TippingPoint 330 (HP S330)



  • Here is the modified BIOS file(s) for a TippingPoint 330, to enable the 8 GIGe ports.  I have included the original BIOS and 2 other versions for bypass on at power off, or never bypass. Please let me know if you want a detailed write-up of how to install on this platform. Short story, memstick i386 serial, and a sata hard disk.  To update firmware:

    MGMT port is em4, set as wan on dhcp (or static if you want)

    run through normal setup gui, enable ssh

    scp over the file (I used winscp)

    pkg install flashrom
    flashrom -p internal -w /root/yourchoicefile.bin

    shut system down, remove power cable, remove cmos batt and move JP2 to 2-3 position and wait 5 mins.
    Move jumper back to 1-2, and install battery, reboot.  It should kill off once, and reboot.

    Bingo, you have active ports!
    [tp330 firmware.zip](/public/imported_attachments/1/tp330 firmware.zip)



  • When you have the time, please give the detail "How to".  Thanks so much.  ;D ;D ;D



  • I'd love a more detailed HowTo as well, please…  :)



  • I would like more info on doing this also. Any way to load PFsense onto the 1GB CF card?



  • Managed to get PFsense loaded to the internal CF card. Had to use a program called rufas to make the boot USB. You do need to use 7-zip.,etc to open the .GZ file you downloaded, use extracted image as the source for rufas. Do advanced install of PFsense point to the internal 1GB CF disk.

    I still have not figured out how to get the BIOS updated, I was hoping to mount a USB to it and copy then install that way. I also tried the commands you started to update the BIOS from the original OS and from PFsense shell and they don't seem to be supported. Not a huge fan of the BIOS in this thing no configuration options.


  • Netgate Administrator

    Those commands should still be valid. What happened when you tried to run them?

    If you installed the full version to the CF card rather than using Nano you should be sure to have disabled SWAP and you probably want to move /var and /tmp to RAM disks to avoid excessive writes to the card.

    Steve



  • I think I did a custom install then let it do what it wanted with partitions I think made a swap partition and some other stuff and I let it create on the CF card. I see I have a pkg command but seems to have different syntax and no flashrom command at all that I can see. I downloaded the following file from the PFsense site: pfSense-CE-memstick-serial-2.3.3-RELEASE-i386.img.gz. Extract with 7-zip, use RUFUS to make bootable USB, run pfsense install.

    I have a rather odd issue too the console works fine, I setup the mgmt interface as wan THEN as optional1. Gave both of these the same address (not at the same time). I can ping my SOHO router fine, but nothing can ping, access (web, SSH, telnet) to this unit. Because of this, I can't use SCP to move the bios files to it. I tried putting it on a 4GB USB stick (same model stick I used for install) I can't see any way in pfsence to access this though. Even with fat, fat32 format. Closest I got was cd /dev/da0 and it says something like unsupported or unrecognized file system. I also tried to remove the CF card put in a reader and paste, but windows has no clue what to do with it.

    How would I make it move /var and /tmp to RAM disks? I assume this would be during setup? Or is it simple to change even after install? I assume I can just disable swap by skipping that part at setup or disabling it now. How I would do this I don't know.


  • Netgate Administrator

    Disabling SWAP would need to be done at install time. Just don't add a swap slice. Moving /var /tmp to RAM is an option in System > Advanced > Miscellaneous.

    However if you're running from CF and running 32bit (I forget if that's a 64bit capable CPU in those?) I would just use a Nano image written directly to the CF card. The smallest current image is 2GB though so you'd need to get a bigger card. And when 2.4 is released there won't be any updates for Nano so you'd need to have a new plan at that point.

    If you can connect out from the firewall you probably just need to add rules to allow access back.

    As a temporary solution you can disable the firewall entirely at the CLI using:

    pfctl -d
    

    Then add rules to allow access.

    If you only assign one interface, em4 as WAN, the default allow rule will let you connect to that. That's probably the easiest way to get in.

    Steve



  • This may just be silly, but I just want to load PFsence on this, make it do some firewall/NAT, etc. Maybe see if I can give it a second life and use on my home network. Maybe learn pfsense, see how you can install and alter old network gear to do something else.

