The lasts days I was fighting with the Apache 2 reverse proxy functions to use two web servers with my ADSL connection. Unfortunately I had problems to redirect all the content I want. For this reason I decided to try an authentic Reverse Proxy software like Pound. But install Pound in one of the servers its not enough for me ;D
A new old project is alive: Run my own firewall in one server and install on it the Reverse Proxy. Just in time this week arrived a new toy: a Symantec Velociraptor 1100. In fact, the Velociraptor is a Cobalt RaQ 4i with a Special developed firmware and software (Axent originally). My Velociraptor came with a Cobalt 2.3.39 stored in the ROM but it doesn't shows the Cobalt logo at the display. Also has a Intel Pro 100 dual ethernet PCI-X card:
Due that the I don't have the original Velociraptor sofware, and I don't want to look for it because is old, not customizable and needs an expensive paid license I decided to install RaQCop. I had played with RaQCop before but not enogh time. RaQCop is a special version of ipCop that comes with a patched kernel for the RaQ hardware, LCD utils and a new administration web theme.
There is another firewall software ready for cobalt servers: Firebolt. Developed by the same team as Strongbolt, Firebolt is a port of the ClarkConnect firewall software, but this is a paid version (like Strongbolt) and I'm not sure which features are included by default. Maybe Firebolt is better solution for a home or office use as there is a very good manual and the support from ClarckConnect and OSOffice seems to be great. Firebolt will be the next game.
First of all the Velociraptor needed a ROM upgrade. Fortunately, I have a hard disk with the old CobaltOS ready and the Velociraptor boots from it. I get the necessary files for the upgrade from OSOffice, following this guide but doing a backup of the old ROM first. If you don't know which ROM maker your server has, you have to open the server and look to the chip as here is explained.
Due that the I don't have the original Velociraptor sofware, and I don't want to look for it because is old, not customizable and needs an expensive paid license I decided to install RaQCop. I had played with RaQCop before but not enogh time. RaQCop is a special version of ipCop that comes with a patched kernel for the RaQ hardware, LCD utils and a new administration web theme.
There is another firewall software ready for cobalt servers: Firebolt. Developed by the same team as Strongbolt, Firebolt is a port of the ClarkConnect firewall software, but this is a paid version (like Strongbolt) and I'm not sure which features are included by default. Maybe Firebolt is better solution for a home or office use as there is a very good manual and the support from ClarckConnect and OSOffice seems to be great. Firebolt will be the next game.
First of all the Velociraptor needed a ROM upgrade. Fortunately, I have a hard disk with the old CobaltOS ready and the Velociraptor boots from it. I get the necessary files for the upgrade from OSOffice, following this guide but doing a backup of the old ROM first. If you don't know which ROM maker your server has, you have to open the server and look to the chip as here is explained.
- Login via SSH as root.
- Go to temporary folder: # cd /tmp.
- Download the flashtool (in my case is ST branded): # wget http://www.osoffice.co.uk/linux/roms/flashtool-amd-st.
- Make the file executable: # chmod +x flashtool-amd-st.
- Backup the original cmos and then download it with a FTP software:
# ./flashtool-amd-st -v -r > cobalt-vr-2.3.39-1M.rom
./flashtool-amd-st: searching for PCI 10b9:7101 : found it at /proc/bus/pci/00/03.0
./flashtool-amd-st: systype = COBT_3K
./flashtool-amd-st: bank 0: ST Microelectronics M29F080A 1MB
./flashtool-amd-st: Using pthread POSIX real time scheduling.
./flashtool-amd-st: reading page 0
./flashtool-amd-st: reading page 1
./flashtool-amd-st: reading page 2
./flashtool-amd-st: reading page 3
./flashtool-amd-st: reading page 4
./flashtool-amd-st: reading page 5
./flashtool-amd-st: reading page 6
./flashtool-amd-st: reading page 7
./flashtool-amd-st: reading page 8
./flashtool-amd-st: reading page 9
./flashtool-amd-st: reading page 10
./flashtool-amd-st: reading page 11
./flashtool-amd-st: reading page 12
./flashtool-amd-st: reading page 13
./flashtool-amd-st: reading page 14
./flashtool-amd-st: reading page 15
./flashtool-amd-st: flushing buffers - Download the new ROM, this is for a GENIII RaQ, not valid for a RaQ 550: # wget http://www.osoffice.co.uk/linux/roms/cobalt-2.10.3-ext3-1M.rom.
- And now the critic job, write the new ROM:
# ./flashtool-amd-st -v -w cobalt-2.10.3-ext3-1M.rom
./flashtool-amd-st: searching for PCI 10b9:7101 : found it at /proc/bus/pci/00/03.0
./flashtool-amd-st: systype = COBT_3K
./flashtool-amd-st: bank 0: ST Microelectronics M29F080A 1MB
./flashtool-amd-st: Using pthread POSIX real time scheduling.
