Using FreeBSD on the Nokia IP330

I love recycling used equipment that companies think is too old for practical use anymore. I recently dug through a junk pile in a lab and came up with a Nokia IP330 appliance, which I remember as being an i386-based system which could easily run *BSD.

The IP330 is a 1U-sized PC appliance marketed as a turnkey system for network security applications. The model I got had the following specs:

1x AMD K6-2 CPU @400 MHz (i586)
256 MB PC-100 SDRAM
1x 20GB IDE hard drive
3x Intel 82558 Pro/100 Ethernet (fxp(4))
2x RS-232 serial interfaces (DB-9 male) with BIOS-level serial console

While dated and not powerful by today's standards, this appliance is certainly a capable packet router and with its 3 onboard 10/100 Ethernet interfaces, an ideal firewall platform.

History

Nokia's line of IP routers were originally designed to run Nokia's proprietary IPSO operating system, which is derived from FreeBSD. These platforms were the basis for a number of security applications, most popular of which was the Check Point firewall/VPN suite, for which many admins considered Nokia systems the most popular choice to run on.

Installing FreeBSD on the IP330

The installation of another operating system on the IP330 is not difficult, but it is a little more involved due to the lack of any removable media drives on the appliance. In order to install FreeBSD, you simply want to relocate the hard disk to another system where it can be installed, or transplant another hard disk with preloaded installation into the IP330. Perform the installation as your normally would, installing a standard MBR.

Support for the serial console

Local console access can be obtained by configuring the FreeBSD installation to enable the serial console. The FreeBSD Handbook covers how to do this, although the process is much simpler for recent releases than at first described:

Instruct loader(8) to enable the serial console during bootstrap by adding the following line to /boot/loader.conf.local:
```
console=comconsole
```

Configure init to allow logins on the serial console by performing the following change in /etc/ttys:

--- /etc/ttys.dist      Sun Aug 12 18:41:12 2007
+++ /etc/ttys   Sun Aug 12 18:41:20 2007
@@ -44,7 +44,7 @@
 ttyv8  "/usr/X11R6/bin/xdm -nodaemon"  xterm   off secure
 # Serial terminals
 # The 'dialup' keyword identifies dialin lines to login, fingerd etc.
-ttyd0  "/usr/libexec/getty std.9600"   dialup  off secure
+ttyd0  "/usr/libexec/getty std.9600"   cons25  on  secure
 ttyd1  "/usr/libexec/getty std.9600"   dialup  off secure
 ttyd2  "/usr/libexec/getty std.9600"   dialup  off secure
 ttyd3  "/usr/libexec/getty std.9600"   dialup  off secure

Network interface configuration

The fxp(4) driver cannot read the MAC address from the chips into memory on the IP330, a problem which prohibits proper IP communication from working. To fix this, assign hardcoded MAC addresses to each of the interfaces.

The easiest thing to do is record the MAC addresses from IPSO, if you have access to it. If not, while it would be simple to just make up arbitrary MAC addresses to use, it's probably best to pick MAC addresses from the set of MAC address prefixes assigned to Intel and choose random addresses from those to assign to your interface.

In order to set the MAC address on the Ethernet interfaces during boot, configure the files /etc/start_if.<name> as follows, inserting your MAC addresses after the link keyword:

/etc/start_if.fxp0: ifconfig $1 link aa:bb:cc:dd:ee:01
/etc/start_if.fxp1: ifconfig $1 link aa:bb:cc:dd:ee:02
/etc/start_if.fxp2: ifconfig $1 link aa:bb:cc:dd:ee:03

These files are parsed prior to the interface configuration processing in rc.conf(5), so you will have a proper hardware address prior to beginning network configuration (e.g. DHCP).

IP330 dmesg

The following dmesg(8) is for FreeBSD 6.2-RELEASE (i386) on the IP330:

Copyright (c) 1992-2007 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
        The Regents of the University of California. All rights reserved.
FreeBSD is a registered trademark of The FreeBSD Foundation.
FreeBSD 6.2-RELEASE #0: Fri Jan 12 10:40:27 UTC 2007
    root@dessler.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC
Timecounter "i8254" frequency 1193182 Hz quality 0
CPU: AMD-K6(tm) 3D processor (400.91-MHz 586-class CPU)
  Origin = "AuthenticAMD"  Id = 0x58c  Stepping = 12
  Features=0x8021bf
  AMD Features=0x80000800
real memory  = 268435456 (256 MB)
avail memory = 253272064 (241 MB)
K6-family MTRR support enabled (2 registers)
kbd1 at kbdmux0
ath_hal: 0.9.17.2 (AR5210, AR5211, AR5212, RF5111, RF5112, RF2413, RF5413)
cpu0 on motherboard
pcib0:  pcibus 0 on motherboard
pir0:  on motherboard
pci0:  on pcib0
isab0:  at device 7.0 on pci0
isa0:  on isab0
atapci0:  port 0x1f0-0x1f7,0x3f6,0x170-0x177,0x376,0xf000-0xf00f at device 7.1 on pci0
ata0:  on atapci0
ata1:  on atapci0
uhci0:  port 0x6400-0x641f irq 11 at device 7.2 on pci0
uhci0: [GIANT-LOCKED]
usb0:  on uhci0
usb0: USB revision 1.0
uhub0: Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1
uhub0: 2 ports with 2 removable, self powered
pci0:  at device 7.3 (no driver attached)
fxp0:  port 0x6800-0x681f mem 0xe0300000-0xe0300fff,0xe0000000-0xe00fffff irq 10 at device 13.0 on pci0
miibus0:  on fxp0
inphy0:  on miibus0
inphy0:  10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
fxp0: Ethernet address: ff:ff:ff:ff:ff:ff
fxp1:  port 0x6c00-0x6c1f mem 0xe0302000-0xe0302fff,0xe0100000-0xe01fffff irq 12 at device 14.0 on pci0
miibus1:  on fxp1
inphy1:  on miibus1
inphy1:  10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
fxp1: Ethernet address: ff:ff:ff:ff:ff:ff
fxp2:  port 0x7000-0x701f mem 0xe0301000-0xe0301fff,0xe0200000-0xe02fffff irq 5 at device 15.0 on pci0
miibus2:  on fxp2
inphy2:  on miibus2
inphy2:  10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
fxp2: Ethernet address: ff:ff:ff:ff:ff:ff
pmtimer0 on isa0
atkbdc0:  at port 0x60,0x64 on isa0
atkbd0:  irq 1 on atkbdc0
kbd0 at atkbd0
atkbd0: [GIANT-LOCKED]
fdc0:  at port 0x3f0-0x3f5,0x3f7 irq 6 drq 2 on isa0
fdc0: [FAST]
ppc0: parallel port not found.
sio0 at port 0x3f8-0x3ff irq 4 flags 0x10 on isa0
sio0: type 16550A, console
sio1 at port 0x2f8-0x2ff irq 3 on isa0
sio1: type 16550A
unknown:  can't assign resources (port)
unknown:  can't assign resources (memory)
unknown:  can't assign resources (port)
unknown:  can't assign resources (port)
unknown:  can't assign resources (port)
unknown:  can't assign resources (port)
ppc1:  at port 0x378-0x37f,0x778-0x77a irq 7 drq 3 on isa0
ppc1: SMC-like chipset (ECP/EPP/PS2/NIBBLE) in COMPATIBLE mode
ppc1: FIFO with 16/16/8 bytes threshold
ppbus0:  on ppc1
plip0:  on ppbus0
lpt0:  on ppbus0
lpt0: Interrupt-driven port
ppi0:  on ppbus0
psmcpnp0: irq resource info is missing; assuming irq 12
Timecounter "TSC" frequency 400910677 Hz quality 800
Timecounters tick every 1.000 msec
ad0: 19574MB  at ata0-master UDMA33
Trying to mount root from ufs:/dev/ad0s1a

By sancho at 2007/08/12 - 10:47am | FreeBSD | Hardware | login to post comments

Upcoming events

PhxBUG January Meeting(PhxBUG/MetaBUG Event)(22 hours)

OpenBSD Errata

OpenBSD Journal

OpenBSD in the News

.screenrc configuration file entries for status bar
1 year 13 weeks ago
SSH presentation linkage
1 year 13 weeks ago
I fully agree. I did my
1 year 18 weeks ago
Yep, required commonly
1 year 22 weeks ago
WPA required in the workplace?
1 year 26 weeks ago
Another WPA Update
1 year 26 weeks ago
another book recommendation ...
1 year 29 weeks ago
WPA as of OpenBSD 4.1
1 year 31 weeks ago
book recommendation
1 year 42 weeks ago
Re: Mysql GEM
1 year 48 weeks ago

PhxBUG - Phoenix BSD User Group

Resources

Navigation

User login

Post This Page to

Who's online

Who's new

Syndicate

Search