NOkIA ip330 works great
-
Hi just thought I'd let people know. I got hold of a few NOKIA ip330's. Pfsense works great so far. Haven't played around with advanced features yet but so far so good. I found it also alot easier to get up and runnig than monowall. pfsense auto assigned MAC's to the first 2 ports only the 3rd port was FF:FF:FF:FF:FF:FF. But I was able to spoof it in the web gui, fantastic feature. in monowall I have to edit the config file and add spoof for all nics. I also tried out the manual firmware update, I downloaded the current snapshot 2/5 and uploaded it no problem. great software. I look forward to playing with this and seeing were the project goes. Great work. I will post back if anything odd pops up with the NOKIA.
How to install pfsense in a nokia ip330
1. remove the hard drive from the ip330 and put it in a desktop pc as master/primary controller
2. boot from the live cd and do option 99
3. once the os is installed remove the hard drive and place it back in the ip330
4. boot to the counsel and setup pfsense
5 log on to the web gui and finish your setupSome problems I ran into:
Not all the hard drives that come with the NOKIA are in good shape. I had errors loading pfsense on the 20gb hard drive that came with the system.(install errors) so I found a 8GB hard drive and it worked fine.DHCP on lan side did not initialize on first setup:( had to try 2 things on different machines to get it to work)
1. Just reboot :)
2.if reboot didn't work try resetting to factory deflates and setup againHope this helps:)
-
UPDATE:
Now using the NOKIA for port forwarding to lan side FTP, HTTP, and 2000 terminal servers. Working great so far. Speed seems OK only have 15 clients that access the terminal server but no reported problems so far.
-
Something I have noticed about the nokia products in general is that the hardware used is very standardized, I haven't seen one of there commercial firewalls which couldn't be modded.
-
Any advice on booting to the console?
Jim
-
Any advice on booting to the console?
Jim
HI you need a null modem serial cable. I got one at compusa about $15. you can get them cheaper online.
1.Connect the cable to you first serial port(com1 usually the top one if you have 2) on the back of your PC. You must make sure the serial port is enabbled in the bios of the PC
2. connect the other end of the null modem cable to the consule port(not the serial port) of the NOKIA (do not turn on yet)
3. On your PC open hyper terminal and create a new connection choose com1 and make sure of the following settings
Bits per second 9600
Data bits 8
Parity NONE
Stop bits 1
Flow control Hardware
Hit ok and you should see a blinking curser in the uper left hand corner.
4. Now turn on the NOKIA and you should see the bootup in the hyper terminal screen.
Hope this helps
-
When you installed pfsense on the hdd after the 99 command did you reboot and then turn the installation computer off remove the hdd and put in the IP330, or did you reboot after installation and do any kind of nic setup and then move it to the IP330?
thanks,
Jim -
When you installed pfsense on the hdd after the 99 command did you , or did you reboot after installation and do any kind of nic setup and then move it to the IP330?
thanks,
JimHi after the 99 I turned the installation computer off, remove the hdd and put in the IP330. On the nokia from the counsel I then did the nic configuration LAN fxp0, wan fxp1, opt fxp2. fxp0 is the port closest to the counsel port
-
Thanks for the info. This is pretty much what we tried to do on Friday but did not get anything via the console port. I am using a cable that was successful viewing console off a foundrynetworks switch. How long after you booted the IP330 did you see anything on the terminal? Is the IP330 bios driving the console or is the pfsense OS doing that? We'll be trying it again on Monday. Left everything at the office.
thanks,
Jim -
Thanks for the info. This is pretty much what we tried to do on Friday but did not get anything via the console port. I am using a cable that was successful viewing console off a foundrynetworks switch. How long after you booted the IP330 did you see anything on the terminal? Is the IP330 bios driving the console or is the pfsense OS doing that? We'll be trying it again on Monday. Left everything at the office.
thanks,
JimHi it is the Machine BIOS that is driving the console. The BIOS boot screen comes up in the console first within 20 sec of turning it on.
Are you sure the cable is wired as a NULL modem? -
The console does not appear to be working on the IP330 we got. We can tell that it is access the hdd though. Any ideas on setting up pfsense under these circumstances?
thanks,
Jim -
The console does not appear to be working on the IP330 we got. We can tell that it is access the hdd though. Any ideas on setting up pfsense under these circumstances?
thanks,
JimNo sorry. But I still think you should check the cable. most foundry switches i've seen use a straight-through serial not a null modem serial.
