How To Install pfSense Firewall On a Hard Disk Drive With Serial Console Support On the Soekris net5501 Router

I‘m looking to install pfSense 2.2.x and I would like to install it on a hard disk drive rather than CF (compact flash). How can I install hard disk install via serial console on the soekris net5501 server?

USB booting for the net5501 is not supported. You need to use net6501 with comBIOS version 1.41. However, you can use the following method to install pfSense using a desktop or laptop computer.[donotprint][/donotprint]

My sample setup

Dell laptop running Ubuntu Linux LTS latest stable.
External USB universal drive adapter which connect any 2.5″ or 3.5″ hard disk to a Mac or Linux based PC.
2GB Usb stick (/dev/sdc).
Soekris net5501

Procedure

Download pfSense.
Write pfSense installer image to a USB pen.
Attach hard disk to an external USB universal drive adapter.
Install pfSense on a hard disk.
Complete the installation.
After installation attach back hard to the net5501 router.
Configure the serial console.
Configure the firewall.

DATA LOSS Warning: By choosing the wrong destination one of the system hard disks could be erased! Check and recheck the disk selection before writing an image including USB pen and destination hard disk.

Step 1: Download pfSense

Visit this page to grab the correct version:

Fig.01: Download correct image as per your hardware

Type the following wget command:

$ wget wget http://files.uk.pfsense.org/mirror/downloads/pfSense-memstick-serial-2.2.4-RELEASE-i386.img.gz
 $ wget https://files.pfsense.org/hashes/pfSense-memstick-serial-2.2.4-RELEASE-i386.img.gz.md5
 $ ls
 $ md5sum -c pfSense-memstick-serial-2.2.4-RELEASE-i386.img.gz.md5

Sample outputs:

-rw-r--r--  1 vivek  staff  99324384 Jul 27 04:32 pfSense-memstick-serial-2.2.4-RELEASE-i386.img.gz
-rw-r--r--  1 vivek  staff        91 Jul 27 04:34 pfSense-memstick-serial-2.2.4-RELEASE-i386.img.gz.md5
pfSense-memstick-serial-2.2.4-RELEASE-i386.img.gz: OK

Step 2: Wrtie pfSense memstick image

Use the dd command as follows as root user:
# gzip -dc pfSense-memstick-serial-2.2.4-RELEASE-i386.img.gz | dd of=/dev/sdc bs=1M

Step 3: Boot from a usb stick/pen

I’ve attached both bookable USB pen and hard disk to my Dell laptop. Turn on the laptop. Press F12 to select boot menu (check your bios settings for more info). Select USB storage device:

Step 4: Installation

pfSense will start installation from a USB pen. You will be prompted as follows to start an installer:

Fig.03: Press i to invoke the installer now. — Fig.03: Press i to invoke the installer now (click to enlarge)

Next accept the console settings (or change it as per your need):

Fig.04 The installer console can be changed to use a different font, screenmap, or keymap (click to enlarge)

At the Select Task prompt, choose “Custom Install”. If you select “Quick/Easy Install”, the installer will install pfSense on the first located disk. I’ve multiple disk in my laptop. So I selected the “Custom Install” option:

Fig. 05: Select task as "Custom Install" — Fig. 05: Select task as “Custom Install” (click to enlarge)

Finally, select a disk. I’m going to install it on my WDC-160 GB SATA 2.5 hard disk which is connected to my laptop via an external USB universal drive adapter:

Fig. 06: Select a disk to install pfSense (click to enlarge)

Now, the installer will continue wiping the selected disk WDC and installing pfSense. Copying files may take some time to finish. Feel free to click the following images to see the exact steps:

Make sure you install bootloader on this WDC disk

For Soekris embedded device select NO VGA/Keyboard option i.e. use serial console to see boot options

Note down the default config LAN IP and username/password.

Step 5: Install hard disk in your embedded soekris device

You need to mount WDC 160 GB hard disk on your embedded soekris server. Once installed you can boot the device and continue with firewall configuration.

Step 6: Connecting to the serial console

The primary console interface of the Soekris boards is the external serial port on my net5501. The soekris default port speed set to 19200 baud. But, pfSense set it to 115200 baud. You can use any one of the following command to (assuming a serial line on /dev/ttyUSB0):
$ cu -l /dev/tty00 -s 115200
OR
$ screen /dev/ttyS0 115200
Sample outputs:

Fig.07: pfSense headless (console) option menu.

NOTE: To change the BIOS speed from default to 115200 on the net5501 router:
Press control-P to jump into the comBIOS monitor and set the speed:
> set ConSpeed=115200 > reboot

Step 7: Configure the firewall

Type the following url:
http://192.168.1.254/
OR
http://192.168.1.1
Here is my firewall:

Fig.08: Fully configured and working pfSense setup (click to enlarge)

You can use the same technique to install Linux, FreeBSD, OpenBSD or any other operating system on hard disk drive for the net5501 router. It is also possible to use PXE boot for installing Linux/{Free,Open,Net}BSD as described here.

Hardware and software used

Router hardware Soekris net5501
PCI ADSL card for net5501 (open source Linux driver available)
NewerTech universal drive adapter for accessing data on IDE, ATA, ATAPI, and SATA drives.
Firewall software pfSense project.

Posted by: Vivek Gite

The author is the creator of nixCraft and a seasoned sysadmin, DevOps engineer, and a trainer for the Linux operating system/Unix shell scripting. Get the latest tutorials on SysAdmin, Linux/Unix and open source topics via RSS/XML feed or weekly email newsletter.