    Honestly, this would be simpler to run this on an old PC, but this is kind of nice because has lots of NICs, if it breaks it can still work in bypass mode, probably somewhat lower power use than most old PCs. I just can't see trusting a mod like this to anything critical so can't see using at work.
    I have a 2nd unit just like this, but that still has original OS, but near as I can tell being EOL it is basically useless.
    If it's too much a pain, or too problematic to work properly then I guess I'll just junk it. I got an old X505 unit too, looks quite old, but uses a normal PCI NIC but with 4 ports, I think main issue I have is the relays used for the bypass function. I'm somewhat surprised there is no changing the BIOS in this, but suspect they locked it down for security reasons. Would still be nice you could do hardware tests, change the boot setting, enable/disable the bypass function, and maybe totally disable certain ports at the BIOS level.


  • Netgate Administrator

    Ok, it looks like that box had a Core2duo in it so definitely 64bit. You should use the 64bit image.

    It should definitely be possible to get the custom bios image on there as long as the box has connectivity to fetch the packages.

    I would try re-installing using the 64bit image. Set it up without SWAP if you're installing to CF (1GB is pretty limited though). Assign only one interface, em4 as WAN.

    When you connect that to your existing network it should pull an IP and allow you to connect on it.

    Steve



  • I redid the install, got rid of the swap partition. The system seems to run a lot better now, set WAN as EM4 (MGMT port) it grabbed DHCP, the I set static, showed web GUI login page I didn't go past that point yet. Now that I have network to it hopefully I can SCP, FTP, TFTP the file over. I know basic Linux, but not sure exact commands for PFsense for some of these things. Was sort of hoping maybe move the file and update the bios from the web UI, but I doubt it can do all of that. I downloaded the alternative bios from this thread, I plan to use the bypass on fail one.

    I tried to see if could modify the setting in current bios, but seems it has no real settings. So I assume it is hard coded, and these alternate BIOS are mods of the original, or maybe mods of a config file hidden in these bios files.


  • Netgate Administrator

    You should be good from there.

    Go to System > Advanced > Admin Access and enable SSH. Then you can use WinSCP to connect and upload the file. Make sure to login as root not admin. I would put the BIOS file in /root.

    The command to flash it listed here should work correctly.

    The BIOS options can usually be set as hidden, read-only or read-write. You can also set the default setting. I imagine the files here have been edited to have RW settings and the appropriate defaults for the actions listed.

    Steve



  • I did as you described got the bios to update. Did update I heard the relays switch when it re-booted. I then had link light on the ports. Some reason though when I went into shell and did ifconfig it shows as disconnected. I used this same thing to check the mgmt port (em4) and it would show connected. Almost makes me think I have a little more work to do making all the relays trip or maybe it needs some sort of driver for these other NIC cards to work. <ay be="" i="" just="" need="" to="" reboot="" again="" too.="" <br="">I saw a few jumpers on it too that were not marked, one was in the very front by the mgmt port, and I think was one other, maybe these have something to do with the relays, etc.</ay>


  • Netgate Administrator

    Hmm, can you access the settings in the BIOS now?

    If you see link LEDs on the ports I would think they are connected to the PHYs. If the PHYs were somehow not connected to the NIC chips it might appear like that but I thought the LEDs are usually controlled by the NICs.

    Hmmm.



  • I need to do some more research into this in the next few days. I did try connecting to ports before and had no light, until now I assume related to the relay connections. I have not looked at the bios I didn't notice that it was any different than before and there was no settings, etc to change in the OEM BIOS. May just need a good reboot too, or maybe that port is just bad.



  • I am working on the unit right now and still not sure what is going on. I went in via console and GUI to the I.P I sat on EM4 (WAN) originally.  The system boot,s I hear relay click, the nic lights flash. I went into the GUI and CLI and all the interfaces besides EM4 show as being down. I set up all the interfaces in the GUI for LAN, WAN, opt, etc.

    I tried a different port and still nothing showing in status that it is connected. After I flashed the bios I rebooted it, it still didn't work, relays never tripped I then did the CMOS reset on it and then it worked. Maybe I still have something holding over from that, or maybe I corrupted the bios with the improper reboot.

    I tried to get into the BIOS, but no idea what key or command I would use to access it. Testing all the ports I get link and act lights on both ports in segment 1 and 2, but only get link light and NO act light on both ports in segment 3 and 4.


  • Netgate Administrator

    How do you have the additional ports configured in pfSense?

    Try running ifconfig at the CLI, if the ports show the media type as, for example:

    media: Ethernet autoselect (1000baseT <full-duplex>)</full-duplex> 
    

    Then they are seeing the connection.

    Having to reset the cmos after flashing the bios is expected. Probably only the default settings for the by-pass relays were changed so they need to be wiped and regenerated to the new default values.

