Pages

Saturday, May 5, 2012

Installing pfSense on ALIX 2-3

It's always exciting when new hardware arrives! This is a basically a little computer on which I'll be installing pfSense, a fully featured and free routing distribution based on FreeBSD. If you're interested in doing the same, check out the following post to find out how.

ALIX 2-3 from Yawarra


The back of the box shows (from left to right) 1 x DB9 connector (for serial console), 3 x 10/100Mb interfaces, 2 x USB ports, power input and an 5dBi omni antenna. I'll be configuring one port as a wide area network (WAN) by bridging it to my current ADSL2+ modem, the next as a local area network (LAN) and the third port will be configured as a demilitarised zone (DMZ) for protected access to services on my network from the Internet.

ALIX 2-3 back showing IO ports


Opening up the back of the case with an allen key, you can see its contains a Mini-ITX ALIX 2-3 motherboard consisting of a 500Mhz AMD Geode processor, 256MB of on-board RAM, 2GB Compact flash card and a Mini-PCI Atheros 802.11 a/b/g wireless card I rescued from a dead Cisco 800 series router.  All this is stuffed inside a tiny shiny red case from Yawarra.

ALIX 2-3 Motherboard showing Compact Flash

As a side note, you can install pfSense on any i386 compatible hardware. So you can turn that old PC you have laying around into a fully featured router. Just make sure that it has enough ethernet interfaces for your requirements (to be useful you'll need at least two), and if your purchasing hardware, check the FreeBSD 8.1 supported hardware list to make sure it will all work ok.

The benefits of using ALIX boards over other hardware is that they're small, they have low power requirements and have no moving parts such as fans and hard drives which eventually wear down, break and require replacement.

If like me, you got your hardware from Yawarra, you can opt to have pfSense pre-installed, however they use a 512MB image to flash the Compact flash card so you won't be using the full capacity of your card if its capacity is larger. My CF card is 2GB so I'll remove the card and flash the 2GB image from pfSense using a USB CF card reader in my computer. Before doing this however, I'll need to delete any existing partitions on the card. I've noticed that the program used to flash the new image (physdiskwrite) won't work properly if there are existing partitions. Removing them will allow me to flash the new image without any issues.

To do this on Windows, put the card into your card reader and click start, then in the search box type 'cmd.exe', then press enter. Run 'diskpart.exe' and complete the following..
Oh, and word of caution, be careful deleting volumes! Make sure that you have selected the right disk and volume before deleting it. You don't want to delete the wrong volume and lose data from another drive!

C:\Windows\system32>diskpart.exe

Microsoft DiskPart version 6.1.7601
Copyright (C) 1999-2008 Microsoft Corporation.
On computer: HEH

DISKPART> list disk

  Disk ###  Status         Size     Free     Dyn  Gpt
  --------  -------------  -------  -------  ---  ---
  Disk 0    Online          465 GB      0 B
  Disk 1    Online         1895 MB      0 B

DISKPART> select disk 1

Disk 1 is now the selected disk.

DISKPART> list volume

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
  Volume 0     E                       DVD-ROM         0 B  No Media
  Volume 1         System Rese  NTFS   Partition    100 MB  Healthy    System
  Volume 2     C                NTFS   Partition    463 GB  Healthy    Boot
  Volume 3     D   HP_TOOLS     FAT32  Partition   2043 MB  Healthy
  Volume 4     F   SANDISK      FAT    Removable   1895 MB  Healthy

DISKPART> select volume 4

Volume 4 is the selected volume.

DISKPART> delete volume

DiskPart successfully deleted the volume.

DISKPART> list volume

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
  Volume 0     E                       DVD-ROM         0 B  No Media
  Volume 1         System Rese  NTFS   Partition    100 MB  Healthy    System
  Volume 2     C                NTFS   Partition    463 GB  Healthy    Boot
  Volume 3     D   HP_TOOLS     FAT32  Partition   2043 MB  Healthy
  Volume 4     F                       Removable       0 B  Unusable

DISKPART> exit

Leaving DiskPart...

