Saturday, March 27, 2010

Building a Firewall Appliance

Many years ago there was a post that stated you could take a Nokia IP330 firewall and load Smoothwall Linux on it to create your own freely licensed 1U rackmountable firewall.  Back then I bought an IP330 and it's been sitting in an unopened box ever since.  That's not a huge deal as it only cost me $50 and I didn't have any practical application for a real firewall.

This morning I got the bug.  I needed a project I could geek out on.  So, this was it.  I had searched periodically over the years and found that the original article was gone.  Thank goodness for Google's cache!

The process, simplified, goes like this:

INITIAL INSTALLATION
  1. Download and burn Smoothwall Linux 3.0 SP1 (as of today).
  2. Remove the HDD from the Nokia IP330
  3. Attach the Nokia HDD to a surrogate PC that will be used for the installation
  4. Boot/Install
    1. Take the defaults until you're prompted for the basic security posture: open, mostly open or closed.  I chose closed.
    2. You'll be asked to choose the types of interfaces.  GREEN/RED is what you want.  It will default to GREEN/RED (ISDN or Modem), that's not what you want.

      During this process you have to configure your NICs.  The whole process only took me ~2 hours but 30 minutes of it was during this portion.  My surrogate PC had only one NIC, but the type we're choosing requires 2.  More on this in a minute.
    3. Go ahead and setup your LAN (Green) network.  I used 10.123.99.0/255.255.255.0 and I set the firewall address to 10.123.99.254.
    4. I set my External interface to DHCP so it would pickup an address from my existing internet router.
    5. At this point you can do CTRL-ALT-DEL and reboot the PC.  Unless you have 2 NICs you will not get past this point.  No worries.  It all works out in the end.
MAKING THE EDITS

  1. Because of the hard reset in the middle of the process I did not get to setup any passwords.  When you're prompted to login do so with 'root' and no password.
  2. Set the CONFIG_TYPE to 3 in /var/smoothwall/ethernet/settings
  3. Configure each of your GREEN, ORANGE and RED settings to match this:
    GREEN_DEV=eth0
    ORANGE_DEV=eth1
    RED_DEV=eth2

    [GREEN|ORANGE|RED]_DRIVER=eepro100
    [GREEN|ORANGE|RED]_DRIVER_OPTIONS=
    [GREEN|ORANGE|RED]_DISPLAYDRIVER=eepro100

    GREEN_ADDRESS=10.123.99.254
    GREEN_NETMASK=255.255.255.0
    GREEN_NETADDRESS=10.123.99.0
    GREEN_BROADCAST=10.123.99.255

    ORANGE_ADDRESS=10.123.100.254
    ORANGE_NETMASK=255.255.255.0
    ORANGE_NETADDRESS=10.123.100.0
    ORANGE_BROADCAST=10.123.100.255

    RED_DHCP_HOSTNAME=smoothwall
    RED_ADDRESS=0.0.0.0
    RED_NETMASK=0.0.0.0
    RED_TYPE=DHCP
    RED_NETADDRESS=0.0.0.0
    RED_BROADCAST=255.255.255.255
  4. Next edit /etc/rc.d/rc.network. Look in the file for the end of the for loop:

    forNIC in 0 1 2 3; do
     
    done

    You need to add MAC address entries for each of the NICs.  These are the ones used by the original article, but my IP380 booted and had Checkpoint's IPSO installed so I was able to capture my real MAC addresses:
    ifconfig eth0 hw ether 00:a0:8e:e:50:78
    ifconfig eth1 hw ether 00:a0:8e:e:50:7c
    ifconfig eth2 hw ether 00:a0:8e:e:50:80
  5. Next we need to change /etc/inittab.  Replace the line 1:2345 with:

    1:2345:respawn:/sbin/agetty -h ttyS0 9600 vt100
  6. Finally, type lilo at the prompt and press enter followed by shutdown -h now.
After your PC shuts down remove the HDD and put it back in the Nokia and boot it.  You'll need to be console connected to the device so you can run "setup" to set the 3 passwords used on the machine.

You can now surf to the new Smoothwall box via it's Green IP address on port 81!  Login with admin and the password you entered during "setup."

http://10.123.99.254:81
Share |
Posted by Bill Mote at 2:20 PM
Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)