-0xa2023fff irq 16 at device 0.0 on pci6 em1: Using MSIX interrupts with 3 vectors em1: [ITHREAD] em1: [ITHREAD] em1: [ITHREAD] pcib7: <PCI-PCI bridge> at device 4.0 on pci4 pci7: <PCI bus> on pcib7 pcib8: <PCI-PCI bridge> irq 18 at device 25.0 on pci0 pci8: <PCI bus> on pcib8 pcib9: <PCI-PCI bridge> at device 0.0 on pci8 pci9: <PCI bus> on pcib9 pcib10: <PCI-PCI bridge> at device 2.0 on pci9 pci10: <PCI bus> on pcib10 em2: <Intel(R) PRO/1000 Network Connection 7.2.3> port 0x4000-0x401f mem 0xa3000000-0xa301ffff,0xa3020000-0xa3023fff irq 16 at device 0.0 on pci10 em2: Using MSIX interrupts with 3 vectors em2: [ITHREAD] em2: [ITHREAD] em2: [ITHREAD] pcib11: <PCI-PCI bridge> at device 3.0 on pci9 pci11: <PCI bus> on pcib11 em3: <Intel(R) PRO/1000 Network Connection 7.2.3> port 0x5000-0x501f mem 0xa4000000-0xa401ffff,0xa4020000-0xa4023fff irq 17 at device 0.0 on pci11 em3: Using MSIX interrupts with 3 vectors em3: [ITHREAD] em3: [ITHREAD] em3: [ITHREAD] pcib12: <PCI-PCI bridge> at device 4.0 on pci9 pci12: <PCI bus> on pcib12 pcib13: <PCI-PCI bridge> irq 19 at device 26.0 on pci0 pci13: <PCI bus> on pcib13 ath0: <Atheros 5416> mem 0xa5000000-0xa500ffff irq 19 at device 0.0 on pci13 ath0: [ITHREAD] ath0: AR5418 mac 12.10 RF2133 phy 8.1 isab0: <PCI-ISA bridge> at device 31.0 on pci0 isa0: <ISA bus> on isab0 cpu0 on motherboard cpu1 on motherboard ata0 at port 0x1f0-0x1f7,0x3f6 irq 14 on isa0 ata0: [ITHREAD] ata1 at port 0x170-0x177,0x376 irq 15 on isa0 ata1: [ITHREAD] atrtc0: <AT Real Time Clock> at port 0x70 irq 8 on isa0 ppc0: parallel port not found. uart0: <Non-standard ns8250 class UART with FIFOs> at port 0x3f8-0x3ff irq 4 flags 0x10 on isa0 uart0: [FILTER] uart0: console (9600,n,8,1) Timecounters tick every 10.000 msec IPsec: Initialized Security Association Processing. usbus0: 12Mbps Full Speed USB v1.0 usbus1: 12Mbps Full Speed USB v1.0 ugen0.1: <(0x8086)> at usbus0 uhub0: <(0x8086) OHCI root HUB, class 9/0, rev 1.00/1.00, addr 1> on usbus0 ugen1.1: <(0x8086)> at usbus1 uhub1: <(0x8086) OHCI root HUB, class 9/0, rev 1.00/1.00, addr 1> on usbus1 usbus2: 12Mbps Full Speed USB v1.0 usbus3: 480Mbps High Speed USB v2.0 ugen2.1: <(0x8086)> at usbus2 uhub2: <(0x8086) OHCI root HUB, class 9/0, rev 1.00/1.00, addr 1> on usbus2 ugen3.1: <Intel> at usbus3 uhub3: <Intel EHCI root HUB, class 9/0, rev 2.00/1.00, addr 1> on usbus3 uhub0: 1 port with 1 removable, self powered uhub1: 1 port with 1 removable, self powered usbus4: 12Mbps Full Speed USB v1.0 uhub2: 1 port with 1 removable, self powered ugen4.1: <(0x8086)> at usbus4 uhub4: <(0x8086) OHCI root HUB, class 9/0, rev 1.00/1.00, addr 1> on usbus4 usbus5: 12Mbps Full Speed USB v1.0 usbus6: 12Mbps Full Speed USB v1.0 ugen5.1: <(0x8086)> at usbus5 uhub5: <(0x8086) OHCI root HUB, class 9/0, rev 1.00/1.00, addr 1> on usbus5 ugen6.1: <(0x8086)> at usbus6 uhub6: <(0x8086) OHCI root HUB, class 9/0, rev 1.00/1.00, addr 1> on usbus6 usbus7: 480Mbps High Speed USB v2.0 uhub4: 1 port with 1 removable, self powered ugen7.1: <Intel> at usbus7 uhub7: <Intel EHCI root HUB, class 9/0, rev 2.00/1.00, addr 1> on usbus7 uhub5: 1 port with 1 removable, self powered uhub6: 1 port with 1 removable, self powered uhub3: 3 ports with 3 removable, self powered uhub7: 3 ports with 3 removable, self powered ugen7.2: <SanDisk> at usbus7 umass0: <SanDisk Cruzer Fit, class 0/0, rev 2.00/1.26, addr 2> on usbus7 SMP: AP CPU #1 Launched! da0 at umass-sim0 bus 0 scbus0 target 0 lun 0 da0: <SanDisk Cruzer Fit 1.26> Removable Direct Access SCSI-5 device da0: 40.000MB/s transfers da0: 7633MB (15633408 512 byte sectors: 255H 63S/T 973C) GEOM: da0s1: geometry does not match label (16h,63s != 255h,63s). GEOM: da0s2: geometry does not match label (16h,63s != 255h,63s). Trying to mount root from ufs:/dev/ufs/pfsense0 Configuring crash dumps... Mounting filesystems...  Setting up embedded specific environment... done. ___  ___/ f \ / p \___/ Sense \___/  \      \___/  Welcome to pfSense 2.0.1-RELEASE  ...  Creating symlinks......done. External config loader 1.0 is now starting... da0s3 Launching the init system... done. Initializing............................ done. Starting device manager (devd)...done. Loading configuration......done.

