Intro
I was looking for a convenient way of building an OpenBSD firewall for my home setup to replace the rather basic firewalling options in my ADSL router (D-Link DSL-604+). On the verge of buying a Soekris 4801 (a perfectly capable machine) I happened across a faulty Intrusion PDS-1100 that was about to be thrown out. Horrible looking boxes, and I'm used to them running Checkpoint (blech) so initially I wasn't interested. But having taken the thing apart I began wondering how easy it would be to put OpenBSD on it. It came with Debian installed and appeared to be x86 based hardware, so I figured it couldn't be too difficult.
Hardware
The PDS-1100 is basically an Acrosser AR-B9637 PC (user's guide). It runs a National Semiconductor GEODE GX1/GXLV processor, and the one installed in the PDS-1100 comes with an AR-B9461 daughter board that supports compact flash on a mini IDE interface. Spec:
CPU : NS GEODE GX1/GXLV Chipset:Cyrix CS5530A RAM Memory:Onboard 32MB SDRAM Flash Disk:Supports one socket for DiskOnModule Ethernet:3 x 10M/100M-Base2 with RJ-45 connector (PCI BUS) BIOS:AMI or AWARD flash BIOS RTC:BQ3287MT Chips Speaker:Supports external speaker LED Indicator:Power, HD and LAN LEDs Jumper:3 x 2 Jumper select base clock and CPU clock multiplier Power Connector:One 3-pin connector Power Req.:5V, 2.5A PC Board:6 layers,EMI considered Dimensions:178 mm x 102 mm
The 128MB CF card it came with was faulty, (the reason it was being thrown out), so I replaced it with a SanDisk 512MB card. 512MB is more than enough to run a firewall with room to spare.
One thing I haven't been able to do yet is get into the BIOS. The spec says that pressing DEL on boot should do the trick, but I've not been able to make this work. I wonder if it has been configured with a different key, or purposely disabled?
Software
Originally the PDS came with Debian Linux and Checkpoint installed. Being a BSD fan I decided the device would be better off running OpenBSD and PF. After poking around and failing to get the existing GRUB loader to boot from a TFTPed bsd.rd image I started looking around for ways of writing an OpenBSD image to a compact flash card. I quickly came across Chris Cappuccio's Flashdist script that combines all the steps necessary into one extrmely easy to use package. However the configs supplied with the script were aimed at Soekris hardware, which although similar is not quite the same.
I tried initially with the NET4801 config but it didn't boot. I then tried with the NET4501 config and hey presto, OpenBSD's boot text was scrolling up my terminal window. After fine tuning the config, and adding the correct network drivers (Realtek 8139) I had a config that worked well.
Pictures
Configurations
Working OpenBSD kernel configuration for the AR-B9637 :AR-B9637
Disk geometry for the Sandisk 512MB Compact Flash card:
Bytes/Sector:512 Sectors/Track:32 Sectors/Cylinder:2048 Tracks/Cylinder (heads):64 Cylinders:488
Stage 2
So I had minimal OpenBSD config running on the device, but I figured with 512MB of storage space to play with I might as well try putting a more standard install on it. After installing a minimal BSD OS on the flash card this is actually quite simple using OpenBSD's RAM disk kernel - bsd.rd. This is a bootable BSD system that sits entirely in RAM, and lets you install, upgrade or maintain an existing system. I copied the file into the root directory of the flash card, and then boot from it using :
boot hd0a:/bsd.rd
From then on it was just a case of following the standard OpenBSD install instructions. Once the install was finished I copied the kernel I had compiled (above) and it booted perfectly. Now all I have to do is configure it as a firewall and maybe spray paint the box :)
References
Flashdist http://www.nmedia.net/~chris/soekris/OpenBSD http://www.openbsd.org
Acrosser http://www.acrosser.com