-
You could try to edit the config.xml to fit the nokias configuration and boot it up with that. This way you can access it by the webgui and ssh and leave the serial console broken. Maybe someone of the fellow nokia330 users here can provide a factory default config with correctly assigned interfaces and turned on ssh with all other settings at default values for you and other nokia users. Can anybody help with that?
-
HI
I can try that. I will test it out first. If it works OK I will post the config file -
Hey,
You were right. I dug up a cable that came with one of our HP Procurves and it works. Right now our problem is the drive boots up and can not mount the root. We are going to try some things to figure this out. Have not been able to mount it manually so far.
thanks,
Jim -
Hey,
You were right. I dug up a cable that came with one of our HP Procurves and it works. Right now our problem is the drive boots up and can not mount the root. We are going to try some things to figure this out. Have not been able to mount it manually so far.
thanks,
JimHi Jim
Glad you got it going.:) -
Got it going and it auto assigned mac addresses to the nics. Very nice touch from the pfsense team.
thanks,
Jim -
How do you like our rebranded IP330?
-
Very nice! I like it :)
-
Bweyr,
Have you noticed that the halt command does not power the IP330 down? I can hear the hdd click like it is parking the head but the unit will not power off. Is this a limitation on the Nokia hardware?
thanks,
Jim -
I don't know if the nokia has a similiar setting like the nexcom, but I had to make a special setting at the nexcom to make reboots and powerdowns available. I documented what is needed here: http://www.mail-archive.com/support@pfsense.com/msg03811.html
Also try disabling ACPI and check the Bios for powermanagementspecific settings. -
Not really sure how to enter bios via console cable if it is even possible. Another question, Does the auto mac address assigner happen every time the machine is booted up? Can I go ahead and manually assign the fake mac addresses to the nics to it does not have to do this?
thanks,
Jim -
I've been reading on how to get into the bios of the ip330 and I guess we still do not have a real null cable modem. Amazing that we do not have this. After the AT comes up we do not see anything from the machine until the freebsd starts to boot up. I have ordered some null cables so we'll just have to wait till they come in.
thanks,
Jim -
Try teraterm http://hp.vector.co.jp/authors/VA002416/teraterm.html
I use this to enter WRAP, Nexcom and other BIOSes. It has a break-function in the Dropdownmenu Control>Send break or just use ALT+B alternativly. Sometimes this works where other terminal emulations don't work. Send the break before the machine actually starts to boot. -
Update. The cable we found to access the nokia IP330 was not a true null modem cable. It allowed us to see when the freebsd fired up but nothing of the bios initial boot. Our null modems finally came in on Thursday and we were able to see the entire boot process and enter the bios. There is not much there and no power management. I don't think the power supplies are ATX so there will be no hardware halt (no big deal). I am running our first rebranded nokia ip330 at my house and it seems fine. Andy, a colleague, has order two K6-2 500mhz to replace the current K6-2 266mhz that came with our used ip330s. These seem much better to play around with than the Nortel Contivity 100 boxes we got.
thanks,
Jim -
Does the IP330 have any special encryption accelleration build into it? For some reason in the back of my mind I thought it did, could be wrong tho.
-
Got it going and it auto assigned mac addresses to the nics. Very nice touch from the pfsense team.
thanks,
JimAm I correct in assuming, based on your post, that I no longer have to manually add the <spoofmac>tag to the xml config file? I have been using an IP330 for a while now and I have always had to add the <spoofmac>tags for each interface or all of my interfaces come up as ff:ff:ff:ff:ff:ff</spoofmac></spoofmac>
-
correct, pfSense will add some fake mac-adresses to interfaces showing non valid macs automagically.
-
Also a note if you are reading this thread and having problems. I did the dig through the old box O cables thing and found one that seemed to work. Mine brought up the POST screen but keep looping through the bios setup again and again. After much frustration I discovered that this is a known problem with some NOKIA and some cable/terminal programs. The dirty solution is just to hot patch the serial after boot…..