If you get ROOT MOUNT ERROR see

Now interfaces must be assigned: ath0 is the optional wireless card

Network interface mismatch -- Running interface assignment option. Valid interfaces are: em0  00:00:24:ce:80:70   (up) Intel(R) PRO/1000 Network Connection 7.2.3 em1  00:00:24:ce:80:71   (up) Intel(R) PRO/1000 Network Connection 7.2.3 em2  00:00:24:ce:80:72   (up) Intel(R) PRO/1000 Network Connection 7.2.3 em3  00:00:24:ce:80:73   (up) Intel(R) PRO/1000 Network Connection 7.2.3 ath0 cc:b2:55:c3:58:84   (up) Atheros 5416 Do you want to set up VLANs first? If you are not going to use VLANs, or only for optional interfaces, you should say no here and use the webConfigurator to configure VLANs later, if required. Do you want to set up VLANs now [y|n]? n

No vlans for this setup.

Assign all interfaces including ath0 if it exists

*NOTE* pfSense requires *AT LEAST* 1 assigned interface(s) to function. If you do not have *AT LEAST* 1 interfaces you CANNOT continue. If you do not have at least 1 *REAL* network interface card(s) or one interface with multiple VLANs then pfSense *WILL NOT* function correctly. If you do not know the names of your interfaces, you may choose to use auto-detection. In that case, disconnect all interfaces now before hitting 'a' to initiate auto detection. Enter the WAN interface name or 'a' for auto-detection: em0 Enter the LAN interface name or 'a' for auto-detection NOTE: this enables full Firewalling/NAT mode. (or nothing if finished): em1 Enter the Optional 1 interface name or 'a' for auto-detection (or nothing if finished): em2 Enter the Optional 2 interface name or 'a' for auto-detection (or nothing if finished): em3 Enter the Optional 3 interface name or 'a' for auto-detection (or nothing if finished): ath0 Enter the Optional 4 interface name or 'a' for auto-detection (or nothing if finished): The interfaces will be assigned as follows: WAN -> em0 LAN -> em1 OPT1 -> em2 OPT2 -> em3 OPT3 -> ath0 Do you want to proceed [y|n]?y Writing configuration...done. Updating configuration...done. Cleaning backup cache...done. Setting up extended sysctls...done. Setting timezone...done. Starting Secure Shell Services...done. Setting up polling defaults...done. Setting up interfaces microcode...done. Configuring LAGG interfaces...done. Configuring VLAN interfaces...done. Configuring QinQ interfaces...done. Configuring WAN interface...done. Configuring LAN interface...done. Syncing OpenVPN settings...done. Starting syslog...done. Configuring firewall......done. Starting PFLOG...done. Setting up gateway monitors...done. Synchronizing user settings...done. Starting webConfigurator...done. Configuring CRON...done. Starting DHCP service...done. Starting DNS forwarder...done. Configuring firewall......done. Starting OpenNTP time client...done. Generating RRD graphs...done. Starting CRON... done. Bootup complete FreeBSD/i386 (pfSense.localdomain) (console) *** Welcome to pfSense 2.0.1-RELEASE-nanobsd (i386) on pfSense *** WAN (wan)                -> em0        -> 192.168.10.122 (DHCP) LAN (lan)                -> em1        -> 192.168.1.1 OPT1 (opt1)              -> em2        -> NONE OPT2 (opt2)              -> em3        -> NONE OPT3 (opt3)              -> ath0_wlan0 -> NONE 0) Logout (SSH only)                 8) Shell 1) Assign Interfaces                 9) pfTop 2) Set interface(s) IP address      10) Filter Logs 3) Reset webConfigurator password   11) Restart webConfigurator 4) Reset to factory defaults        12) pfSense Developer Shell 5) Reboot system                    13) Upgrade from console 6) Halt system                      14) Enable Secure Shell (sshd) 7) Ping host Enter an option:

