Vous êtes sur la page 1sur 15

3/2/2014

Installing pfSense - PFSenseDocs

Search

Personal tools

Log in

Installing pfSense
From PFSenseDocs

Contents
1 pfSense Installation and Configuration 2 Booting and Media 2.1 Embedded 2.1.1 Special Information 2.1.2 Writing the image 2.1.2.1 Windows 2.1.2.2 Linux 2.1.2.3 PXE 2.1.3 Booting pfSense the first time 2.2 Tutorial for setting up a PC-Engines WRAP 2.3 LiveCD / Hard Drive 2.3.1 The Install option 2.4 Virtual Machine Install 3 Initial pfSense configuration 3.1 Assigning Interfaces 3.1.1 VLANS 3.1.2 LAN, WAN, OPTx 3.1.3 Auto Assign Procedure 4 Finishing steps 4.1 pfSense default configuration 4.2 Storing your configfile on a writable media 4.3 Accessing the webgui 5 Installing pfSense to Hard Disk 6 Additional Information

https://doc.pfsense.org/index.php/Installing_pfSense

1/15

3/2/2014

Installing pfSense - PFSenseDocs

pfSense Installation and Configuration


This section will guide you through selecting your hardware, the initial pfSense configuration, and installing pfSense to your hard drive

Booting and Media


Embedded
The embedded builds are made for embedded hardware platforms like the popular PC-Engines ALIX or WRAP and Soekris 4X01 amongst many other suitable platforms. Before you begin with pfSense 1.2.3 NanoBSD images, you might want to check out the following articles: 1. NanoBSD on WRAP 2. ALIX BIOS Update Procedure Special Information 1. Provided as flashable image (can be written to CF-Card, USB-Stick, harddisk, disk-on-module, ...) 2. Read-only filesystem due to limited write cycles of flash media, will only be mounted to write the configuration file or for small, infrequent alterations. 3. Video and keyboard is disabled as some embedded systems don't have this hardware. 4. All console output is at COM1 and 9600 baud (use a nullmodem-cable to connect with a terminal emulation like PuTTY, terraterm, or hyperterminal). 5. Package support starting with NanoBSD-based images for pfSense 1.2.3 and newer. Only for packages which have been altered to work with limited writes. 6. Small footprint: 512MB boot media is sufficient, 128MB for older (1.2.2 and earlier) embedded images. Writing the image You can download the embedded image from one of the pfSense mirrors (http://pfsense.com/mirror.php? section=downloads) .
Windows

When using a windows machine the easiest way to write your media is with physdiskwrite (http://m0n0.ch/wall/physdiskwrite.php) . Place physdiskwrite and the pfSense image in the same folder. Attach the media you want to store pfSense on (i.e. CFReader and CF-Card). Then issue the following command:
p h y s d i s k w r i t ep f S e n s e 1 . 2 . 3 R E L E A S E x g n a n o b s d . i m g . g z

Physdiskwrite will show you a numbered list of suitable devices (USB-stick, CF-cards in USB-readers, harddisks,...). Enter the number of the desired media.
https://doc.pfsense.org/index.php/Installing_pfSense 2/15

3/2/2014

Installing pfSense - PFSenseDocs

Linux

For Linux machines, use the built in dd (http://en.wikipedia.org/wiki/Dd_%28Unix%29) command from a terminal shell. Extract the downloaded gzipped archive first with unp (http://www.unixmen.com/unp-universel-file-extractor/) .
u n pp f S e n s e 1 . 2 . 3 R E L E A S E x g n a n o b s d . i m g . g z

If the convenience utility unp is not installed, use gunzip (http://en.wikipedia.org/wiki/Gzip#gunzip_and_zcat) instead. The img file is a raw copy of the target compact flash disk, including the partition table, mbr, boot sectors and file system. Write it to your media with dd.
d di f = p f S e n s e 2 . 0 . 1 R E L E A S E 1 g i 3 8 6 n a n o b s d . i m go f = / d e v / s d z

You will need to amend if= (input file) when your downloaded file name varies. Destination of= (output file) is where the image is written to. It should be a block device, and the first 1Gb will be overwritten. It is set to the seldom used sdz in the above example, to prevent accidental overwrite if the command is pasted directly. Use df (http://en.wikipedia.org/wiki/Df_%28Unix%29) or lsusb to determine the device name for your compact flash. WARNING By choosing the wrong destination you might wipe one of your hard disks! Check and recheck your selection again!!
PXE

