Installing IPCop on POD-9578 board
I recently acquired an Advantech FWA-600 1U server/firewall appliance with 4 ethernet interfaces. I thought this would make an ideal IPCop unit, and it turned out that I was correct! I have tried to describe my installation procedure as well as I can remember it. The motherboard contained within is a POD-9578.
Install IPCop on a hard drive
Firstly, another machine (one with a CD-ROM) drive was used to perform a standard installation of IPCop onto a hard drive. This unit actually has a compact flash slot on the motherboard which would have been nice to use, but I like a lot of logs and addons so deemed it unsuitable.
Perform a standard IPCop installation, none of the settings really matter as you can change them all again at a later time once the drive is installed into the appliance. Just make sure you remember the passwords used so we can gain access.
Enable Serial Console
The FWA-600 unit does not have a VGA output. The controller is present on-board and has a pin header to use it if you construct the appropriate cables, but I didn't think it necessary.
To enable the serial console, the drive was attached to another Linux system and mounted to allow the download of files and configuration. There are several files you will need to download from the IPCop binaries website, which will need to be moved to the IPCop install, so this method was deemed the easiest way of accomplishing this.
Download and install both agetty and beep from the IPCop binaries website.
After this you will need to make some changes to files on your fresh IPCop installation. These changes are best explained in this forum post. I have mirrored the changes below:
/boot/grub/grub.conf - Note: ensure to comment out the splash image
serial --unit=0 --speed=9600 terminal --timeout=10 serial console timeout 5 default saved foreground = 16064e background = ffffff # splashimage (hd0,0)/grub/ipcop.xpm.gz title IPCop root (hd0,0) kernel /vmlinuz root=/dev/hdc4 panic=10 acpi=off console=tty0 console=ttyS0,9600 ro savedefault title IPCop SMP root (hd0,0) kernel /vmlinuz-smp root=/dev/hdc4 panic=10 acpi=off console=tty0 console=ttyS0,9600 ro savedefault title IPCop (ACPI enabled) root (hd0,0) kernel /vmlinuz root=/dev/hdc4 panic=10 console=tty0 console=ttyS0,9600 ro savedefault title IPCop SMP (ACPI HT enabled) root (hd0,0) kernel /vmlinuz-smp root=/dev/hdc4 panic=10 acpi=ht console=tty0 console=ttyS0,9600 ro savedefault
/etc/securetty - Note: ensure to leave a blank line after the last entry
(...) ttypa ttypb ttypc ttypd ttype ttypf ttyS0
(...) # Run gettys in standard runlevels 1:2345:respawn:/sbin/mingetty tty1 2:2345:respawn:/sbin/mingetty tty2 3:2345:respawn:/sbin/mingetty tty3 4:2345:respawn:/sbin/mingetty tty4 5:2345:respawn:/sbin/mingetty tty5 6:2345:respawn:/sbin/mingetty tty6 T0:2345:respawn:/sbin/agetty -L 9600 ttyS0 (...)
I recommend using PuTTY to connect to the applicance via a null-modem cable (not straight-through). Hyperterminal caused me lots of problems, but PuTTY was perfect. In addition, this setup will allow you to access the post screen of the appliance, and modify BIOS/CMOS settings.
This is the pin-mapping I used to build a null-modem adapter (all my cables turned out to be straight through configuration).
|Signal Name||DB-25 Pin||DE-9 Pin||DE-9 Pin||DB-25 Pin|
|FG (Frame Ground)||1||-||X||-||1||FG|
|TD (Transmit Data)||2||3||-||2||3||RD|
|RD (Receive Data)||3||2||-||3||2||TD|
|RTS (Request To Send)||4||7||-||8||5||CTS|
|CTS (Clear To Send)||5||8||-||7||4||RTS|
|SG (Signal Ground)||7||5||-||5||7||SG|
|DSR (Data Set Ready)||6||6||-||4||20||DTR|
|CD (Carrier Detect)||8||1||-||4||20||DTR|
|DTR (Data Terminal Ready)||20||4||-||1||8||CD|
|DTR (Data Terminal Ready)||20||4||-||6||6||DSR|
Now that you (hopefully) have access to the serial terminal of the IPCop, with the installation drive now installed in the appliance, you can login as root using the password you supplied during the initial setup, and re-configure the network interfaces.
Since the unit has 4 ethernet adapters, I decided to go for the full on Red/Green/Blue/Orange network, as labelled in the image at the top of this page. Run the 'setup' utility on the IPCop and it will allow you to reconfigure everything you specified upon installation. After assigning ethernet adapters to interfaces using the wizard, I found the easiest way to assign them correctly was by manually editing the /var/ipcop/ethernet/settings file. On my motherboard the interfaces had labels to show the MAC address of each one, this made correct assignment easy. Using the aforementioned file with 'ifconfig' (which displays the MAC), you are able to assign each interface the correct ethX device.
On my system it worked out as follows:
- eth0 = RED
- eth1 = GREEN
- eth2 = ORANGE
- eth3 = BLUE
The manual for the appliance, which also covers the POD-9578 board in good detail can be downloaded here: FWA-6X0man.pdf
Now you should have a running IPCop installation to configure for your network as you normally would.