-
Having the choice between an unused IP330 and a 1U Pentium 4 @ 2Hz for pfSense, I wonder what would be the best. It would be for a 100Mbits WAN. Could the IP330 handle that easily with pfSense ? I also have an unused Watchguard Firebox II but I wonder if it would work fine, and it seems difficults to setup with pfSense.
-
Go with the 2ghz box. The IP330s are a glorified older pc maxing out at 500mhz IIRC.
-
Well I finally got my ip330
Lots of learning going on. Firstly, pay attention to the specs if you're buying one. Mine came with Intel Pentium 166 CPUs which are bloody slow, and make the whole machine feel very sludgy. The web suggests that an AMD K6 II clocked at 266 MHz is the standard CPU. However there are some with K6 II at 500 and 550 MHz, but those ones have a special shroud covering the CPU and one of the cooling fans to make a wind tunnel.
I simply replaced the 64 Mb SDRAM with a 256 Mb SDRAM without problems. My ones had a 4.3 Gb IDE Western Digital drive whereas most documentation says an 8 Gb IDE drive.
There is a compact PCI slot on the left - note its nothing like a normal PCI slot. There's also a hidden RJ45ish plug on the front and a space in the rear for some kind of module.
Things I haven't got working right - the serial console. I have a normal null modem cable which works for booting, but does not allow me to access the BIOS. I also don't get a console menu despide dmesg reporting
sio0 at port 0x3f8-0x3ff irq 4 flags 0x10 on isa0
sio0: type 16550A, consoleThats a work in progress. Also I changed /etc/platform to say "wrap" which is supposed to mount the CF card read-only (but didn't) and minimise writes to the CF card.
Now in relation to installing… The IP330 has a generic AWARD BIOS and can apparently boot from CD. You can use a normal 2 port IDE cable and a molex Y power splitter to run a normal CDROM and the internal drive all at once. I have not got this to work cos I can't get to the BIOS.
I put the drive into another PC and tried to install pfSense from the 1.0 Beta3 installer but that failed to detect a drive. Nokia may have done something screwey with the drives. So I simply drilled four holes and mounted my IDE/CF card reader in the same spot. Works a treat except I had more interfaces in the old firewall and so opt5 became opt1, and I had to recreate rules and so on. I should have edited a backup xml and reuploaded it, but didn't think of that till later.
On my other one I used a spare hard drive that was lying around and that installed fine on a normal PC. However I failed to set up NICs and IPs with that one, and it doesn't have a serial console enabled either, so I have to move the drive to a normal box and then modify config.xml manually.
I've got stacks of pictures at http://criggie.dyndns.org/tech/ip330/
So, my unresolved questions:
-
How to enable serial console on the PC platform?
-
How to enable read-only mode for the CF card?
-
What CPU shall I install for "More Power"?
-
What is the strange hidden RJ45ish plug on the front for?
-
What is the rear connector for?
-
Does anyone have a spare cPCI card for testing?
-
-
Seems that polling is a bad thing on this machine.
CPU states: 0.0% user, 0.0% nice, 1.5% system, 47.5% interrupt, 51.0% idle
With polling enabled on all three NICsCPU states: 0.4% user, 0.0% nice, 3.1% system, 3.1% interrupt, 93.4% idle
With polling disabled.Anyone got any ideas?
–-
Later... Turns out that really low spec CPUs do not benefit from polling. -
Got serial console working too now. I had to change "off" to "on" in /etc/ttys for the line starting ttyd0
No idea why "serial console" didn't show up under the advanced tab.
-
It won't show up for embedded systems as those have the serial console enabled by default.
-
It won't show up for embedded systems as those have the serial console enabled by default.
Okay fair enough - still it didn't actually turn on the serial console.
My next issue is the CPU upgrade. I bought and installed an AMD K6 II at 450 MHz, but the system has no jumpers to change the clock speed or the multiplier. So I've lost a F00F bug and gained two AMD MTRRs, but its still running at 166 MHz.
