PFSenseDevWiki : Adding

PfSenseDevHome :: Categories :: PageIndex :: RecentChanges :: RecentlyCommented :: Login/Register
Oldest known version of this page was edited on 2007-08-18 23:29:23 by ChrisBuechler []
Page view:

Abstract

You may have a need like I do - to store local files on a hard disk drive attached to the embedded box itself. While not completely foreign, loading up an attached hard drive on a pfSense box is made more difficult than on a full FreeBSD distribution given space constraints. However, it is possible to add attached read-write storage using the method outlined below.

Hardware

I am using the following hardware:

Before you begin...

Before you begin, you'll need to have the following things in place:

Procedure


  1. Download and mount a FreeBSD floppy boot disk image via something like 
    fetch -o /tmp/boot.floppy ftp://ftp.freebsd.org/pub/FreeBSD/releases/i386/6.1-RELEASE/floppies/boot.flp
    , load the image onto the CompactFlash disk, mount it as a loopback filesystem, get the "standard" UNIX tools of fdisk, bsdlabel, and so on... OR ...
  2. Go the "alternate route", which is the route covered below.

Warning

As I've chosen to use only the tools present on the pfSense image, this is more accessible BUT (for me) somewhat less intuitive. On the bright side, as I was using a disk with no data I wanted to keep, this wasn't too much of an issue for me. BE WARNED: using this method (Steps 1 and 2) will ensure that everything on your 2.5" disk will be ERASED.

Step 1: OPTIONAL Wipe the Disk

I used a 40GB disk, so 1k (blocksize) * 40,000,000 (count) proved adaquate. The disk is actually more like 38,154MB but this operation completed with just a warning. If I were to do this over again, I'd have been exact here. Below, I wipe the disk:
# dd if=/dev/zero bs=1k count=40000000 >> /dev/ad1s1

This takes a really long time!

Step 2: Create the New FileSystem (UFS)

# newfs -U -L DataDisk /dev/ad1s1

You should receive output similar to this, listing super-block backup locations and demonstrating format parameters:
/dev/ad1s1: 38154.3MB (78140096 sectors) block size 16384, fragment size 2048
	    using 208 cylinder groups of 183.77MB, 11761 blks, 23552 inodes.
	    with soft updates
super-block backups (for fsck -b #) at:
 160, 376512, 752864, 1129216, 1505568, 1881920, 2258272, 2634624, 3010976,
 3387328, 3763680, 4140032, 4516384, 4892736, 5269088, 5645440, 6021792,
 6398144, 6774496, 7150848, 7527200, 7903552, 8279904, 8656256, 9032608,
 9408960, 9785312, 10161664, 10538016, 10914368, 11290720, 11667072, 12043424,
 12419776, 12796128, 13172480, 13548832, 13925184, 14301536, 14677888,
 15054240, 15430592, 15806944, 16183296, 16559648, 16936000, 17312352,
 17688704, 18065056, 18441408, 18817760, 19194112, 19570464, 19946816,
 20323168, 20699520, 21075872, 21452224, 21828576, 22204928, 22581280,
 22957632, 23333984, 23710336, 24086688, 24463040, 24839392, 25215744,
 25592096, 25968448, 26344800, 26721152, 27097504, 27473856, 27850208,
 28226560, 28602912, 28979264, 29355616, 29731968, 30108320, 30484672,
 30861024, 31237376, 31613728, 31990080, 32366432, 32742784, 33119136,
 33495488, 33871840, 34248192, 34624544, 35000896, 35377248, 35753600,
 36129952, 36506304, 36882656, 37259008, 37635360, 38011712, 38388064,
 38764416, 39140768, 39517120, 39893472, 40269824, 40646176, 41022528,
 41398880, 41775232, 42151584, 42527936, 42904288, 43280640, 43656992,
 44033344, 44409696, 44786048, 45162400, 45538752, 45915104, 46291456,
 46667808, 47044160, 47420512, 47796864, 48173216, 48549568, 48925920,
 49302272, 49678624, 50054976, 50431328, 50807680, 51184032, 51560384,
 51936736, 52313088, 52689440, 53065792, 53442144, 53818496, 54194848,
 54571200, 54947552, 55323904, 55700256, 56076608, 56452960, 56829312,
 57205664, 57582016, 57958368, 58334720, 58711072, 59087424, 59463776,
 59840128, 60216480, 60592832, 60969184, 61345536, 61721888, 62098240,
 62474592, 62850944, 63227296, 63603648, 63980000, 64356352, 64732704,
 65109056, 65485408, 65861760, 66238112, 66614464, 66990816, 67367168,
 67743520, 68119872, 68496224, 68872576, 69248928, 69625280, 70001632,
 70377984, 70754336, 71130688, 71507040, 71883392, 72259744, 72636096,
 73012448, 73388800, 73765152, 74141504, 74517856, 74894208, 75270560,
 75646912, 76023264, 76399616, 76775968, 77152320, 77528672, 77905024


