Friday, March 14, 2014

Installing pfsense on an HP T5720

Well after some time spent on on some unsuccessful projects, after getting inspired from this video

I decided that making my own router would be a good idea!

Some friends of mine had tried pfsense so I thought that I would give that a go.

I had some old hardware that I bough cheap a while ago when I wanted to do something, I just didn't know what. So I decided to use an old HP T5720 Thin Client that I had.

It seemed to be perfect for this setup, a small, silent, power efficient, powerful enough little server.

The HP 5720 has 512Mb of Flash HD, the one I purchased had 1Gb SODIMM RAM already and came with a PCI Riser card. So I put in a 2x 100/1000 PCI Ethernet Card that I had on a server I had and decided to give it a go.

Here is mine when set up:


Parts:
HP T5720 Thin Client with associated parts (power etc) and PCI Riser Card.
1x PCI Ethernet Card
Monitor during install.
Keyboard During install.
External CD drive during install.

I set the BIOS to boot of USB, hooked up my external CD Drive, hooked up the T5720 onboard Ethernet to my ADSL modem and booted off the pfsense Live CD.

I tried the default boot at first, but I kept having ACPI error messages scrolling past. So I rebooted and selected option 2 to start pfsense with ACPI disabled.

When it asked if I wanted to go to Installer or continue with Live CD, I selected Install.

This takes me to the ncurses install menus. I selected the default.

I selected Quick/Easy Install. 

I had some popoups about how it would erase everything etc. but it kicked off. During the install there were some errors, like this, 



but I skipped those and it seemed to install okay.

after install, I shutdown, set the bios to boot from Flash, disconnected the CD drive and started it up.

EDIT - After installing pfsense 2.1.2 on an external hard drive, I was getting booting errors.
I solved them by at the pfsense menu, hitting space, and then 7 to go into the loader prompt and inputting

set kern.cam.boot_delay="10000"
boot

I then once it booted okay, I installed nano as mentioned below, etc, but also added to /boot/loader.conf the line

kern.cam.boot_delay="10000"

in order to make it persistent.

END EDIT

I was then in the main pfsense command line menu.



I still had the ACPI errors scrolling past, so I needed to stop those on the default option at pfsense startup.

I needed to google how to turn it off, but once I found out how it was easy.

I went to the shell (option 8)
and installed nano using: 

pkg_add -r nano

EDIT
on pfsense 2.2.2 you use pkg to install other packages
pkg install nano

END EDIT

To default ACPI to off I modified /boot/device.hints file adding:

hint.acpi.0.disabled="1"

The machine I was on, was also on the ADSL LAN, and not hooked up to my pfsense box.
I could see from the pfsense menu what IP was assigned to my WAN interface so I tried to connect to that using my browser to use the web configuration.
That was denied and is the pfsense default not to allow connections to the webconfigurator over the WAN interface.
you could temporarily disable the packet filter by going to the shell and running: 

pfctl -d

Then you should be able to get to the web configuration over the WAN.

I just hooked my computer up to the pfsense box LAN interface and rebooted both my machine and the pfsense box.

in doing that, I think I bumped the  PCI card, as the pfsense box came up only recognizing the onboard interface.

I reseated and re-powered the pfsense box, and it came back up. But the LAN interface no longer seemed to be a DHCP server and I could't get in to the web GUI.

So how to start the DHCP server on the LAN interface?

Easy, on the console just assign it a static IP and it will ask you if you want to turn on DHCP for the interface.
Give it an IP range and you're back up and running. Your computer on the LAN interface will now be able to get an IP, get to the web configuration, and probably can already access the net if your ADSL is up and has assigned your WAN interface an IP.

So now I will be spending some time, configuring it with all the rules and options I want, maybe adding wireless, maybe mounting the T5720 onto something. Lots to play with now.

1 comment: