Modifying Embedded

From PFSenseDocs

This article is part of the HOWTO series.

You can mount and modify the embedded image before writing it to CF, for instance to include a different configuration pre-packaged in the image.

Contents 1 Modifying NanoBSD Embedded 1.1 Modifying an Embedded Image (.img) file directly 1.2 Modifying a CF After Writing the Image 2 Modifying Old Embedded

Modifying NanoBSD Embedded

These instructions apply to pfSense 1.2.3-RC3 and newer embedded images.

There are two ways to modify an embedded image: Before writing to CF and after. If you will be imaging a bunch of CF cards with an identical base configuration, then modifying the image before writing may be better. Both of these methods require a FreeBSD system or a spare non-production pfSense box. A VM might work depending on your setup and the availability of USB passthrough in your hypervisor.

Modifying an Embedded Image (.img) file directly

First, decompress the .img.gz file. This will leave you will a large .img file that is the full size of the target CF size, be sure you have enough space on your system to store it!

# gunzip pfSense-1.2.3.NanoBSD-2G.full.img.gz

Make a mountpoint for the image:

# mkdir /mnt/pfsense

Load the image onto an md(4) device. The mdconfig command will return the id of the next available md device, like so:

# mdconfig -f pfSense-1.2.3.NanoBSD-2G.full.img
md0

N.B.: When using -f, options "-a -t vnode" are assumed and are not needed.

(Optional) Confirm that the md device is present as expected:

# mdconfig -lv
md0     vnode     1.9G  /home/jim/pfSense-1.2.3.NanoBSD-2G.full.img

Mount the configuration slice, using the md device name returned above plus the configuration slice, s3:

# mount /dev/md0s3 /mnt/pfsense

You should now have access to the partition that holds the configuration.

# ls -l /mnt/pfsense/conf/
total 13
drwxr-xr-x  2 root  wheel    512 Sep 27 23:39 backup/
-rw-r--r--  1 root  wheel  12755 Sep 27 23:08 config.xml
-rw-r--r--  1 root  wheel      0 Sep 27 23:08 ez-ipupdate.cache
-rw-r--r--  1 root  wheel      0 Sep 27 23:08 trigger_initial_wizard

You can then copy over an existing configuration file. When doing so, be sure to remove the file that starts the configuration wizard.

# cp /home/mystuff/oldconfig.xml /mnt/pfsense/conf/config.xml
# rm /mnt/pfsense/conf/trigger_initial_wizard

Now unmount the configuration slice

# umount /mnt/pfsense

(optional) You can make whichever other changes you would like at this point also, by mounting the slice containing the operating system.

# mount /dev/md0s1a /mnt/pfsense
<work, work, work>
# umount /mnt/pfsense

And remove the md device. Since we had md0 above, the unit number is 0.

# mdconfig -d -u 0

Modifying a CF After Writing the Image

This works almost identically to the steps above, but omit the mdconfig steps and replace md0 with whatever the device is for your CF card, typically da0 with a usb reader (if you have no other SCSI disks).

Check dmesg or /var/log/messages to see what device is reported when you plug the CF card into your reader.

Modifying Old Embedded

1. copy and mount the unpacked images configuration partition

    # scp user@hostname:pfSense-*-Embedded.img.gz pfsense.img.gz
    # gunzip pfsense.img.gz
    # mkdir /mnt/pfsense
    # mdconfig -a -t vnode -f pfsense.img -u 0
    # mount /dev/md0d /mnt/pfsense

2. copy backup.xml over existing config.xml

    # scp user@hostname:backup.xml /mnt/pfsense/conf/config.xml

3. unmount

    # umount /mnt/pfsense

4. detach and free resources of md0

    # mdconfig -d -u 0