Now the Soekris box is up and running.

Connect a PC to Eth1 (LAN) and use a browser to access the admin GUI on https://192.168.1.1 Ignore certificate error and login in with user: admin and password: pfsense

Go through the initial setup wizard.

Bridging
There is actually three different but connected uses of the word interface here
 * 1) Hardware interface port, labled Eth0 to Eth3 on the Soekris case (the common abbreviation NIC means: Network Interface Card)
 * 2) FreeBSD network interface driver: em0 to em3 (from Shell try: ifconfig)
 * 3) pfSense interface: WAN, LAN, OPTx

There is a direct relation between Eth0 and em0. This interface can then be assigned to a pfSense interface like WAN.

To make the LAN ports (Eth1-3) act as a switch the interfaces must be enabled, firewall rules added and a bridge created. When creating a bridge we could just add LAN and all the OPTx interfaces to the bridge, and it would work. That is to say: as long as Eth1 is up. The IP address will be bound to em1 (Eth1). For the gateway to be accessible regardsless of the state of Eth1, the IP address must be assigned to the bridge itself. See: Wireless adapter bridged to LAN stops working if LAN unplugged

Enable interfaces
Use the menu Interfaces and enable all OPTx interfaces.

To enable the wireless interface, SSID and other info must be specified.

Add firewall rules
Go to Firewall -> Rules On all OPTx interfaces add rule to let all traffic pass (blocked by default) Click + to add rule with Protocol: any

Apply changes when all rules are added.

Create Bridge
Go to Interfaces -> (assign): Bridges Click + and add all OPTx to Member interfaces (hold CTRL while clicking)

Reassign interfaces
Interfaces -> (assign)

LAN: BRIDGE0 OPT1: em1 OPT2: em2

em3 (or ath0) must be assigned after the settings has been applied.

Problem
For some reason LAN connectivity is now lost. The settings is not applied properly by pfSense.

Two solutions: Go to Interfaces -> LAN, Click Save and then Apply Changes 
 * 1) Reboot
 * 2) Admin GUI has been enabled on the WAN side and a computer can reach it

Assign em3
Interfaces -> (assign)

Click + and assign em3

Go to Interfaces -> (assign): Bridges and add the interface to the bridge.

Now the same problem arises concerning connectivity.

Clean up
Visit all OPTx interfaces on the Interfaces menu and change the Description to match the physical port

em1: LAN1 or ETH1 em2: LAN2 em3: Lan3 ath0: WIFI

LEDs
It would be desirable to control the Ready and Error LEDs from software. Maybe flashing Ready while booting, and steady light when finished.

There is currently no easy way to do this.

When pfSense starts using FreeBSD 9.x, gpioctl will hopefully be available and useable for this.

LEDs on net6501 Red Error LED:  I/O port 069C bit 0, 0=off, 1=on. Green Ready LED: I/O port 069D bit 0, 0=off, 1=on.

