Watchguard Firebox X Peak platform
-
I played around with phpsysinfo and mbmon, it all seemed to work well, although the mbmon returns an error when trying to access /dev/smb0. Adding the argument -I to the mbmon script in /usr/local/etc/rc.d didn't help.
-
So after testing my procedure on another system that did have video and keyboard I got brave and reflashed my modified bios. Make sure to use the /cc switch with awdflash to clear to CMOS and force it to load the defaults.
I wasn't sure it had worked at first but at least it didn't brick it. It definately reflashed it though as I changed the bios message. Any way after much key pressing and googling:Phoenix - AwardBIOS v6.00PG, An Energy Star Ally Copyright (C) 1984-2003, Phoenix Technologies, LTD Modified by Steve for default console. Main Processor : Intel(R) Celeron(R) CPU 2.00GHz(100x20.0) Memory Testing : 524288K OK CPU Brand Name : Intel(R) Celeron(R) CPU 2.00GHz Memory Frequency For DDR266 (Dual Channel Mode Enabled) Primary Master : LEXAR ATA FLASH V1.02 Primary Slave : None Secondary Master : None Secondary Slave : None Phoenix Technologies, LTD System Configurations +==============================================================================+ | CPU Type : Intel(R) Celeron(R) CPU Base Memory : 640K | | CPU ID/ucode : 0F27/37 Extended Memory : 523264K | | CPU Clock : 2.00GHz Cache Memory : 128K | |------------------------------------------------------------------------------| | Diskette Drive A : None Display Type : MONO | | Diskette Drive B : None Serial Port(s) : 3F8 2F8 | | Pri. Master Disk : CHS,PIO 4, 15MB Parallel Port(s) : 378 | | Pri. Slave Disk : None DDR at Bank(s) : 0 2 | | Sec. Master Disk : None | | Sec. Slave Disk : None | +==============================================================================+ PCI device listing ... Bus No. Device No. Func No. Vendor/Device Class Device Class IRQ -------------------------------------------------------------------------------- 0 29 0 8086 25A9 0C03 USB 1.0/1.1 UHCI Cntrlr 11 0 29 1 8086 25AA 0C03 USB 1.0/1.1 UHCI Cntrlr 5 0 29 4 8086 25AB 0880 Base Sys. Peripherals NA 0 29 5 8086 25AC 0800 I/O(X) APIC Cntrlr NA 0 31 1 8086 25A2 0101 IDE CntrlrCI Cntrlr 14 0 31 3 8086 25A4 0C05 SMBus Cntrlr 12 2 1 0 8086 1075 0200 Network Cntrlr 10 3 13 0 16AE 000A 1000 En/Decryption Cntrlr 9 3 14 0 8086 1079 0200 Network Cntrlr 9 3 14 1 8086 1079 0200 Network Cntrlr 9 4 6 0 168C 001A 0200 Network Cntrlr 10 4 9 0 8086 1209 0200 Network Cntrlr 5 4 10 0 8086 1209 0200 Network Cntrlr 10 4 11 0 8086 1209 0200 Network Cntrlr 12 4 12 0 8086 1209 0200 Network Cntrlr 11 4 13 0 8086 1209 0200 Network Cntrlr 5 4 14 0 8086 1209 0200 Network Cntrlr 10 4 15 0 8086 1209 0200 Network Cntrlr 12 Updating ESCD ... Success Building DMI Pool ............................ SuccessThis was from putty at 115200 8n1 with no flow control.
Because you can't send the delete key over the serial console you have to press tab.
However it's incredibly flaky! ::) In fact it almost seemed like I had to press everything three times. It's almost impossible to navigate the bios, the keys seem virtually random.
I'm going to try it again at a lower baud rate to see if that's the problem.
Some interesting results from the POST, though nothing we didn't already know.Update: tried 9600, no different. I've only once managed to have display the complete POST. >:(
-
Hmm. The way you describe that serial output sounds like a flow control issue. Have you tried xon/xoff or hardware(if your cable supports it).?
