Mar 13, 2013

PC Engine ALIX 2D3 pfSense OS

With my fascination with FreeBSD and Information Security, it was only natural for me to get excited about pfSense, a “free, open source customized distribution of FreeBSD tailored for use as a firewall and router. In addition to being a powerful, flexible firewalling and routing platform, it includes a long list of related features and a package system allowing further expandability without adding bloat and potential security vulnerabilities to the base distribution.”


After testing it out, I decided to replace the anemic built-in “firewall” on my SoHo Linksys wireless router with pfSense. This would allow me to run pfSense in a production environment (even if it is just my home network) to get more familiar with it, as well as give me a robust firewall, able to do what I need for my up and coming plans to conquer the world from my home network. (More on this in another post)

So, I could run pfSense on a old box I had laying around, but I got to thinking of the electricity cost if I had this box on 24/7/365–There had to be a more efficient way to run it…

Which is when I stumbled across PC Engines, a Swiss-based engineering company that designs and manufactures hardware for embedded computer systems. After doing a bit of research, I settled on the Alix 2d3, which gave me a 500MHz AMD Geode LX800. 256 MB RAM, 2x USB ports, and 3x NICs. I started using this guy’s blog post as a guide to building my embedded PfSense firewall.

To start off with, here was my parts list:(Costs include shippping)

(And yes, I know I could have gotten the serial cable stuff cheaper)

-1x Alix 2d3 Kit (Board + Power Supply + 1GB CF card + Black Case) $201.53
-1x USB-to-serial adapter $19.94
-1x Null modem adapter (female to female) $17.13
-1x IDE to CompactFlash adapter $8.20

Grand Total (with shipping): $246.80

I went ahead and bought the Alix 2d3 kit from Netgate, and the rest of the parts from other sources. Here is a photo of everything:


After downloading the latest embedded image from pfSense.com, I needed to write the image to the CF card. Well, the main OS I run on my laptop is Vista, so I thought I would just do it from there.

Now, I didn’t buy a regular CF Reader, but a CF to PATA converter. I didn’t think this would be an issue, because I would just hook it up to my IDE to USB adapter and to my machine, like so:


Unfortunately, this did not work. The OS never even recognized that I had something plugged into the USB port. I have no idea why. So I went to plan B, and plugged it into an IDE spot on my test machine, and booted it up into FreeBSD.


FreeBSD found the card no problem, and using dd, I was able to successfully write the image to the CF card.

Next, I ran through RockPenguin’s directions of applying power to the board, and getting into the bios. I will quote his directions here, after the photo:


——-Start Quote———

-Connect one end of the null-modem cable to your computer’s serial port and the other end to the serial port on the ALIX.

-Fire up your favorite terminal emulation software such as minicom (or Hyperterminal on Windows) and use the following settings:

Baud rate: 38,400
Data: 8 bit
Parity: None
Stop: 1 bit
Flow control: None
Terminal: ANSI

-Now apply power to the ALIX. If you are connected correctly, you should start to see the ALIX BIOS text.

-While the BIOS is going through the memory test press the “s” key to enter the BIOS setup.

-If have successfully entered the BIOS setup, you should see the text with some different options. Do the following:

Press “9” to set the baud rate at 9600

Press “q” to quit the BIOS setup

Press “y” to save the settings to flash

-If you start seeing gibberish ASCI characters instead of text, then you need to set your terminal emulation software to 9600 baud instead of the 38,400 we set it at earlier.

-Now reboot the ALIX by power cycling the unit (unplug the power, plug it back in).

-With the terminal set to 9600 baud, we should see the boot-up process and if all is well it should look akin to a Free-BSD boot.

——–End Quote——–

Fortunately, my bios was already to the latest version, so I did not have to flash it like he did.

After this, I shutdown the device, and put the board into the case, and screwed everything down.


I then hooked it up to where I wanted it, and got it connected to the right cables.

Finally, I started it up again, and finished the initial pfSense configuration.

Here is the final product, hooked up, and ready to go:


Final Thoughts:

-I actually thought it was going to be alot more difficult–It only took me about 3 hours.
-You want to know what the average wattage for this bad boy is? 5 watts!

So ends my first firewall-building experience.

0 comments:

Post a Comment