criggie.org.nz

News Images MP3 Humour Email Us Webmail Links
Poem Debbie Criggie Daniel Luke Katherine Gladys
Nokia IP330 and pfSense

The Nokia IP330 firewall and pfSense

Images

Thumbnails are clickable

Outside

nokia ip330 nokia ip330 nokia ip330

nokia ip330 rack lugs ears Nothing wrong here that a good squeeze in the vice won't cure.

Inside

nokia ip330 cpci compact pci connectorThe Compact PCI connector on the left front
nokia ip330 cpuMy gutless Intel Pentium 166 CPU
nokia ip330 hard driveWestern Digital 4.3 Gb IDE drive
nokia ip330 hard driveJumpered as Single Drive
nokia ip330 jumperSays COM2 or Modem on it - maybe for connecting the serial console to a modem?
nokia ip330 jumperSomething is Locked, Unlocked or DPD Locked. No idea exactly what.
nokia ip330 jumperTwo jumpers for Locked and Unlocked.
Entire board from above nokia ip330Whole Board from above
nokia ip330 mainboard motherboard runningRunning board - the red LED is the Link light for that NIC
Nokia ip330 memoryStandard 64 Mb SDRAM. Soon replaced with a PC133 256 Mb. Can take 512 Mb apparently.
No idea what this slot was to be for. Its rear-facing, so I guess its some sort of bridge port for stacking, or heartbeat for failover.

Hidden Stuff

Nokia ip330 hidden RJ connectorThe hidden connector from the inside.

Click for Hidden Cutout This is to show that there is a hidden cut-out behind the front panel. Photos just didn't show it very well.

Expansion Cards

cPCI cardThis is a T1/E1 card I saw on ebay - $1299 US!
cPCI card connectorZoom of the cPCI connector.
cPCI cardNokia NIF4107 - VPN Luna Accelerator Card for IP330 seen on ebay - $25 US... a much better deal. Not detected by freeBSD 6 though.

Specifications

This is the hardware:

CPU

Standard Socket 7 board, which normally was filled with an AMD K6 II at 266 MHz. Mine had an Intel Pentium 166, which was far too gutless. However this machine came out with an AMD K6 II clocked at 500 and 550 MHz. At those speeds, heat was much more of an issue. These higher-clock speed CPUs have a shroud over their heatsink which tunnels air past and out the end cooling fan.

Console and serial cable

The machine has a standard Award BIOS, but to get to it you require a special serial null-modem cable. In the BIOS you can (apparently) boot from a CDROM and other stuff. I haven't managed to make the serial console work in pfSense yet, despite turning it on in the Advanced page.

 
NOKIA IP300 ADAPTER
Special about this adapter is, that it connects pin 1 with 6 of
the DTE's. Without that it is not possible to gain access to the BIOS.
    Pinout:
    (DB9F_DTE)  (RJ45F_NOKIA)   (NOKIA RJ45 Cable)   (RJ45F_NOKIA)  (DB9F_DTE)
     (DCD) 1 ---- 1 (DCD)            1 ---- 4          
     (RCV) 2 ---- 2 (RCV)            2 ---- 3
     (XMT) 3 ---- 3 (XMT)            3 ---- 2
     (DTR) 4 ---- 4 (DTR)            4 ---- 1
     (GND) 5 ---- 5 (GND)            5 ---- 5                  (Same)
     (DSR) 6 ---- 1 (DSR)            6      6        
     (RTS) 7 ---- 7 (RTS)            7 ---- 8
     (CTS) 8 ---- 8 (CTS)            8 ---- 7
     (RNG) 9      -


-----Original Message-----
From: Grabowski, David [mailto:david.grabowski@xxxxxxxxxxxxxxxx] 
Sent: Saturday, 11 October 2003 6:56 AM
To: Mike.Carlson@xxxxxxxxxx; fw1-gurus@xxxxxxxxxxxxxxxxxx
Subject: RE: [fw1-gurus] Using Cisco ASYNC to connect to Nokia IPxx


Mike,

I don't have exactly the same environment as you, but it is similar.
Take this for what it's worth (which may not be much)

I've got a Cisco AS2511-RJ, which has sixteen serial interfaces. I use
it to connect directly to the console ports of my cisco devices and my
Nokia IP440's. It took some custom cabling to get it to work. I don't
know if the 2511's ports are wired the same as a standard AUX port, but
I wouldn't be surprised.

