installing router and firewall linux distributions on UP squared?

Bernard
Bernard New Member Posts: 12
Hello,
I've just received my Up Squared board. THANKS!
I would like to use this mini computer as Linux router/firewall.
Can I install one of the software router from the list?:
router_and_firewall_distributions
Can I boot from prepared installation image on USB stick?
Many distributions from the list require Compatibility Support Module (CSM).
Can I activate CSM somehow and select boot drive?
Thanks,
bern

Comments

  • WereCatf
    WereCatf New Member Posts: 201
    "Can I activate CSM somehow and select boot drive?" - No. UEFI-only.
  • Bernard
    Bernard New Member Posts: 12
    No. UEFI-only.
    Fortunately I managed to switch to CSM,
    boot from USB Stick and
    install router/firewall x64 software on eMMC.
    It works quite well using double gigabit NICs as network interfaces.
  • Mark Bradley
    Mark Bradley New Member Posts: 6
    I tried what you did and hooked up a bootable USB DVD drive with the pfSense Image but the machine doesn't even try to boot from it. Instead, it immediately goes back into the BIOS.

    Hi Bern.

    Do you have any more guidance or suggestions for troubleshooting to get this working?

    I have: N4200 CPU, 8GB RAM, 64GB eMMC, UPA1AM18 BIOS.

    Thanks,
    Brad
  • Mark Bradley
    Mark Bradley New Member Posts: 6
    Hmm. Thanks. Three questions:

    1. You used a generic pfSense 2.3.x ISO image?
    2. It's installed to the internal eMMC without issue?
    3. Do you recall any other BIOS modifications? I can see the USB stick but the CSM/legacy method doesn't boot from it.

    At this point, I've got pfSense 2.4 beta installed to an mSATA but that's a waste of the slot which I want to use for something else.

    Thanks again.
  • Bernard
    Bernard New Member Posts: 12
    1. No. I use other CSM compatibile router/firewall Linux x_64 software.
    2. Thats right.
    3. I've changed only one parameter e.g 'legacy only' in the 'Boot option filter'

    If I remember correctly bios of my up square is from Apr'2017 and I did not update it.
    Regards,
  • Bernard
    Bernard New Member Posts: 12
    I updated upsquered bios to 1.8 and 2.1 and it seems that CSM mode is broken in the newer bios versions.
    So I'am lock in since I can't boot from eMMC anymore and there is no previous 1.3 bios version available for recover the old working settings.
    Despite my requests for the explain this situation noone from up board has answered so far...

    CSM mode worked in bios ver. 1.3 so each user could install software he want.
    Now there are some predefined images but not usabe for me.
    I think that up board should be more open to their customers and more open for opensource....
    Regards,
  • eduncan911
    eduncan911 Administrator, Moderator Posts: 157 admin
    edited October 2017
    Regarding pfSense, as mentioned above see this thread for more: https://up-community.org/forum/general-discussion-up2/1814-how-to-install,-other-then-ubuntu,-pfsense-freebsd Keeping all questions and thoughts in a single thread makes it easier to follow. :)

    Now back to your original question, there are several firewall options you can install depending on your level of expertise (how far down the rabbit hole you want to go), the options are plenty.

    I've done pfSense 2.4 using an DOM SSD device, and currently setting up Debian Unstable and ArchLinux examples for my UP2 on the eMMC as a secure networking gateway (updates daily).

    I'll convert my work over to Chef scripts for those once I am done.

    My next venture/experience is into VyOS - which is what all the nice Ubiquiti routers are running these days. I highly prefer that over pfSense.

    What's nice about VyOS is that it can be installed on bare metal (not sure if it supports Intel's Apollo Lake eMMC yet), in a VM (Xen, ESXi, etc) or as a Docker container (will need to run as privileged, and pass the network devices to it). I like this flexibility as I prefer to run a base OS (e.g. Xen on Arch or Debian), and run VMs or Docker containers for my services. That way I never have to "pave" the machine - I just create a new VM or Docker container to replace the old one - while the old one is still running.

    This is one of my top priorities for my UP2 boards and will be writing some blog posts about it shortly.

    Eric Duncan - UP Evangelist - My thoughts are of my own free will

    Answered? Please remember to mark the posted answered to highlight it for future visitors!