C:\Windows\system32>

You may find that the CF card has two or more volumes, if so, just select those volumes and delete them too before typing exit.

Now we need to download two things, physdiskwrite, and the correct sized pfSense nanobsd image for our CF card. Extract the physdiskwrite.zip file to your C: drive and then extract the pfSense .tar.gz file into the same C:\physdiskwrite folder. You may need to use 7zip to do this.
With everything in place, click the start button and search for 'cmd.exe' and press enter to get a 'Command Prompt' window again and complete the following commands.

C:\Windows\system32>cd c:\physdiskwrite-0.5.2

c:\physdiskwrite-0.5.2>physdiskwrite.exe -u pfSense-2.0.1-RELEASE-2g-i386-201112
12-1900-nanobsd.img

physdiskwrite v0.5.2 by Manuel Kasper <[email protected]>

Searching for physical drives...

Information for \\.\PhysicalDrive0:
   Windows:       cyl: 60801
                  tpc: 255
                  spt: 63
Information for \\.\PhysicalDrive1:
   Windows:       cyl: 471
                  tpc: 255
                  spt: 63

Which disk do you want to write? (0..1) 1
WARNING: that disk is larger than 2 GB! Make sure you're not accidentally
overwriting your primary hard disk! Proceeding on your own risk...
About to overwrite the contents of disk 1 with new data. Proceed? (y/n) y
1999968768/1999968768 bytes written in total

c:\physdiskwrite-0.5.2>

It will take quite some time to write all the data to your CF card, so you may as well go and get a coffee. Once its complete, you can exit the Command Prompt as we're ready to connect the COM port using the provided serial cable and power on the router. If your computer doesn't have a DB9 COM port you may need to use an USB to RS-232 DB9 (Serial Adapter).

I use putty.exe terminal emulator to connect to my pfSense router. Just select connection type 'serial' and type in the COM port number (eg. COM4) and click 'Open'. When you power the router on you should see text start to scroll in the terminal window as the machine boots.
Don't worry, we'll be done with all this command line stuff soon as pfSense setup and configuration is all web based. We only need to do the first boot with the serial console connected to assign interfaces and set an IP address, after which we can access the router with a web browser.
Just on that, connecting to your router with a serial connection is beneficial to know. If you ever lock yourself out or are unable to access the router you can always connect the serial cable and establish a connection to reset passwords, firewall rules etc; very handy.

During the first boot you will be asked if you want to configure a VLAN, enter 'no' as we don't need one. After this you'll be given a list of ethernet devices and asked to assign one to the WAN interface. Enter 'vr0' to assign it as the WAN interface and then enter 'vr1' when asked to assign the LAN interface. Press enter to finish assigning interfaces and then the machine will boot to a menu. You should see your LAN and WAN interfaces above the menu selection displaying currently assigned IP addresses. Your WAN wont have an IP address yet, but the LAN should be '192.168.1.1' or similar. If its not, or you want to change it, select option '2' to assign an IP address
Just to clarify, the ALIX 2-3 boards have 3 interfaces, each one being vr0, vr1, vr2. from right to left respectively. So the WAN interface (vr0) we just assigned is closest to the power jack on the right of the box. See below.

ALIX 2-3 Back close-up showing IO ports

You may also see an 'ath0' or similar device listed on initial boot and config. This will be the wireless interface which we will configure using the pfSense web interface, so don't worry about it yet.
You should now be able to connect the LAN port (vr1) to your switch along with your computer and navigate a browser to http://192.168.1.1 or whatever IP address you specified during the initial boot. You can login with the default username and password is 'admin' and 'pfsense'.

Click through to the next post 'pfSense initial configuration with ADSL WAN' for detailed instructions on how to configure your old router / modem as a bridge and use pfSense to connect up to the Internet.

Further Reading

If you get stuck at any point you can find plenty of help on the pfSense website. You will probably find the most help on the pfSense Wiki - 'Installing pfSense'.

No comments:

Post a Comment