-
I've tried a large number of different settings, mostly in puTTY but also in Hyperterminal for good measure. However I should probably work through them in order to make sure I didn't miss anything out.
The null modem cable I'm using was supplied with an SMC switch and seems to work perfectly in pfSense and from freedos.
It's as if every key is interpreted as escape. Which seems to make sense if putty is sending escape sequences.
Award calls their console redirect Award Preboot Agent. It seems that it was possible to get an companion program, Award Preboot Manager, that would talk to it and enable all sorts of interesting functions. Mapping a floppy drive from a remote machine so you can upload a new bios for example. Good luck finding anything about it though. ::)
I'll have to try and borrow another cable or get my multimeter out and test this one.The device in the post: Vendor ID 16AE; Device 000A would seem to be a Safenet SafeXcel 1841. It seems that it should be supported under FreeBSD but isn't recognised. It's the larger of the two chips with silver heatsinks (the other one's gig ether) and runs quite hot.
Update: It isn't supported in the safe(4) driver from FreeBSD 7.3 or 8. However..
Prices for the SafeXcel-184x series start at $85 per chip in quantities of 10,000
Sweet! I'm prising it off and selling it! ;D
-
Hi All,
Still playing here. ;DI just swapped the processor for a Pentium 4-M (SL6FH). It's rated at 1.8GHz but because the board doesn't support speed step it defaults to it's lower speed of 1.2GHz. The board booted and ran fine using slightly less power, ~46W at idle.
It does seem that there may be some potential for a pin mod to make it run faster.
However looking at the output of mbmon the core voltage being supplied by the board is 1.57V when it should be 1.3V. ::) Not good! The chip does have a far higher rated junction temperature though so could be run hotter. Still 1.57 is actually higher than the voltage provided for the original P4 so I think we can assume that the bios knows nothing about the P4-M. A Shame. :(Bios access is still defeating me. I can now semi-reliably get the first part of the POST which helps when swapping CPUs.
I am left thinking that the bios module that supports console access is basically knackered and was never meant to be used. I've tried every combination serial settings and several cables. I even installed a serial sniffer to watch what was actually being sent and received. It seems that the bios is just not receiving/interpreting what I'm sending correctly. Looking at instructions for other motherboards of the same era with the same bios modules and chipset it seems that it should just work with no problem.Update: I got braver and went for the pin mod I linked to above. Removing pin AE1, or bending it as I have, reduces the core voltage by 0.4V. So far it seems stable and cooler. ~42W at idle.
[1.2.3-RELEASE] [root@pfSense.local]/usr/local/bin(17): ./mbmon ioctl(smb0:open): No such file or directory Temp.= 35.0, 7.5, 37.5; Rot.= 21093, 21093, 19852 Vcore = 1.15, 2.16; Volt. = 3.38, 5.05, 12.10, -12.04, -0.62Should be able to fit quieter fans now for sure.
-
Still only getting 1.2 Ghz from that processor after the pin mod? How much is that chip going for on ebay?
-
Yep still running at 1.2GHz. I only tried the voltage mod though. By removing another pin you can set the bus speed to 133MHz (up from 100) giving 1.6GHz. I haven't tried that yet though. I paid £2 for it. ;D
However like it says in the article I linked to you'd be better off with the equivalent mobile celeron because they didn't have speedstep.
The way I look at it if I ever run out of processor headroom I can always swap back something more powerful. This is unlikely though as the box I'm replacing is an old Cyrix 333MHz running IPCop. A lot more interfaces on the Firebox though. :-\Steve
-
My new fans arrived today so I fitted them straight in. The cables need shortening really I ended up having to stuff it all into the fan enclosure which can't be good for air flow. :P
I went for three Akasa AK-161BL-S which are a 40x40x20mm fan, narrower than the originals. They're are specced at 6.27CFM so quite a lot less than the originals.