    Try pressing TAB to enter the bios from the serial console.

    Steve



  • Well tried flashing bios again, reloading PFsense, even going to the X64 version, the X64 don't seem to work though because of some issue with BIOS.
    I get em4 mgmt port to work, but that is all I can do anything with for some reason. They all (em1-4) appear to be Intel pro 1000 NICs V 7.6.1-K.

    When I go into the shell and do ifconfig I get the below output, I have tried various ports on the S330, different cables, different switches (both 100 meg and gigabit) Still seems to do the same thing. I don't think until changed BIOS I could even get lights on the ports, now I get link lights on all ports, but only activity on ports in segmet 1 and 2.

    [2.3.3-RELEASE][root@pfSense.localdomain]/root: ifconfig

    igb0: flags=8c02 <broadcast,oactive,simplex,multicast>metric 0 mtu 1500
            options=400bb <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,jumbo_mtu,vlan_hwcsum,vlan_hwtso>ether 00:07:99:a3:20:e2
            nd6 options=21 <performnud,auto_linklocal>media: Ethernet autoselect
            status: no carrier

    igb1: flags=8c02 <broadcast,oactive,simplex,multicast>metric 0 mtu 1500
            options=400bb <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,jumbo_mtu,vlan_hwcsum,vlan_hwtso>ether 00:07:99:a3:20:e3
            nd6 options=21 <performnud,auto_linklocal>media: Ethernet autoselect
            status: no carrier

    igb2: flags=8c02 <broadcast,oactive,simplex,multicast>metric 0 mtu 1500
            options=400bb <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,jumbo_mtu,vlan_hwcsum,vlan_hwtso>ether 00:07:99:a3:20:e4
            nd6 options=21 <performnud,auto_linklocal>media: Ethernet autoselect
            status: no carrier

    igb3: flags=8c02 <broadcast,oactive,simplex,multicast>metric 0 mtu 1500
            options=400bb <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,jumbo_mtu,vlan_hwcsum,vlan_hwtso>ether 00:07:99:a3:20:e5
            nd6 options=21 <performnud,auto_linklocal>media: Ethernet autoselect
            status: no carrier

    em0: flags=8c02 <broadcast,oactive,simplex,multicast>metric 0 mtu 1500
            options=4219b <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,tso4,wol_magic,vlan_hwtso>ether 00:07:99:a3:20:e1
            nd6 options=21 <performnud,auto_linklocal>media: Ethernet autoselect
            status: no carrier

    em1: flags=8c02 <broadcast,oactive,simplex,multicast>metric 0 mtu 1500
            options=4209b <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,wol_magic,vlan_hwtso>ether 00:07:99:a3:20:e0
            nd6 options=21 <performnud,auto_linklocal>media: Ethernet autoselect
            status: no carrier

    em2: flags=8c02 <broadcast,oactive,simplex,multicast>metric 0 mtu 1500
            options=4209b <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,wol_magic,vlan_hwtso>ether 00:07:99:a3:20:df
            nd6 options=21 <performnud,auto_linklocal>media: Ethernet autoselect
            status: no carrier

    em3: flags=8c02 <broadcast,oactive,simplex,multicast>metric 0 mtu 1500
            options=4209b <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,wol_magic,vlan_hwtso>ether 00:07:99:a3:20:de
            nd6 options=21 <performnud,auto_linklocal>media: Ethernet autoselect (100baseTX <full-duplex>)
            status: active

    em4: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
            options=4209b <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,wol_magic,vlan_hwtso>ether 00:07:99:a3:20:dd
            inet6 fe80::207:99ff:fea3:20dd%em4 prefixlen 64 scopeid 0x9
            inet 192.168.22.225 netmask 0xffffff00 broadcast 192.168.22.255
            nd6 options=21 <performnud,auto_linklocal>media: Ethernet autoselect (100baseTX <full-duplex>)
            status: active

    pflog0: flags=100 <promisc>metric 0 mtu 33184

    pfsync0: flags=0<> metric 0 mtu 1500
            syncpeer: 224.0.0.240 maxupd: 128 defer: on
            syncok: 1

