Citrix Access Gateway 7000 - pfSense

A. Die Hardware

Der Citrix Access Gateway 7000 ist optimal für pfSense geeignet.

Die Hardware besteht aus:

  • einen Pentium 4 mit 2,8 GHz
  • 1 GB RAM
  • einer Maxtor DiamondMax 10 200 GB 7200 rpm 3,5" SATA-HDD
  • 8 Intel Pro100 10/100/1000 NICs (obwohl diese teilweise nur mit FE für Fast Ethernet beschriftet sind).

B. Die Installation von pfSense

 Die Installation von pfSense gestaltete sich unproblematisch.

C. LCD aktivieren

Das LCD kann nach der Installation von LCDproc-dev mit den Einstellungen MtxOrb an Serial Com Port 2 alternate mit 16x2 aktiviert werden.

D. Der Bootlog

/boot.config: -DConsoles: internal video/keyboard  serial port
BIOS drive C: is disk0
BIOS 639kB/1046784kB available memory

FreeBSD/i386 bootstrap loader, Revision 1.1rd)                             *****
(, Fri Apr 12 10:34:40 EDT 2013)
Loading /boot/defaults/loader.conf
/boot/kernel/kernel text=0x8b1f9c data=0x3caa54+0x9b720 syms=[0x4+0x952a0+0x4+0x
 ³                                         ³
 ³                                         ³
 ³                                         ³
 ³          Welcome to pfSense!            ³
 ³                                         ³                 ______
 ³                                         ³                /      \
 ³  1. Boot pfSense [default]              ³          _____/    f   \
 ³  2. Boot pfSense with ACPI enabled      ³         /     \        /
 ³  3. Boot pfSense using USB device       ³        /   p   \______/  Sense
 ³  4. Boot pfSense in Safe Mode           ³        \       /      \
 ³  5. Boot pfSense in single user mode    ³         \_____/        \
 ³  6. Boot pfSense with verbose logging   ³               \        /
 ³  7. Escape to loader prompt             ³                \______/
 ³  8. Reboot                              ³
 ³                                         ³
 ³                                         ³
 ³                                         ³
 ³  Select option, [Enter] for default     ³
 ³  or [Space] to pause timer  0           ³

Copyright (c) 1992-2010 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
        The Regents of the University of California. All rights reserved.
FreeBSD is a registered trademark of The FreeBSD Foundation.
FreeBSD 8.1-RELEASE-p13 #0: Fri Apr 12 10:43:23 EDT 2013
/src/sys/pfSense_wrap.8.i386 i386
Timecounter "i8254" frequency 1193182 Hz quality 0
CPU: Intel(R) Pentium(R) 4 CPU 2.80GHz (2793.01-MHz 686-class CPU)
  Origin = "GenuineIntel"  Id = 0xf29  Family = f  Model = 2  Stepping = 9
real memory  = 1073741824 (1024 MB)
avail memory = 1031409664 (983 MB)
ioapic0: Assuming intbase of 0
ioapic1: Assuming intbase of 24
ioapic0 <Version 2.0> irqs 0-23 on motherboard
ioapic1 <Version 2.0> irqs 24-47 on motherboard
wlan: mac acl policy registered
cryptosoft0: <software crypto> on motherboard
padlock0: No ACE support.
pcib0: <MPTable Host-PCI bridge> pcibus 0 on motherboard
pci0: <PCI bus> on pcib0
pcib1: <PCI-PCI bridge> at device 1.0 on pci0
pci4: <PCI bus> on pcib1
pcib2: <MPTable PCI-PCI bridge> at device 3.0 on pci0
pci3: <PCI bus> on pcib2
em0: <Intel(R) PRO/1000 Legacy Network Connection 1.0.4> port 0xcc00-0xcc1f mem
0xfe6e0000-0xfe6fffff,0xfe6c0000-0xfe6dffff irq 18 at device 1.0 on pci3
em0: [FILTER]
pcib3: <MPTable PCI-PCI bridge> at device 28.0 on pci0
pci2: <PCI bus> on pcib3
em1: <Intel(R) PRO/1000 Legacy Network Connection 1.0.4> port 0xb800-0xb83f mem
0xfe520000-0xfe53ffff,0xfe4c0000-0xfe4fffff irq 24 at device 1.0 on pci2
em1: [FILTER]
em2: <Intel(R) PRO/1000 Legacy Network Connection 1.0.4> port 0xbc00-0xbc3f mem
0xfe5c0000-0xfe5dffff,0xfe580000-0xfe5bffff irq 25 at device 1.1 on pci2
em2: [FILTER]
ubsec0 mem 0xfe5f0000-0xfe5fffff irq 26 at device 2.0 on pci2
ubsec0: [ITHREAD]
ubsec0: Broadcom 5821
pcib4: <MPTable PCI-PCI bridge> at device 30.0 on pci0
pci1: <PCI bus> on pcib4
em3: <Intel(R) PRO/1000 Legacy Network Connection 1.0.4> port 0x9c00-0x9c3f mem
0xfe020000-0xfe03ffff,0xfe000000-0xfe01ffff irq 16 at device 0.0 on pci1
em3: [FILTER]
em4: <Intel(R) PRO/1000 Legacy Network Connection 1.0.4> port 0xa000-0xa03f mem
0xfe080000-0xfe09ffff,0xfe060000-0xfe07ffff irq 17 at device 1.0 on pci1
em4: [FILTER]
em5: <Intel(R) PRO/1000 Legacy Network Connection 1.0.4> port 0xa400-0xa43f mem
0xfe0e0000-0xfe0fffff,0xfe0c0000-0xfe0dffff irq 18 at device 2.0 on pci1
em5: [FILTER]
em6: <Intel(R) PRO/1000 Legacy Network Connection 1.0.4> port 0xa800-0xa83f mem
0xfe140000-0xfe15ffff,0xfe120000-0xfe13ffff irq 19 at device 3.0 on pci1
em6: [FILTER]
em7: <Intel(R) PRO/1000 Legacy Network Connection 1.0.4> port 0xac00-0xac3f mem
0xfe1a0000-0xfe1bffff,0xfe180000-0xfe19ffff irq 20 at device 4.0 on pci1
em7: [FILTER]
isab0: <PCI-ISA bridge> at device 31.0 on pci0
isa0: <ISA bus> on isab0
atapci0: <Intel 6300ESB UDMA100 controller> port 0x1f0-0x1f7,0x3f6,0x170-0x177,0
x376,0xfc00-0xfc0f at device 31.1 on pci0
ata0: <ATA channel 0> on atapci0
ata0: [ITHREAD]
ata1: <ATA channel 1> on atapci0
ata1: [ITHREAD]
atapci1: <Intel 6300ESB SATA150 controller> port 0xe800-0xe807,0xe400-0xe403,0xe
000-0xe007,0xdc00-0xdc03,0xd800-0xd80f irq 18 at device 31.2 on pci0
atapci1: [ITHREAD]
ata2: <ATA channel 0> on atapci1
ata2: [ITHREAD]
ata3: <ATA channel 1> on atapci1
ata3: [ITHREAD]
pci0: <serial bus, SMBus> at device 31.3 (no driver attached)
cpu0 on motherboard
unknown: <PNP0c01> can't assign resources (memory)
atrtc0: <AT realtime clock> at port 0x70-0x71 irq 8 pnpid PNP0b00 on isa0
uart0: <16550 or compatible> at port 0x3f8-0x3ff irq 4 flags 0x10 pnpid PNP0501
on isa0
uart0: [FILTER]
uart0: console (9600,n,8,1)
uart1: <16550 or compatible> at port 0x2f8-0x2ff irq 3 pnpid PNP0501 on isa0
uart1: [FILTER]
orm0: <ISA Option ROM> at iomem 0xc8000-0xcc7ff pnpid ORM0000 on isa0
ppc0: parallel port not found.
unknown: <PNP0c01> can't assign resources (memory)
Timecounter "TSC" frequency 2793014128 Hz quality 800
Timecounters tick every 10.000 msec
IPsec: Initialized Security Association Processing.
ad4: 194481MB <Maxtor 6L200M0 BANC1E00> at ata2-master UDMA100 SATA
Trying to mount root from ufs:/dev/ad4s1a
Configuring crash dumps...
Using /dev/ad4s1b for dump device.
Mounting filesystems...
Disabling APM on /dev/ad4

