- 1 Tech Segment: Using pfSense and an Alix.6F2 For A Wireless Access Point
- 2 Tech Segment: Installing pfSense on an Alix.6e1 by InternMike & Security Weekly
- 3 Guides & Further Reading
Tech Segment: Using pfSense and an Alix.6F2 For A Wireless Access Point
I wanted a new access point. I have stacks of WRT54G series routers, and they are good, but often aren't up to the task. They are low in memory and processing power, and share one single 10/100 Ethernet bus. This limits their usage for things like streaming HD. Can you do it? Sure. My other problem was the WRT54G I had was constantly needing to be power cycled. All my old ones either went to friends and family members, bricked, or are in pieces somewhere. I bought a shiny new Dlink Dir-655, but after about a year it crapped out on me, actually the wireless radio itself died, which turns out to be a common problem. So, I wanted to build something myself out of really good hardware, and use real software like pfsense, and have an access point that would just kick ass.
All hardware for this project came from www.netgate.com:
- ALIX.6F2 Kit Black Unassembled - $188 - This kit comes with the board, power supply, CF card, and enclosure.
- Atheros WLM54G-HP mini PCI Card, U.FL to RP-SMA pigtails (two), 5.5 dbi rubber duck antennas (two) - $88 - This is the wireless card, with all the fixings!
- 2.4 GHz 9 dBi Rubber Duck Omni Antenna RP-SMA - Bigger is better, right? I want to cover my entire house with one 802.11g access point.
Total cost: $305.77
Get pfSense and Install on CF Card
For the embedded version, make sure you get the NanoBSD images.
Important, verify that you are installing the operating system on the correct disk image:
# df -h Filesystem Size Used Avail Capacity Mounted on /dev/disk0s2 465Gi 425Gi 40Gi 92% / devfs 185Ki 185Ki 0Bi 100% /dev map -hosts 0Bi 0Bi 0Bi 100% /net map auto_home 0Bi 0Bi 0Bi 100% /home /dev/disk1s1 7.5Gi 805Mi 6.7Gi 11% /Volumes/AVST
On OS X, for example, the OS disk is "disk0", try not to overwrite that one (even though you'd likely get an error that its already in use, however I did not test that!). Then use the following command to dump the image on the CF card:
# gzcat pfSense-2.0.1-RELEASE-2g-i386-nanobsd.img.gz | dd of=/dev/disk3 bs=16k
Note: If you get an error like this, do this:
# gzcat pfSense-2.0.1-RELEASE-4g-i386-nanobsd.img.gz | dd of=/dev/disk1 bs=16k dd: /dev/disk1s1: Resource busy # umount /dev/disk1s1 umount(/Volumes/KINGSTON): Resource busy -- try 'diskutil unmount' # diskutil umount /dev/disk1s1 Volume KINGSTON on disk1s1 unmounted
Now go get a cup of coffee, it takes a while. Notice I used the image labeled "2g", for 2 gig, which is the size of my card.
Configure an IP address in the Serial Interface
I used OS X for this, and used the following tools:
- zTerm - Excellent serial interface software, works well.
- Plugable USB to RS-232 DB9 Serial Adapter (Prolific PL2303HX Chipset) - USB serial adapter was $11 on Amazon, handy to have. I had to connect another serial cable to it from some of my old Cisco gear (those connectors should say "Terminal" on them).
- Prolific drivers for OS X Lion - I had to get updated drivers to work with the serial adapter that have been updated to work with OS X Lion.
Once you have all that, Follow Mike's instructions located here on setting up the LAN IP address.
Setup the Wifi Interface using the Web UI
Tech Segment: Installing pfSense on an Alix.6e1 by InternMike & Security Weekly
We here at Security Weekly love FreeBSD. We also love beer, and so we've been looking for an economical (read: cheap) way to install a firewall without raiding our beer fund. I also have to say, that I am totally in love with the ALIX.6e1 hardware platform:
2 10/100 LAN / 1 miniPCI / 1 miniPCI Express / AMD LX800 / 256 MB / 2 USB / DB9 serial port / CF Card slot / Board size: 6 x 6
pfSense is a FreeBSD-based project that has been special purposed for use as either a firewall or router. The project started in 2004 as a fork of the embedded firewall software package called m0n0wall. pfSense is focused towards full PC installations rather than the embedded hardware focus of m0n0wall. After some research, we decided to purchase the ALIX6E1 kit as there was a lot of web documentation for the project and well, because it was a sweet red color that made Larry crazy. Well, more crazy than his usual self.