Some Alix boards can PXE boot from the network. If you boot a sysresccd (http://www.sysresccd.org/Sysresccdmanual-en_PXE_network_booting) serial console image, you could then write the pfSense image to the compact flash with the above steps, without having to physically remove it from the firewall device. You can auto start script sysresccd, and could therefore clean install and customize many firewall devices unattended. Booting pfSense the first time Before attempting to boot, if you are using NanoBSD (pfSense 1.2.3 or newer) on ALIX hardware, ensure you have the latest BIOS (at least 0.99h) and set CHS mode in the BIOS. After your media is successfully written, place it in your system as bootmedia. Check your BIOS to select the correct boot priority and configure the device. If everything is configured correctly you should see the kernel beginning to load. At systems with VGA the output will stop displaying a "/" at the screen. From that point on all output is at COM1. Please check the bootup process there by using a null modemcable and a terminal program. The image has a default config that works with the ALIX and the SOEKRIS. With these platforms simply connect a client to the LAN Interface and it gets an IP by DHCP. You can access pfSense at 192.168.1.1. Logon with user "admin" and password "pfsense". If you are using a direct connect from your client to the pfSense interface remember that you need a crossover cable. For other systems please continue at "Initial pfSense configuration" as you most likely have to assign interfaces before you can access pfSense's webgui.
https://doc.pfsense.org/index.php/Installing_pfSense 3/15

3/2/2014

Installing pfSense - PFSenseDocs

Tutorial for setting up a PC-Engines WRAP


A tutorial how to set up pfSense for a PC-Engines WRAP can be found here (http://pfsense.com/mirror.php? section=/tutorials/wrap_install/wrap_install.htm) .

LiveCD / Hard Drive


The LiveCD (http://pfsense.com/mirror.php?section=downloads) can be used to evaluate pfSense. You need a CDBurner and a CD-Writing application that is capable of writing a CD from an iso file like i.e. the free CD Burner XP (http://cdburnerxp.se/) . A system with at least 2 NICs and a CDROM to boot from is needed. After bootup, you can choose any detected usable media like (floppy, usb-stick, ...) to store your custom config on (Option 98 at the shell menu). The LiveCD is searching on all available medias for the config file on bootup. This way you can run the system from CD and config media only. The Install option At the same time the LiveCD is the installer which can setup pfSense to your hard disk. It's recommended that you first configure pfSense before you run the installer (option 99 at the shell menu).

Virtual Machine Install


You can install pfSense in a VM, and use either entirely within the host (in which case you will not need any additional NICs) or to connect to physical networks (when you will need extra NICs as you would for a normal installation). There is a detailed guide to setting up pfSense under VMWare Server, running under Windows server 2003 Installing_pfSense_in_vmware_under_windows There is also a guide to setting up pfSense under VMware ESXi 5.x at PfSense 2 on VMware ESXi 5

Initial pfSense configuration


Assigning Interfaces
The first time pfSense boots up it will ask you to assign the interfaces if it has not found a configfile or interface configuration is different from what was found in the config file. VLANS You now have the option to assign VLANs. If you don't need VLANs or don't know what VLANs are choose no here. VLANs are optional and are only needed for advanced networking. You as well need VLAN-capable equipment if you plan to use it. (better description and config steps still needed here) LAN, WAN, OPTx The first interface it asks you to assign is the LAN interface. If you know the interface you want to assign LAN to enter the name of the interface like "fxp0" and hit enter. The second interface you have to assign is the WAN interface. Enter the appropriate interface like "fxp1" and hit enter again.
https://doc.pfsense.org/index.php/Installing_pfSense 4/15

3/2/2014

Installing pfSense - PFSenseDocs

You at least need two interfaces (LAN and WAN) to setup pfSense. If you have more interfaces available you can go on and assign them as OPTx interfaces. The procedure is the same like for the already assigned interfaces. Auto Assign Procedure There is another procedure to assign interfaces which is especially designed if your nics are all of the same kind and you don't know which physical nic matches which detected nic as they all then will appear for example as fxpX. In this case you simply can enter "a" when you are asked for the nic name. pfSense now is waiting for a linkup event at one of the nics. Just plug in a cable to the nic you want to assign and wait for the link light to turn on at the nic. Hit enter after that. pfSense has detected the linkup and you can continue with the next interface. If you have no more interfaces left just hit enter without entering a NIC name and apply the settings by confirming them with "y".

Finishing steps
pfSense now will make the finishing touches to configure the interfaces.