Silkscreened on the board is a table of multipliers, but they refer to BF0 BF1 and BF2 which are not to be found. Does anyone have any ideas about this? I'm not adverse to doing some soldering, but I don't know what to solder :)
-
Yeah I too ended up with a 166 mhz model. I looked and looked for the jumpers and I can't figure it out. I pulled the plastic covering with the writing off the front, it was partially coming off anyways and I wanted to paint the whole unit black. To get to the point that the connector to the right of the 3 rj45 connectors is a modem. On the board there is a jumper between the serial port and the modem so you can select which one is used. I have a stick of 256mb memory to swap for the 64mb in there eventually, but I wanted to swap the cpu at the same time. If you figure it be sure to post.
As far as the bios options, if you plug the null modem cable into the console port (bottom one) it will show the bootup screen and say press (i think its f2) to enter the bios. You have to open hyperterminal, etc first and connect, then turn on the ip330. I don't even use the serial port on the front. With the default options from installing the pfsense embedded image to the cf flash card I can see the pfsense menu through the console port (same with monowall that I had installed before). Suspossedly the ip330 does a vga to text conversion.
I like pfsense alot, but if I didn't need the nat reflection (only 1 public ip and multiple servers) I would switch back to monowall for the ip330 box. Pfsense is alot slower than monowall, but I like the features it offers.
Heres a few pics. BTW, you know where to get a set of mounting ears for a netgear switch? I bought them both used off ebay and the gigabit one didn't come with the rack mount ears :-/ Mine had a T1 compact pci card but I removed that. I'm probably going to put some sort of sticker over the hole, or make a new cover out a some scrap metal.
-
BTW, you know where to get a set of mounting ears for a netgear switch?
If you take the ones off the other switch, and run them into a machine shop I'm sure some can be made up from the sample. Actually - I have a bunch of FS518 switches coming spare, but shipping on even a small box is likely to be massive.
You could also do with a cable management bar or two there :) Something like http://www.cdlnz.com/cdl.html?VS=p&G=PP-CM&P=NC900&ID=3065532
You also have an extra LED to the right of your modem port - I only have two there…. Top is the Power LED and below that is Fault LED.
-
BTW, you know where to get a set of mounting ears for a netgear switch?
If you take the ones off the other switch, and run them into a machine shop I'm sure some can be made up from the sample. Actually - I have a bunch of FS518 switches coming spare, but shipping on even a small box is likely to be massive.
You could also do with a cable management bar or two there :) Something like http://www.cdlnz.com/cdl.html?VS=p&G=PP-CM&P=NC900&ID=3065532
You also have an extra LED to the right of your modem port - I only have two there…. Top is the Power LED and below that is Fault LED.
How much would it cost me to get a set from you with the mounting screws to mount it to the netgear box shipped to Northern VA in the United States (not sure where your located)? I'd offer to buy the whole switch from you but the fibre gigabit doesn't interest me from a money standpoint. Now if you had any that you were phasing out with copper gigabit uplinks I would be interested. You can send me an email with the details ryan @ wgnrs.dynu.com
I found the LED when I pulled off the plastic front. It was peeling off everywhere, the IP330 boxes are old so I figured why not paint it. Mine originally only had the console port, but I added the top serial connector as I had extra laying around. The modem port on mine was not covered to begin with. Seem to me the configuration on these was flexible. Now if only I could figure out how to set the jumper for the CPU I would be in business. I also replaced all 4 fans in the back as when I first turned it on those fans were abnoxiously loud. The connectors on board are 2 pin but a 3 pin fan works fine if you leave part of it hanging off.
Cable management bars are a good idea. I just got that rack setup in my basment. Its for my own purposes and anything with the word rackmount is crazy expensive so its taken some time to build. The white box in the back (above post, bottom pic top right) is where the CAT 5 cables come in. The house had CAT5 wire to each phone jack and I modified them to run data/voice a few years back and had a switch laying on a table next to the box. I'm eventually planning to put a patch panel on the back wall and use a 110 punchdown to organzie the wiring better.
The mounting brackets for the IP330 don't seem like enough to hold it with it just being front mounted. Do you know if thats the design for them. I have it sitting on whats pictured below.
-
-
The IP330s are a glorified older pc
All nokia 1u equipment is such.
In fact all nokia firewalls are glorified PCs. The 400 and above are almost standard PCs (ie, standard motherboards and everything)
The 100-300 ones are PCs or x86 compatibles in custom boards, and lack VGA/keyboards. Anything below a 100 is not a PC or x86.