Step 3: Examine the Current FileSystem

# mount

This command will, when run with no arguments, give a list of all currently mounted filesystems. The output follows:

/dev/ufs/pfSense on / (ufs, local, read-only)
devfs on /dev (devfs, local)
/dev/md0 on /tmp (ufs, local)
/dev/md1 on /var (ufs, local)
devfs on /var/dhcpd/dev (devfs, local)
/dev/md2 on /var/db/rrd (ufs, local, soft-updates)
/dev/ufs/pfSenseCfg on /cf (ufs, local, read-only)


Our root (/dev/ufs/pfSense) file-structure is mounted read-only. If we want to add a mountpoint below this (I do), then we'll have to make it read-write for a moment, covered in Step 4.

Step 4: Adding a Directory to Serve as a Mountpoint

# mount -u -w /dev/ufs/pfSense

Will update the status of a mounted filesystem and remount it with (read-)write status.

# mkdir /mnt/data

Creates a new filesystem location for our new drive, under /mnt/data.

Step 5: Mounting our Drive and Cleaning Up

# mount -w -o noatime /dev/ad1s1 /mnt/data

Will mount the hard disk device (here /dev/ad1s1) in (read-)write mode, with the option to not update the file access time when reading from a file. The FreeBSD man page says that,
"[t]his option is useful on file systems where there are large numbers of files and performance is more critical than updating the file access time (which is rarely ever important)". As we are wanting to use this filesystem for storage rather than any audit-trail purpose, this trade-off seems to fit quite nicely here.

# mount

Let's see what we've accomplished:

/dev/ufs/pfSense on / (ufs, local)
devfs on /dev (devfs, local)
/dev/md0 on /tmp (ufs, local)
/dev/md1 on /var (ufs, local)
devfs on /var/dhcpd/dev (devfs, local)
/dev/md2 on /var/db/rrd (ufs, local, soft-updates)
/dev/ufs/pfSenseCfg on /cf (ufs, local, read-only)
/dev/ad1s1 on /mnt/data (ufs, local, noatime, soft-updates)


The last line is our new filesystem, mounted on /mnt/data, with soft-updates enabled as well as noatime enabled.

Good! It's time to button up the original filesystem:

Let's again update a mounted system and make it read-only this time...
# mount -u -r /dev/ufs/pfSense


And now let's ensure that all is as we'd expect:
# mount
/dev/ufs/pfSense on / (ufs, local, read-only)
devfs on /dev (devfs, local)
/dev/md0 on /tmp (ufs, local)
/dev/md1 on /var (ufs, local)
devfs on /var/dhcpd/dev (devfs, local)
/dev/md2 on /var/db/rrd (ufs, local, soft-updates)
/dev/ufs/pfSenseCfg on /cf (ufs, local, read-only)
/dev/ad1s1 on /mnt/data (ufs, local, noatime, soft-updates)


Conclusion

Hopefully this short howto helps people out there. I found this process non-intuitive and I have what I'd consider to be a reasonable working knowledge of the FreeBSD (4.4) sytsem. Remember - this is a mechanism by which you can leave files hanging outside your DMZ, and this solution doesn't suit everyone's needs. Please evaluate your security needs before putting information out on a firewall box; I will likely just host an encrypted directory of technical tools, myself.

Future Work

The next thing I'd like to do with my new pfSense box is add SSH2 authentication to the mix. Although asymetric key (PKI, RSA, DSA) authentication presents a HUGE performance hit in comparison to passwords or symetric key (DES, 3DES) authentication, it will be worth it to me as I do not plan on logging in to the system terribly often. Again, your needs may vary.
Page History :: 2007-08-18 23:29:23 XML :: Owner: ChrisBuechler :: Search:
Valid XHTML 1.0 Transitional :: Valid CSS :: Powered by Wikka Wakka Wiki 1.1.6.3
Page was generated in 0.0632 seconds