Anyway, here's the pinout of an RJ45-RJ45 cable that I use. On the Nokia
side, I use the RJ45-DB9 adapter that came with the Nokia.

RJ45 (cisco)	RJ45 (Nokia)
1 CTS			7 RTS
2 DTR			1 DCD/DSR
3 TXD			2 RXD
4 GND			n/c
5 GND			5 GND
6 RXD			3 TXD
7 DCD/DSR		4 DTR
8 RTS			8 CTS


To enable serial console you have to edit /etc/ttys and on the line starting ttyd0 change the "off" to "on"

More details will be added over time. Any queries - email me from this mailer page

Links

Output of dmesg in Nokia's Checkpoint IPSO

Starting bootmgr
Loading boot manager..Bootmgr loaded.Entering autoboot mode.
Type any character to enter command mode.
Booting wd(0,f)/image/IPSO-3.2-fcs4-08.17.1999-124427-783/kernel @ 0xf0100000
text=0x111000 data=0x25000 bss=0x22fa8 symbols=[+0x58+0x4+0x1749c+0x4+0x1cee9]
total=0x28d38d entry point=0x100000
[kernel] symtab f0259000, sym_start f0259004, sym_end f02704a0
[kernel] sym_size 1f0d, str_size 1cef0
[ preserving 0x34390 bytes of kernel symbol table ]
Copyright (c) 1982, 1986, 1989, 1991, 1993
        The Regents of the University of California.  All rights reserved.

Resizing packet buffers: mbufs 28672 clusters 14336
releng 783  08.17.1999-124427
CPU: 167-MHz Pentium 735\90 or 815\100 (586-class CPU)
real memory  = 67108864 (65536K bytes)
avail memory = 55951360 (54640K bytes)
chip0  rev 1 on pci0:0:0
piix0  rev 2 on pci0:7:0
Probing for devices on the ISA bus:
sio0 at 0x3f8-0x3ff irq 4 on isa
sio0: type 16550A
sio1 at 0x2f8-0x2ff irq 3 on isa
sio1: type 16550A
fdc0 at 0x3f0-0x3f7 irq 6 drq 2 on isa
wdc0 at 0x1f0-0x1f7 irq 14 on isa
wdc0: unit 0 (wd0): 
wd0: 4112MB (8421840 sectors), 8912 cyls, 15 heads, 63 S/T, 512 B/S
npx0 on motherboard
npx0: INT 16 interface
ultraio0 at 0x0 on isa
piix1  rev 1 on pci0:7:2
piix2  rev 2 on pci0:7:3
fxp0  rev 5 int a irq 10 slot 3
netlog:eth-s3p1 .. Ethernet address 0:a0:8e:7:41:70
fxp1  rev 5 int a irq 11 slot 4
netlog:eth-s4p1 .. Ethernet address 0:a0:8e:7:41:74
fxp2  rev 5 int a irq 12 slot 5
netlog:eth-s5p1 .. Ethernet address 0:a0:8e:7:41:78
changing root device to wd0f
swapon: adding /dev/wd0b as swap device
Automatic reboot in progress...