    lo0: flags=8049 <up,loopback,running,multicast>metric 0 mtu 16384
            options=600003 <rxcsum,txcsum,rxcsum_ipv6,txcsum_ipv6>inet 127.0.0.1 netmask 0xff000000
            inet6 ::1 prefixlen 128
            inet6 fe80::1%lo0 prefixlen 64 scopeid 0xc
            nd6 options=21 <performnud,auto_linklocal>enc0: flags=0<> metric 0 mtu 1536
            nd6 options=21 <performnud,auto_linklocal>[2.3.3-RELEASE][root@pfSense.localdomain]/root:</performnud,auto_linklocal></performnud,auto_linklocal></rxcsum,txcsum,rxcsum_ipv6,txcsum_ipv6></up,loopback,running,multicast></promisc></full-duplex></performnud,auto_linklocal></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,wol_magic,vlan_hwtso></up,broadcast,running,simplex,multicast></full-duplex></performnud,auto_linklocal></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,wol_magic,vlan_hwtso></broadcast,oactive,simplex,multicast></performnud,auto_linklocal></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,wol_magic,vlan_hwtso></broadcast,oactive,simplex,multicast></performnud,auto_linklocal></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,wol_magic,vlan_hwtso></broadcast,oactive,simplex,multicast></performnud,auto_linklocal></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,tso4,wol_magic,vlan_hwtso></broadcast,oactive,simplex,multicast></performnud,auto_linklocal></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,jumbo_mtu,vlan_hwcsum,vlan_hwtso></broadcast,oactive,simplex,multicast></performnud,auto_linklocal></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,jumbo_mtu,vlan_hwcsum,vlan_hwtso></broadcast,oactive,simplex,multicast></performnud,auto_linklocal></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,jumbo_mtu,vlan_hwcsum,vlan_hwtso></broadcast,oactive,simplex,multicast></performnud,auto_linklocal></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,jumbo_mtu,vlan_hwcsum,vlan_hwtso></broadcast,oactive,simplex,multicast>


  • Netgate Administrator

    What was connected and how when you took that output?

    You have em4 and em3 showing as up correctly there. When interface do you have assigned in pfSense? It looks like only em4 has a static IP right now.

    Steve



  • I was just using the port A of segment 1,2,3. I think I see what you mean there where it says no carrier or active. I am more used to looking at CLI output from Cisco gear, so I was expecting the part at the top to say something like up, connected, speed, etc. Sort if like EM4 shows.


  • Netgate Administrator

    Yes, if it shows a media state and status as active the driver is seeing the connection to the port.

    It might be simple that the interface is not yet configured in pfSense.

    Steve



  • Ive actually seen alot of jitter online, including this thread since I made the post.  Ill see what I can do for a very detailed write up and maybe a video on flashing the BIOS.  I modded the BIOS firmware with (I think Pheonix BIOS modder?) Ill have to check my notes at the house.

    Quick info:

    System does refuse to boot properly with x64 image, a panic IIRC.

    IIRC I couldnt get CF install to boot, had to use a SATA SSD and USB install stick.

    I just changed settings in each copy of the firmware, and saved changes as defaults (so you can default the BIOS via battery or jumper to modded version)

    I had to do the following to get the interfaces to work properly after flashing new BIOS (in OP):

    shut system down, remove power cable, remove cmos batt and move JP2 to 2-3 position and wait 5 mins.
    Move jumper back to 1-2, and install battery, reboot.  It should kill off once, and reboot.



  • I used AMIBCP V3.46 below are some screenshots and pics of the system.  You can see the jumpers, type of BIOS, and the bypass relays:














  • I did manage to get working. In my messing around I ended up trying the RESET button on the S330 It ended up basically corrupting PFsense and had to re-load it. Tried reload many times doing similar to before, no swap, etc. No luck. Ended up just finding an old 80GB SATA HDD and loading on that I can only assume the CF card was corrupted or had sector issues.

    I then set the various interfaces, the setup was sort of strange to me and what I was expecting. I was a bit surprised that setting an I.P for EM4(mgmt interface) did not work but can manage from the LAN interface. Maye some sort of ACL, etc in play, but seems would be nice to use the mgmt port as it was meant to be used. I also set the other segments as optional interfaces, but not sure yet these can be used for firewall/ NAT/ IPS interfaces like the LAN and WAN ports can be.

    I think would be kind of nice if was a bit more options in PFsense for making and linking multiple LAN/WAN interfaces, or one WAN to 2 LAN E.G a DMZ and another for the intranet.


  • Netgate Administrator

    In pfSense any interface can be either an external or internal interface. It only depends on whether you set a gateway on that interface.

    Only the LAN interface has any firewall rules on it by default. That is to make it easier to get started. All other interfaces will block all traffic by default.

    I'm sure you can use em4 to connect to the gui for management if you wish you simply need to add a firewall rule on that interface to allow it.

    Steve


Log in to reply