./flashtool-amd-st: writing page 0
./flashtool-amd-st: buffer page 0 does not exist - creating it
./flashtool-amd-st: writing page 1
./flashtool-amd-st: buffer page 1 does not exist - creating it
./flashtool-amd-st: writing page 2
./flashtool-amd-st: buffer page 2 does not exist - creating it
./flashtool-amd-st: writing page 3
./flashtool-amd-st: buffer page 3 does not exist - creating it
./flashtool-amd-st: writing page 4
./flashtool-amd-st: buffer page 4 does not exist - creating it
./flashtool-amd-st: writing page 5
./flashtool-amd-st: buffer page 5 does not exist - creating it
./flashtool-amd-st: writing page 6
./flashtool-amd-st: buffer page 6 does not exist - creating it
./flashtool-amd-st: writing page 7
./flashtool-amd-st: buffer page 7 does not exist - creating it
./flashtool-amd-st: writing page 8
./flashtool-amd-st: buffer page 8 does not exist - creating it
./flashtool-amd-st: writing page 9
./flashtool-amd-st: buffer page 9 does not exist - creating it
./flashtool-amd-st: writing page 10
./flashtool-amd-st: buffer page 10 does not exist - creating it
./flashtool-amd-st: writing page 11
./flashtool-amd-st: buffer page 11 does not exist - creating it
./flashtool-amd-st: writing page 12
./flashtool-amd-st: buffer page 12 does not exist - creating it
./flashtool-amd-st: writing page 13
./flashtool-amd-st: buffer page 13 does not exist - creating it
./flashtool-amd-st: writing page 14
./flashtool-amd-st: buffer page 14 does not exist - creating it
./flashtool-amd-st: writing page 15
./flashtool-amd-st: buffer page 15 does not exist - creating it
./flashtool-amd-st: flushing buffers
./flashtool-amd-st: flushing block 0 to ROM... verifying... done
./flashtool-amd-st: flushing block 1 to ROM... verifying... done
./flashtool-amd-st: flushing block 2 to ROM... verifying... done
./flashtool-amd-st: flushing block 3 to ROM... verifying... done
./flashtool-amd-st: flushing block 4 to ROM... verifying... done
./flashtool-amd-st: flushing block 5 to ROM... verifying... done
./flashtool-amd-st: flushing block 6 to ROM... verifying... done
./flashtool-amd-st: flushing block 7 to ROM... verifying... done
./flashtool-amd-st: flushing block 8 to ROM... verifying... done
./flashtool-amd-st: flushing block 9 to ROM... verifying... done
./flashtool-amd-st: flushing block 10 to ROM... verifying... done
./flashtool-amd-st: flushing block 11 to ROM... verifying... done
./flashtool-amd-st: flushing block 12 to ROM... verifying... done
./flashtool-amd-st: flushing block 13 to ROM... verifying... done
./flashtool-amd-st: flushing block 14 to ROM... verifying... done
./flashtool-amd-st: flushing block 15 to ROM... verifying... done - Now, if no errors appeared while the ROM upgrade, you can reboot. If you have errors you can repeat the process many time as you need. If still having errors write the backup ROM another time and DON'T REBOOT OR SHUTDOWN BEFORE THE ROM IS OK. The ROM is read at boot time and if it's wrong, you will convert your RaQ in a good case spare.
Be carefull to assure which type of EPROM you have. If your server has an Intel ROM chip you need a different flashtool created by Tim Hockin, as explained in the OSOffice guide.
The next Step is download the RaQCop image. I used a 128MB flash card as you can see in the next picture, but it was flashed some months ago:
RaQCop detects the four ethernet ports then I have 4 different zones: Green for the intranet, Red for de ADSL uplink, Blue for the wireless access point and Orange for the servers. Each zone works in its subnet and if I want to connect to a computer in a different zone I have to prepare a VPN or pinhole: a bit difficult for a newbbie as me but very safe.
Here you are the firewall running. Some adjustements had to be done in the GUI theme but it's so nice. To be continued...
The next Step is download the RaQCop image. I used a 128MB flash card as you can see in the next picture, but it was flashed some months ago:
RaQCop detects the four ethernet ports then I have 4 different zones: Green for the intranet, Red for de ADSL uplink, Blue for the wireless access point and Orange for the servers. Each zone works in its subnet and if I want to connect to a computer in a different zone I have to prepare a VPN or pinhole: a bit difficult for a newbbie as me but very safe.
Here you are the firewall running. Some adjustements had to be done in the GUI theme but it's so nice. To be continued...
Posts
No comments:
Post a Comment