/dev/rwd0f: clean, 361061 free (269 frags, 45099 blocks, 0.1% fragmentation)
/dev/rwd0a: CLEAN FLAG NOT SET IN SUPERBLOCK (FIXED)
/dev/rwd0a: 4 files, 8 used, 34851 free (19 frags, 4354 blocks, 0.1% fragmentati
on)
/dev/rwd0d: UNREF FILE I=76801  OWNER=0 MODE=20600
/dev/rwd0d: SIZE=0 MTIME=Jan 26 00:11 2000  (CLEARED)
/dev/rwd0d: FREE BLK COUNT(S) WRONG IN SUPERBLK (SALVAGED)
/dev/rwd0d: BLK(S) MISSING IN BIT MAPS (SALVAGED)
/dev/rwd0d: SUMMARY INFORMATION BAD (SALVAGED)
/dev/rwd0d: CLEAN FLAG NOT SET IN SUPERBLOCK (FIXED)
/dev/rwd0d: 612 files, 127609 used, 2659221 free (845 frags, 332297 blocks, 0.0%
 fragmentation)
/dev/rwd0e: CLEAN FLAG NOT SET IN SUPERBLOCK (FIXED)
/dev/rwd0e: 676 files, 22686 used, 513125 free (565 frags, 64070 blocks, 0.1% fr
agmentation)
clearing /tmp
checking for core dump...savecore: no core dump
recording kernel -c changes
starting system daemons: syslogd done.
 rcm done.
 ifmnetlog:eth-s3p1 .. enabling 100baseTX/UTP port in half duplex mode
netlog:eth-s3p1 .. enabling 100baseTX/UTP port in full duplex mode
netlog:eth-s4p1 .. enabling 100baseTX/UTP port in half duplex mode
netlog:eth-s4p1 .. enabling 100baseTX/UTP port in full duplex mode
netlog:eth-s5p1 .. enabling 100baseTX/UTP port in half duplex mode
netlog:eth-s5p1 .. enabling 100baseTX/UTP port in full duplex mode
 done.
Apr 27 23:52:19 fwi [LOG_INFO] kernel: netlog:eth-s3p1 .. enabling 100baseTX
/UTP port in half duplex mode
Apr 27 23:52:19 fwi [LOG_INFO] kernel: netlog:eth-s3p1 .. enabling 100baseTX
/UTP port in full duplex mode
Apr 27 23:52:19 fwi [LOG_INFO] kernel: netlog:eth-s4p1 .. enabling 100baseTX
/UTP port in half duplex mode
Apr 27 23:52:19 fwi [LOG_INFO] kernel: netlog:eth-s4p1 .. enabling 100baseTX
/UTP port in full duplex mode
Apr 27 23:52:19 fwi [LOG_INFO] kernel: netlog:eth-s5p1 .. enabling 100baseTX
/UTP port in half duplex mode
Apr 27 23:52:19 fwi [LOG_INFO] kernel: netlog:eth-s5p1 .. enabling 100baseTX
/UTP port in full duplex mode
Generating config files for fwi.domainname.com :ipsrd hosts password resolver snmp inetd ttys tz ntp ssmtp skey arp aggrclass acl syslog autosupport net:ip:forwarding 1 -> 0 httpd done.
Thu Apr 27 23:52:23 GMT 2006