After it went through the configuration you'll end up with a shell menu and a number of options. pfSense now is ready to be accessed at the interface you assigned as LAN with the webgui.

https://doc.pfsense.org/index.php/Installing_pfSense

5/15

3/2/2014

Installing pfSense - PFSenseDocs

pfSense default configuration


By default pfSense will have the following configuration. WAN is configured as DHCP client, all incoming connections are blocked by default. LAN is configured at 192.168.1.1/24 and acts as DHCP-Server and offers a DNS-forwarder. OPTx interfaces are disabled, you have to enable and configure them at the webgui. WebGUI runs at port 80, username is "admin", password "pfsense". SSH is disabled.

Storing your configfile on a writable media


If you are planning to run the LiveCD with a writable configmedia run option 98 to assign the drive that should hold your configfile. The LiveCD will browse all available medias on bootup for a valid configfile and use it if found.

Accessing the webgui


You now should modify the configuration to fit your needs at the webgui. Make sure your client got an IP and use your favourite browser to access http://192.168.1.1 using "admin" as user and "pfsense" as password. The easiest way to go through all the basic settings is to run the setup wizard that can be found in the webgui-menu at System>Setup Wizard.

Installing pfSense to Hard Disk


If you are satisfied and want to setup pfSense to your hard drive run option 99 from the shell menu now. The configuration you did will be transferred to the hard drive by the installer.
https://doc.pfsense.org/index.php/Installing_pfSense 6/15

3/2/2014

Installing pfSense - PFSenseDocs

(Basically you can run through the installer by just accepting all suggestions the installer is offering)

First you get some settings to localize your keyboard or change your console appearance. Change what you need or just go one by accepting the settings.

https://doc.pfsense.org/index.php/Installing_pfSense

7/15

3/2/2014

Installing pfSense - PFSenseDocs

Next pfSense will present a list with detected suitable installmedias to you. Please make sure you are not accidently overwriting data you still need. It's recommended to have a dedicated media only for your install. Any other constelations are not officially supported. Choose your media and hit enter to continue.

You should format the disk to prepare it for the installation. Beware this will whipe your entire media!

https://doc.pfsense.org/index.php/Installing_pfSense

8/15

3/2/2014

Installing pfSense - PFSenseDocs

At the next step pfSense will show you the detected drive geometry. You should leave this the way it was detected as long as you don't run into any troubles while installing with these settings. In case you get errors try to alter your bios settings befor manually entering values here. Setting your drive from auto to lba or chs in bioas already might help to detect the right settings.

Now you are at the point of no return: Only hit "Format xxX" if you are really sure there is no valuable data left at this media!

https://doc.pfsense.org/index.php/Installing_pfSense

9/15

3/2/2014

Installing pfSense - PFSenseDocs

The media is now prepared to continue with partitioning. Just hit enter to move on.

pfSense suggests using the complete space of your drive for the installation. You usually should just keep this setting and move on to the next step.

https://doc.pfsense.org/index.php/Installing_pfSense

10/15

3/2/2014

Installing pfSense - PFSenseDocs

In case your partitioning was the same like before as this is a reinstall confirm the changes.

You typically can confirm the following step. If you encounter problems with the bootloader after the installation is done rerun the installation and check "Packet mode" at this screen.

https://doc.pfsense.org/index.php/Installing_pfSense

11/15

3/2/2014

Installing pfSense - PFSenseDocs

Select the just created partition as target for your installation.

Confirm this step. In case you skipped the above settings this is the point where your data on the media will be overwritten.

https://doc.pfsense.org/index.php/Installing_pfSense

12/15

3/2/2014

Installing pfSense - PFSenseDocs

pfSense suggests a setting for your subpartitioning now which you usually should just keep.

After accepting the above settings pfSense is starting to transfer the system to the prepared media.

https://doc.pfsense.org/index.php/Installing_pfSense

13/15

3/2/2014

Installing pfSense - PFSenseDocs

You will be asked after a short time to remove the CD and reboot the system to boot your new install.

The system is now going down for reboot and your installation is finished

https://doc.pfsense.org/index.php/Installing_pfSense

14/15

3/2/2014

Installing pfSense - PFSenseDocs

Additional Information
For additional information on Installing pfSense, see the page Category:Installation. Retrieved from "https://doc.pfsense.org/index.php?title=Installing_pfSense&oldid=5415" Categories: Documentation Installation Privacy policy About PFSenseDocs Disclaimers

This page was last modified on 9 October 2013, at 09:20. This page has been accessed 485,377 times.

https://doc.pfsense.org/index.php/Installing_pfSense

15/15