Slashdot Mirror


Build a Cisco PIX for 800 Australian Dollars

tallguy_wt writes: "Why fork out thousands of dollars to learn Cisco's PIX firewalling product when you can build your own for under 800 Australian Dollars, as shown in this article by Routermonkey."

5 of 394 comments (clear)

  1. In case of slashdotting .. by Anonymous Coward · · Score: -1, Redundant
    hax0r the b0x

    What you'll need:


    hardware:
    • Intel SE440BX-2 motherboard

    • 2 - 4 Intel 82557/82558/82559 Intel NICs (Dime a dozen)
      Cisco 16MB PIX Flash card (most expensive bit and the hardest to source)
      Floppy drive
      Case/power supply
      128MB PC100 SDRAM
      350MHZ Processor w/ 512K cache (clock speed doesnt really matter, but watch out over 750 as the board may not support it)
      Serial->Console adaptor (for console access)(you might also want an AGP video card to start with, to make sure the bios doesnt have any whacky settings - but be warned, the pix WONT boot with a video card inserted.

    software:

    • Pix OS (obtainable from CCO, or your nearest Cisco warez monkey)

      Pix Boothelper (Ditto)

    The Howto:
    First thing to do is to create the boothelper floppy disk. Get the bh61.bin files (thanks monkeys :) and use rawrite.exe / ntrw.exe / fdimage.exe on Windows or dd on Unix or workalike to create the bootdisk. Sample command lines:

    • Using dd (on Unix or workalike):

      • dd if=bh61.bin of=/dev/fd0a (/dev/fd0 on Linux)

      Using ntrw.exe (on Windows):

      • ntrw bh61.bin A:

    Then get all the pix bits and connect them up like you would any other system, making sure the floppy is connected, the ram and processor are seated well, and the power is all hooked up. To start with, I just put the system into a regular case, just until Ii was comfortable that it worked etc. (down thet rack, make the move over to a rackmount case, because rackmount cases get you chicks). Plug your video card in, and boot it up into the BIOS. Set it to boot from floppy and to NOT halt on any errors (lack of kb etc) and then shut the beast down. Attach the console adaptor to com1 and plug your console cable into your management machine and fire up a terminal emulator program (I just used HyperTerminal under Windows or minicom from Unix, but any will do). The settings need to be 9600 8-N-1. Remove the video card and boot the mofo up. It'll beep at you, letting you know it doesn't have a keyboard or video card, but it will continue to boot (if you followed the instructions). It should boot from the floppy disk, and then your terminal app will start spewing out the Pix boot information. It has ended when you have the following prompt:

    • pixboothelper>

    Now you need to get the fully-fledged Pix OS onto the flash card.. and now that the
    image is bigger than a floppy disk, the only way to do this is over TFTP.
    Cisco provide a tftp server (which I use), but other options exist, including
    Pumpkin (by Kin) or the regular tftp
    built into most Unix and workalike operating systems. Dump your pix622.bin file (or similar; the version number may be different) into the root directory of the tftp server. Almost there.
    Back on the pix, you now need to configure the inside interface to connect to the server -
    by default the inside interface is the 2nd one along. (I'm assuming you all know how to wire up a network, so i'll skip that). Use the following commands:

    • address ip-address (ie "address", followed by the IP address of the inside interface (same subnet as tftp server)

      server tftp-ip-address (ie "server", followed up the IP address of the tftp server)
      file pix-os-filename (ie "file", follwed by the Pix OS filename (eg pix622.bin))

      then type:tftp

      and hit enter to begin the transfer.

    Now you have the Pix OS software on the firewall. You can begin configuring the interfaces as usual, and you're away. Cisco.com is filled with useful documentation, so knock yourself out.

    If I get sufficient requests I might document how I constructed the rackmount case, but I suspect the most interest to be focused on the actual guts of it :)

    So here's a page with some pix pix.

    If you want a Pix 16mb card for $400US, give me a shout and I'll see what I can do.

    peace out

    Send props to:
    routermonkey[at]wiretapped.net
  2. Yeah! by Anonymous Coward · · Score: -1, Redundant

    I couldn't have said it better myself!

  3. Theft. by nyet · · Score: 2, Redundant

    \Theft\, n. [OE. thefte, AS. [thorn]i['e]f[eth]e, [thorn][=y]f[eth]e, [thorn]e['o]f[eth]e. See Thief.]

    1. (Law) The act of stealing; specifically, the felonious taking and removing of personal property, with an intent to deprive the rightful owner of the same; larceny.

    Note: To constitute theft there must be a taking without the owner's consent, and it must be unlawful or felonious; every part of the property stolen must be removed, however slightly, from its former position ; and it must be, at least momentarily, in the complete possession of the thief. See Larceny, and the Note under Robbery.

    -Dictionary.com

  4. Re:How stupid can you get? by Dogcow · · Score: 0, Redundant

    "What jackass would want to waste time and money recreating a POS firewall like a PIX? When's the article coming showing me how to clone a watchguard?"

    Yeah, speaking of jackasses, look at all the slashflunkies getting al dente over the idea that this article should have been about writing an IPTABLES firewall. Funny how if their enthusiasm was converted to textual works (million monkey scenarios, anyone?), it might describe exactly that - the cloning of a watchguard.

  5. Re:Why not use Smoothwall v2.0 by Dogcow · · Score: 0, Redundant

    You said the article should have been about a low-cost, open source alternative blah blah blah.

    I'm waiting for your article.

    Please, mod me down. This discussion isn't worth having until you post it.