The results are - great! ;D
They are so much quieter. I would say about the same level as the Shuttle XPC I'm typing this on, I would happily use a desktop PC this loud. They also seem to keep thigs plenty cool enough. I've had the firebox runing for the last few hours and:[1.2.3-RELEASE] [root@pfSense.local]/root(15): /usr/local/bin/mbmon -I Temp.= 38.0, 13.5, 37.5; Rot.= 5578, 5357, 5232 Vcore = 1.15, 2.19; Volt. = 3.38, 5.05, 12.10, -11.96, -0.62I also have a thermocouple on the CPU heatsink which is stable at 30°C. This is in a 21° ambient with the case closed.
I have a feeling that both the temperatures measured by mbmon are chipset rather than cpu. Anyway to find out?
Here's a quick pic. I'm a sucker for a blue LED! ::)
-
looking nice, I would most likely use red LED instead to match the case and my other computer fans (I like to have some kind of color coordination and contrast lol) nice job!
-
Thanks Jamie. 8)
Oooo red, now there's an idea! It's a tough call though. Plenty of red led fans, plenty of 40mm fans, plenty of quiet fans but all three in one fan? I've not found one. To be honest you won't see it anyway once it's installed. :D
-
i know, but the glow in the dark room…thats worth it :)
-
I agree with the red LED, who ever heard of a blue firewall? that's preposterous! J/K
My preference? I want the fires of hades illuminating the wall behind my security devices.
-
how much did the fans and the firewall set you back?
-
The Firebox was £40 from Ebay. It was sold as faulty though because the root partition on the Watchguard CF card was corrupt. Bit of a risk but it paid off.
The P4-M processor I'm currently running was £2.
The fans were £3.50 each.
I'm not sure how much I paid for the wireless mini-pci card a while back but it was around £5.2 weeks fun and tinkering, priceless! ;D
Steve
-
so really I should look for ones that have "software issues" then? for the best bang for my buck?
-
Yes, that would be best. Although since they are all now end of life they shouldn't be sold as anything more than hardware only.
Like I said it was a bit risky. People on Ebay often say things like; "this laptop is mint condition, it just has a small software issue. I'm sure anyone familiar with it could fix it in seconds. A bargin". And then when you get it you find it needs a new motherboard! >:( I thought it was worth a £40 gamble. -
hmmmm…but for people like us who are building and rebuilding our own firewalls thats not that huge of an issue...well to me it would be more annoyance I think...
-
Steve,
Have you been able to use the USB port for anything fun/useful? I was thinking something like a thumb drive with an BSDNANO (since I'm running with HDD) but I think the Mobo has to support it first.
I also used my mni PCI slot for a crypto chip from an X700 I bricked, so a USB WLAN would be interesting.. maybe even try to get my 3G Mifi (verizon) connected to it for a secondary WAN connection.
–James
-
I tested it with a Belkin ethernet adapter I had to hand, I was recognised and came up as an interface no problem. Interestingly it was shown in dmesg as being connected to a USB 1 controller so the port on the front may be limited to 11Mbps. Or it maybe just a usb1 device, needs futher testing. There are certainly a number of usb conrollers in the firebox. Just next to the usb port on the board is what looks like another usb header with pins, could be interesting for internal usb.
There are options for USB booting in the bios (fdd,hdd,zip,ls120,cdrom). Maybe I'll pull out my usb zip drive! :D
By default it's set to try other boot devices so you could be in luck although it will try floppy, hdd0 and ls120 first.Do you actually use the crypto card? The one that's built in is way more powerful but there's no drivers. :'(
Steve
-
I haven't set up any encryption services on the box yet (it's still in staging process until I get a kid's room painted and the storage room cleaned out). I do have some hopes that the X700 crytpo card will work however. It shows up in the Dmesg and I have run some tests with openssl as was described in one of the stickied forums here.. so as long as IPsec or whatever uses the correct engine it should use the crypto card without a problem.
Zip drive huh? ugh.. i used to work in the plant that made those disks.. ::Grin:: well good luck with that.. hope you haven't developed the "click of death" in storage.
–James