 ___/ f \
/ p \___/ Sense
\___/   \

Welcome to pfSense 2.0.3-RELEASE  ...

No core dumps found.
Creating symlinks......done.
External config loader 1.0 is now starting... ad4s1b
Launching the init system... done.
Initializing............................ done.
Starting device manager (devd)...done.
Loading configuration......done.
Updating configuration...done.
Cleaning backup cache.................................done.
Setting up extended sysctls...done.
Setting timezone...done.
Starting Secure Shell Services...done.
Setting up polling defaults...done.
Setting up interfaces microcode...done.
Configuring LAGG interfaces...done.
Configuring VLAN interfaces...done.
Configuring QinQ interfaces...done.
Configuring 11_WAN interface...done.
Configuring 12_LAN interface...done.
Configuring 13_OPT1 interface...done.
Configuring 14_OPT2 interface...done.
Configuring 15_OPT3 interface...done.
Configuring 16_OPT4 interface...done.
Configuring 17_OPT5 interface...done.
Configuring 18_OPT6 interface...done.
Syncing OpenVPN settings...done.
Starting syslog...done.
Configuring firewall......done.
Starting PFLOG...done.
Setting up gateway monitors...done.
Synchronizing user settings...done.
Starting webConfigurator...done.
Configuring CRON...done.
Starting NTP time client...Starting DHCP service...done.
Starting DNS forwarder...done.
Configuring firewall......done.
Generating RRD graphs...done.
powerd: lookup freq: No such file or directory
Starting CRON... done.
 Starting package LCDproc-dev...done.
 Starting package squid3...done.
 Starting package snort...done.
 Starting package Strikeback...done.
 Starting /usr/local/etc/rc.d/
 Starting /usr/local/etc/rc.d/
 Starting /usr/local/etc/rc.d/
Bootup complete

FreeBSD/i386 (ns7000-pfsense.localdomain) (console)

*** Welcome to pfSense 2.0.3-RELEASE-pfSense (i386) on ns7000-pfsense ***

  11_WAN (wan)              -> em3        -> (DHCP)
  12_LAN (lan)              -> em0        ->
  13_OPT1 (opt1)            -> em5        -> NONE
  14_OPT2 (opt2)            -> em4        -> NONE
  15_OPT3 (opt3)            -> em7        -> NONE
  16_OPT4 (opt4)            -> em6        -> NONE
  17_OPT5 (opt5)            -> em1        -> NONE
  18_OPT6 (opt6)            -> em2        -> NONE

 0) Logout (SSH only)                  8) Shell
 1) Assign Interfaces                  9) pfTop
 2) Set interface(s) IP address       10) Filter Logs
 3) Reset webConfigurator password    11) Restart webConfigurator
 4) Reset to factory defaults         12) pfSense Developer Shell
 5) Reboot system                     13) Upgrade from console
 6) Halt system                       14) Disable Secure Shell (sshd)
 7) Ping host

Enter an option: