I had planned to convert a couple of my Omnibook 800's into a firewall and a NAS respectively since they are low power and built like brick-privys. Herewith are my firewall experiences...
I've been using IPCop for a while although activity and progress towards V2.0 has kind of dropped off, it still works for me though the loss of Snort support is a little annoying. It is the rear facing side of a dual-bastion configuration so the forward 'wall takes most of the crud.
In any case, something a little more elderly might help since it only has 32MB RAM and a P133 to run on.
First off, unlike Damn Small Linux the IPCop boot floppy can't see my PCMCIA CDROM drive so it's back to my Omnibook CDROM drive. Unfortunately I don't have a power cable so I have to feed it AA batteries which it consumes at a prodigious rate - hooray for rechargeables.
I have scored a couple of Xircom 10/100 Ethernet/56K modem PCMCIA (not Cardbus) cards off eBay which seem to supported by IPCop so we are good to go. In order to fit both cards in, I need dongled ethernet cards rather than the fat cards that seem prevalent today.
Boot from floppy (get an image from the IPCop CD) proceeds until it tries to load the additional drivers from floppy. It appears that the IPCop 1.4.20 CD has a corrupt drivers floppy image so I backtrack to 1.4.10 for no particular reason.
Boot from floppy and loading the drivers floppy then works...until it discovers the 128MB CF (in a CF/2.5-inch hdd adapter) for /dev/harddisk1 which is apparently too small. A quick raid on my digital camera scores a Kingston 1GB CF which solves the problem. Other than that the install goes smoothly.
...Until I bring IPCop up - when I discover that the GREEN network is fine but the RED does not function. The dongle lights up to indicate a 100MB connection and flashes to show traffic but I can't ping the front firewall or, indeed, reach it in any way. Hmmm.
After a bit of digging around gets me to /proc/interrupts which indicates that the RED PCMCIA card is sharing an interrupt , IRQ 9, with something else whereas the GREEN is not. It all comes back now, back in the days before ACPI and all that fancy stuff when we had to worry about IRQ's.
A reboot and F2 press later, I have disabled the serial port on the Omnibook thereby freeing up IRQ 4. This now needs to be pressed into service for the RED Xircom instead of IRQ 9. A quick visit to /etc/pcmcia/config.opts allows me to disable IRQ 9 and enable IRQ 4 for PCMCIA and a further reboot later (this is getting like a Windows install!) all is well and I have an operational firewall. A flurry of patches later, I now have a reasonably up-to-date firewall.
One other thing, I note that the screen blanker on IPCop does not power down the backlight. Fortunately, pressing the on/off button on the Omnibook with the power plugged in powers down the screen, keyboard and mouse but leaves everything else running...perfect!
No comments:
Post a Comment