WebGUI from WAN
How can I access the webGUI from the WAN?

Firewall -> Rules : WAN

Add rule Action: Pass Destination Type: WAN address Destination port range From: HTTPS To: HTTPS

Root Mount error
When compiling this Howto, pfSense reported a Root Mount Error. The error was not present when using M0n0wall, pfSense LiveCD or FreeBSD 8.2. The solution is presented here: http://doc.pfsense.org/index.php/Boot_Troubleshooting#Booting_from_USB


 * kern.cam.boot_delay
 * Delay (in ms) of root mount for CAM bus registration, useful for USB sticks as root

Console boot messages

uhub7: 3 ports with 3 removable, self powered Root mount waiting for: usbus7 ugen7.2: <SanDisk> at usbus7 umass0: <SanDisk Cruzer Fit, class 0/0, rev 2.00/1.26, addr 2> on usbus7 Root mount waiting for: usbus7 Trying to mount root from ufs:/dev/ufs/pfsense0 ROOT MOUNT ERROR: If you have invalid mount options, reboot, and first try the following from the loader prompt: set vfs.root.mountfrom.options=rw and then remove invalid mount options from /etc/fstab. Loader variables: vfs.root.mountfrom=ufs:/dev/ufs/pfsense0 vfs.root.mountfrom.options=ro,sync,noatime Manual root filesystem specification: : Mount using filesystem eg. ufs:/dev/da0s1a eg. cd9660:/dev/acd0 This is equivalent to: mount -t cd9660 /dev/acd0 / ?                 List valid disk boot devices Abort manual input mountroot>

Reboot (press the reset key at the back of the box) and escape to the boot loader.

Tap a key when data= shows on the /boot/kernel/kernel line (the oppurtunity passes quickly)

FreeBSD/i386 bootstrap loader, Revision 1.1 (root@FreeBSD_8.0_pfSense_2.0-snaps.pfsense.org, Mon Dec 12 18:43:24 EST 2011) Loading /boot/defaults/loader.conf /boot/kernel/kernel text=0x8a1d18 data=0x3c9e54+0x9b6a0 syms=[0x4+0x94100+0x4+0xcaf47] \ Hit [Enter] to boot immediately, or any other key for command prompt. Type '?' for a list of commands, 'help' for more detailed help. OK set kern.cam.boot_delay=10000 OK boot

Next step is to make this setting persistent. To do this the root partition must be remounted as writeable. On the console menu, enter 8) Shell

vi help Esc i  insert mode Esc wq write file and quit Esq q! quit without saving

vi help

root(1): mount /dev/ufs/pfsense0 on / (ufs, local, noatime, read-only, synchronous) [...] root(2): mount -uw /dev/ufs/pfsense0 root(3): mount /dev/ufs/pfsense0 on / (ufs, local) /root(4): vi /boot/loader.conf.local kern.cam.boot_delay="10000" root(5): mount -ur /dev/ufs/pfsense0 root(6): mount /dev/ufs/pfsense0 on / (ufs, local, read-only) root(7): exit

5) Reboot system to make sure it works.

Stuck Beacon
The log fills up with these. It has apparently been a well known problem for a long time. ath0: stuck beacon; resetting (bmiss count4)


 * The Infamous Stuck Beacon Problem
 * beacon stuck solution
 * Yet another Atheros upgrade horror story
 * http://wiki.freebsd.org/dev/ath(4)
 * http://linuxwireless.org/en/users/Drivers/Atheros

Geometry mismatch
Haven't found an easy solution to this. Apperantly it just cosmetic (for this use case).

From boot log GEOM: da0s1: geometry does not match label (16h,63s != 255h,63s). GEOM: da0s2: geometry does not match label (16h,63s != 255h,63s).

Hardware Manual Chapter 5 excerpt
 * Preloading the storage device on another system. The net6501 uses a simple algorithm for sector
 * translation for storage devices, if there are less than 1024 tracks, it will use the native CHS that the
 * device reports, if more than 1024 tracks, it will use LBA translation. So the host system will need to
 * match that, and that will also normally be the case. In some cases it may be necessary to change the
 * translation settings in the host system’s BIOS or to do manually configuration of the boot loader used.


 * GEOM: ad0s2: geometry does not match label (255h,63s != 16h,255s)
 * Testing out FreeBSD 8.0-RC1