my_pfsense

Posted: 18th January 2011 by haxrbyte in Penetration Testing / Ethical Hacking

Step1: Get a ALIX 6E1

link to Netgate’s ALIX 6E1.

I got my firewall yesterday….mmmmmm. 🙂

KIT-6E1-Black-U

It was $175,00 from Netgate. This converts to plus minus ZAR 1 226,00.

With shipping , it came to $306.46 with shipping (I used FedEx International Priority – $131.46).

This converts to about ZAR 2 147,00.

The kit includes:

* ALIX.6E1 system board (2/1/1/256/LX800)
* Laser etched red aluminum enclosure with USB and antenna cutouts
* Blank 2 GB Sandisk Ultra II CF Card
* 15V 1.25A 18W power supply (US 3 prong plug style)

The system board looks like this –

 

alix6e1

alix6e1b

The SPEC’s –
CPU: 500 MHz AMD Geode LX800
DRAM: 256 MB DDR DRAM
Storage: CompactFlash socket
Power: DC jack or passive POE, min. 7V to max. 20V
Three front panel LEDs, pushbutton
Expansion: 1 miniPCI slot, 1 miniPCI Express slot (USB only), LPC bus
Connectivity: 2 Ethernet channels (Via VT6105M 10/100)
I/O: DB9 serial port, dual USB port
Board size: 6 x 6″ (152.4 x 152.4 mm)
Firmware: tinyBIOS

NOTE: In South Africa you will need a converter for the power plug – USA to South Africa (2 or 3 point plug). I got one from a luggage shop for R75,00. The power supply will be fine(if you look on the bottom), if it says “100-240V, 50/60 Hz”, it will work anywhere in the world with the right plugs.

plug

NOTE: You need a Compact Flash card writer for installing the pfSense operating system, I had a 6-in-1 card reader that I got a while back.

reader

Second Step: Download the necessary packages

They needed the embedded version specifically created for the 2 GB CF card size. The embedded version performs only reads from the flash card, with read/write file systems as RAM disks as compact flash cannot handle many write operations. The embedded versions can be found on pfSense’s mirror list.

mirror_list

I downloaded the 2 files – pfSense-1.2.3-RELEASE-2g-nanobsd.img.gz and the pfSense-1.2.3-RELEASE-2g-nanobsd.img.gz.md5. This 2 GB embedded image for my 2 GB Sandisk Ultra II CF Card that I got in the ALIX.6E1 kit.

NOTE: It’s important to always download the MD5 file as well, and then to check download, to make sure the image have not been tampered with. There are various tools to do this for you, a very easy one is ExactFile, it runs on windows and it’s free. It can be downloaded here.

Install ExactFile, check the downloaded file for it’s MD5 hash. Open the MD5 file that you downloaded in a text editor and compare the hashes to see if they match.

You will also need to download physdiskwrite. This is a small Windows NT/2000/XP command line tool that makes it possible to write disk images onto raw disks, like CF cards.

Special considerations for Windows Vista/7
physdiskwrite works with Vista/7, but you must make sure to run it as administrator (simply having admin rights isn’t enough), or it won’t find any disks. One way to do this is to create a shortcut to cmd.exe, then right-click it and select “run as administrator”. Then you can launch physdiskwrite from the command prompt window that appears, and it should work fine.

NOTE: If you get write errors shortly after physdiskwrite has begun writing to the target disk (usually after 65536 bytes), this may be caused by existing partitions on the disk. Use the Disk Management utility (right-click on the “Computer” icon on the desktop and select Manage, then navigate to Computer Management (Local)/Storage) to delete all partitions on the target disk before starting physdiskwrite.

If you are unable to delete all the partitions with the Disk Management utility, try the following procedure:

1. Open a command window as admin (“cmd”)
2. Type “diskpart” and hit enter.
3. Type “list disk” and hit enter to find out the number of your drive.
4. Type “select disk X” (where you replace X with the number of your drive) and hit enter.
5. Type “clean” and hit enter.

Third Step: Install the pfSense operating system on my CF card

pfSense’s documentation does a good job. In there is states –
Before you begin with pfSense 1.2.3 NanoBSD images, you might want to check out the following articles:
1. NanoBSD on WRAP
2. ALIX BIOS Update Procedure

To install the pfSense operating system, I used the physdiskwrite method.

C:>physdiskwrite.exe pfSense-1.2.3-2g-20091207-1914-nanobsd.img

physdiskwrite v0.5.2 by Manuel Kasper <mk@neon1.net>

Searching for physical drives...

Information for \.PhysicalDrive0:
   Windows:       cyl: 91804
                  tpc: 224
                  spt: 19
   C/H/S:         16383/16/63
   Model:         ST3200822AS
   Serial number:             3LJ39Y8V
   Firmware rev.: 3.01

Information for \.PhysicalDrive1:
   Windows:       cyl: 243
                  tpc: 255
                  spt: 63

Information for \.PhysicalDrive2:
DeviceIoControl() failed on \.PhysicalDrive2.

Information for \.PhysicalDrive3:
DeviceIoControl() failed on \.PhysicalDrive3.

Information for \.PhysicalDrive4:
DeviceIoControl() failed on \.PhysicalDrive4.

Which disk do you want to write? (0..1) 1
About to overwrite the contents of disk 1 with new data. Proceed? (y/n) y
2000158720/2001194496 bytes writtenWrite error after 2000158720 bytes.

C:>

Fourth Step: Find a desktop PC for a serial connection to the Alix

Check the bootup process there by using a null modemcable and a terminal program. You’ll need either a USB to serial converter cable or a desktop PC to connect the serial cable. I used PuTTYtel , but you can use any program.

Fifth Step: Bootup the device and fire up PuTTYtel on my Windows system

In PuTTYtel go to Category -> Connection -> Serial

puttytel_config

Use the following settings for the connection:
* Baud rate: 9600
* Data: 8 bit
* Stop: 1 bit
* Parity: None
* Flow control: None

Go to Category -> Session -Choose serial and OPEN then power on the device.

puttytel_open

It goes through the boot process, and ends like this.

first_boot

pfSense is by default assigned an ip of 192.168.1.1. Open your browser and navigate to http://192.168.1.1.

auth_required

If you choose to login the username is ‘admin’ and the password is ‘pfsense’.

Completely Installed…

 

You must be logged in to post a comment.