Installing IPCop on POD-9578 board

From TheFnet

Jump to: navigation, search

I recently acquired an Advantech FWA-600 1U server/firewall appliance with 4 ethernet interfaces. I thought this would make an ideal IPCop unit, and it turned out that I was correct! I have tried to describe my installation procedure as well as I can remember it. The motherboard contained within is a POD-9578.

IPCop installed

Contents

Install IPCop on a hard drive

Firstly, another machine (one with a CD-ROM) drive was used to perform a standard installation of IPCop onto a hard drive. This unit actually has a compact flash slot on the motherboard which would have been nice to use, but I like a lot of logs and addons so deemed it unsuitable.


Perform a standard IPCop installation, none of the settings really matter as you can change them all again at a later time once the drive is installed into the appliance. Just make sure you remember the passwords used so we can gain access.

Enable Serial Console

The FWA-600 unit does not have a VGA output. The controller is present on-board and has a pin header to use it if you construct the appropriate cables, but I didn't think it necessary.


To enable the serial console, the drive was attached to another Linux system and mounted to allow the download of files and configuration. There are several files you will need to download from the IPCop binaries website, which will need to be moved to the IPCop install, so this method was deemed the easiest way of accomplishing this.


Download and install both agetty and beep from the IPCop binaries website.


After this you will need to make some changes to files on your fresh IPCop installation. These changes are best explained in this forum post. I have mirrored the changes below:


/boot/grub/grub.conf - Note: ensure to comment out the splash image

serial --unit=0 --speed=9600
terminal --timeout=10 serial console
timeout 5
default saved
foreground = 16064e
background = ffffff
# splashimage (hd0,0)/grub/ipcop.xpm.gz
title IPCop
root (hd0,0)
kernel /vmlinuz root=/dev/hdc4 panic=10 acpi=off console=tty0 console=ttyS0,9600 ro
savedefault
title IPCop SMP
root (hd0,0)
kernel /vmlinuz-smp root=/dev/hdc4 panic=10 acpi=off console=tty0 console=ttyS0,9600 ro
savedefault
title IPCop (ACPI enabled)
root (hd0,0)
kernel /vmlinuz root=/dev/hdc4 panic=10 console=tty0 console=ttyS0,9600 ro
savedefault
title IPCop SMP (ACPI HT enabled)
root (hd0,0)
kernel /vmlinuz-smp root=/dev/hdc4 panic=10 acpi=ht console=tty0 console=ttyS0,9600 ro
savedefault


/etc/securetty - Note: ensure to leave a blank line after the last entry

(...)
ttypa
ttypb
ttypc
ttypd
ttype
ttypf
ttyS0


/etc/inittab

(...)

# Run gettys in standard runlevels
1:2345:respawn:/sbin/mingetty tty1
2:2345:respawn:/sbin/mingetty tty2
3:2345:respawn:/sbin/mingetty tty3
4:2345:respawn:/sbin/mingetty tty4
5:2345:respawn:/sbin/mingetty tty5
6:2345:respawn:/sbin/mingetty tty6
T0:2345:respawn:/sbin/agetty -L 9600 ttyS0

(...)

I recommend using PuTTY to connect to the applicance via a null-modem cable (not straight-through). Hyperterminal caused me lots of problems, but PuTTY was perfect. In addition, this setup will allow you to access the post screen of the appliance, and modify BIOS/CMOS settings.

Setting up

This is the pin-mapping I used to build a null-modem adapter (all my cables turned out to be straight through configuration).

Signal Name DB-25 PinDE-9 Pin DE-9 PinDB-25 Pin
FG (Frame Ground) 1 - X- 1 FG
TD (Transmit Data) 2 3 -2 3 RD
RD (Receive Data) 3 2 -3 2 TD
RTS (Request To Send) 4 7 -8 5 CTS
CTS (Clear To Send) 5 8 -7 4 RTS
SG (Signal Ground) 7 5 -5 7 SG
DSR (Data Set Ready) 6 6 -4 20 DTR
CD (Carrier Detect) 8 1 -4 20 DTR
DTR (Data Terminal Ready)20 4 -1 8 CD
DTR (Data Terminal Ready)20 4 -6 6 DSR


Network Setup

Now that you (hopefully) have access to the serial terminal of the IPCop, with the installation drive now installed in the appliance, you can login as root using the password you supplied during the initial setup, and re-configure the network interfaces.


Since the unit has 4 ethernet adapters, I decided to go for the full on Red/Green/Blue/Orange network, as labelled in the image at the top of this page. Run the 'setup' utility on the IPCop and it will allow you to reconfigure everything you specified upon installation. After assigning ethernet adapters to interfaces using the wizard, I found the easiest way to assign them correctly was by manually editing the /var/ipcop/ethernet/settings file. On my motherboard the interfaces had labels to show the MAC address of each one, this made correct assignment easy. Using the aforementioned file with 'ifconfig' (which displays the MAC), you are able to assign each interface the correct ethX device.


On my system it worked out as follows:


Manual

The manual for the appliance, which also covers the POD-9578 board in good detail can be downloaded here: FWA-6X0man.pdf

Finished

Now you should have a running IPCop installation to configure for your network as you normally would.

Personal tools
Namespaces
Variants
Actions
Navigation
Toolbox