First step: break out the credit card
As we hold a strong belief that you should purchase from the vendor whose Google page ranking is first in search results, we clicked the link to Netgate's ALIX 6E1. Netgate's ALIX 6E1 Costs $175, or roughly a box of PADRON 7000's
The kit includes:
- ALIX.6E1 system board (2/1/1/256/LX800)
- Laser etched red aluminum enclosure with USB and antenna cutouts
- Blank 2 GB Sandisk Ultra II CF Card
- 15V 1.25A 18W power supply (US 3 prong plug style)
You will also need a Compact Flash card writer for installing the pfSense operating system. The one we used cost $10.00 or one PADRON 1926 Series Cigar.
Next you will need the pfSense & physdiskwrite Software, Cost: FREE! (or what a sexy blond pays to drink beer at a frat party).
Second step: Download the necessary packages
We needed the embedded version specifically created for the 2GB CF card size. The embedded version performs only reads from the flash card, with read/write file systems as RAM disks as compact flash cannot handle many write operations. The embedded versions can be found on pfSense's mirror list
Third step: Install the pfSense operating system on our CF card
pfSense's documentation does a good job. We used a Windows PC as all our other boxes were busy umm analyzing pr0n, so we opted for the physdiskwrite method.
WARNING: Follow the documentation's advice and be sure you are not overwriting the wrong disk!
C:\Documents and Settings\All Users\Documents>physdiskwrite.exe pfSense-1.2.3-2g -20091207-1914-nanobsd.img physdiskwrite v0.5.2 by Manuel Kasper <email@example.com> Searching for physical drives... Information for \\.\PhysicalDrive0: Windows: cyl: 19452 tpc: 255 spt: 63 C/H/S: 16383/16/63 Model: ST3160812AS Serial number: 9LS0V1FC Firmware rev.: 3.ADH Information for \\.\PhysicalDrive1: DeviceIoControl() failed on \\.\PhysicalDrive1. Information for \\.\PhysicalDrive2: Windows: cyl: 244 tpc: 255 spt: 63 Information for \\.\PhysicalDrive3: DeviceIoControl() failed on \\.\PhysicalDrive3. Information for \\.\PhysicalDrive4: DeviceIoControl() failed on \\.\PhysicalDrive4. Which disk do you want to write? (0..2) 2 About to overwrite the contents of disk 2 with new data. Proceed? (y/n) y 2001194496/2001194496 bytes written in total C:\Documents and Settings\All Users\Documents>
Fourth step: Find a desktop PC for a serial connection to the Alix
You'll need either a USB to serial converter cable or a desktop PC to connect the serial cable. In OS X I've used the USB to Serial cable and software called "Zterm". You can also use the command line utility called "screen", or several other free programs.
Fifth Step: Bootup the device and fire up Windows' hyperterminal
Use the following settings for the connection:
- Baud rate: 9600
- Data: 8 bit
- Parity: None
- Stop: 1 bit
- Flow control: None
Now we boot into pfSense. As the bootloader comes there are 7 options listed. The first choice you will be asked is
“Do you want to set up VLAN's now [y|n]?” select no or 'n'.
Then you are asked to
“Enter your LAN interface name”,
We used 'fxp1'. Next,
“Enter your WAN interface name”
We entered 'fxp2'. Next,
“Enter the Optional 1 interface name”,
here we used 'fxp0'.
Using the above examples, you'd see “The interfaces will be assigned as follows:” LAN -> fxp1 WAN -> fxp2 OPT1 -> fxp0
Do you want to proceed [y|n]? (make sure you enter 'y' here).
pfSense is now running in RAM and almost fully functional. If you wish you may plug your LAN interface into a hub or switch and connect via the web interface. pfSense is by default assigned an ip of 192.168.1.1. Open your browser and navigate to http://192.168.1.
- If you choose to login the username is 'admin' and the password is 'pfsense'.