   IPSO (fwi.domainname.com) (ttyd0)

login: FW-1: only 25 internal hosts allowed
FW-1: License ok
FW-1: only 25 internal hosts allowed
FW-1: 4 interfaces installed
FW-1: only 25 internal hosts allowed
FW-1: setting external interface to eth-s4p1c0


   IPSO (fwi.domainname.com) (ttyd0)

login:

I couldn't go any further - I don't have a username/password for this install.

Output of dmesg in pfSense (FreeBSD 6.0)

Copyright (c) 1992-2005 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
        The Regents of the University of California. All rights reserved.
FreeBSD 6.0-RC1 #1: Sun Oct 30 20:04:35 UTC 2005
    sullrich@builder.livebsd.com:/usr/obj/usr/src/sys/pfSense.6
Timecounter "i8254" frequency 1193182 Hz quality 0
CPU: Pentium/P54C (167.05-MHz 586-class CPU)
  Origin = "GenuineIntel"  Id = 0x52c  Stepping = 12
  Features=0x1bf
real memory  = 268435456 (256 MB)
avail memory = 253104128 (241 MB)
Intel Pentium detected, installing workaround for F00F bug
wlan: mac acl policy registered
ath_hal: 0.9.16.3 (AR5210, AR5211, AR5212, RF5111, RF5112, RF2413, RF5413, DFS)
npx0: [FAST]
npx0:  on motherboard
npx0: INT 16 interface
cpu0 on motherboard
pcib0:  pcibus 0 on motherboard
pir0:  on motherboard
pci0:  on pcib0
isab0:  at device 7.0 on pci0
isa0:  on isab0
atapci0:  port 0x1f0-0x1f7,0x3f6,0x170-0x177,0x37
6,0xf000-0xf00f at device 7.1 on pci0
ata0:  on atapci0
ata1:  on atapci0
uhci0:  port 0x6400-0x641f irq 11 at de
vice 7.2 on pci0
uhci0: [GIANT-LOCKED]
usb0:  on uhci0
usb0: USB revision 1.0
uhub0: Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1
uhub0: 2 ports with 2 removable, self powered
piix0:  port 0x6200-0x620f at device 7.3 on pci0
Timecounter "PIIX" frequency 3579545 Hz quality 0
fxp0:  port 0x6800-0x681f mem 0xe0300000-0xe0300ff
f,0xe0000000-0xe00fffff irq 10 at device 13.0 on pci0
miibus0:  on fxp0
inphy0:  on miibus0
inphy0:  10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
fxp0: Ethernet address: ff:ff:ff:ff:ff:ff
fxp1:  port 0x6c00-0x6c1f mem 0xe0302000-0xe0302ff
f,0xe0100000-0xe01fffff irq 12 at device 14.0 on pci0
miibus1:  on fxp1
inphy1:  on miibus1
inphy1:  10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
fxp1: Ethernet address: ff:ff:ff:ff:ff:ff
fxp2:  port 0x7000-0x701f mem 0xe0301000-0xe0301ff
f,0xe0200000-0xe02fffff irq 5 at device 15.0 on pci0
miibus2:  on fxp2
inphy2:  on miibus2
inphy2:  10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
fxp2: Ethernet address: ff:ff:ff:ff:ff:ff
pmtimer0 on isa0
atkbdc0:  at port 0x60,0x64 on isa0
atkbd0:  irq 1 on atkbdc0
kbd0 at atkbd0
atkbd0: [GIANT-LOCKED]
fdc0:  at port 0x3f0-0x3f5,0x3f7 irq 6 drq 2 on isa0
fdc0: [FAST]
ppc0: parallel port not found.
sio0 at port 0x3f8-0x3ff irq 4 flags 0x10 on isa0
sio0: type 16550A, console
sio1 at port 0x2f8-0x2ff irq 3 on isa0
sio1: type 16550A
unknown:  can't assign resources (port)
speaker0:  at port 0x61 on isa0
unknown:  can't assign resources (memory)
unknown:  can't assign resources (port)
unknown:  can't assign resources (port)
unknown:  can't assign resources (port)
unknown:  can't assign resources (port)
ppc1:  at port 0x378-0x37f,0x778-0x77a irq 7 drq 3 on isa0
ppc1: SMC-like chipset (ECP/EPP/PS2/NIBBLE) in COMPATIBLE mode
ppc1: FIFO with 16/16/8 bytes threshold
ppbus0:  on ppc1
plip0:  on ppbus0
lpt0:  on ppbus0
lpt0: Interrupt-driven port
ppi0:  on ppbus0
Timecounter "TSC" frequency 167046190 Hz quality 800
Timecounters tick every 1.000 msec
Fast IPsec: Initialized Security Association Processing.
ad0: 245MB  at ata0-master PIO4
Trying to mount root from ufs:/dev/ad0s1a
fxp0: link state changed to UP
fxp1: link state changed to UP
fxp2: link state changed to UP
pflog0: promiscuous mode enabled

Output of dmesg in pfSense (FreeBSD 6.0) after installing new CPU

I changed the Pentium 166 to a AMD K6 II at 450 MHz and the damn thing is still running at 166 MHz.

Copyright (c) 1992-2006 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
	The Regents of the University of California. All rights reserved.
FreeBSD 6.1-RC #0: Mon Apr 17 22:46:03 UTC 2006
    sullrich@builder.livebsd.com:/usr/obj.pfSense/usr/src/sys/pfSense.6
Timecounter "i8254" frequency 1193182 Hz quality 0
CPU: AMD-K6(tm) 3D processor (167.05-MHz 586-class CPU)
  Origin = "AuthenticAMD"  Id = 0x58c  Stepping = 12
  Features=0x8021bf
  AMD Features=0x80000800
real memory  = 268435456 (256 MB)
avail memory = 253100032 (241 MB)
wlan: mac acl policy registered
kbd1 at kbdmux0
K6-family MTRR support enabled (2 registers)
ath_hal: 0.9.16.16 (AR5210, AR5211, AR5212, RF5111, RF5112, RF2413, RF5413)
npx0: [FAST]
npx0:  on motherboard
npx0: INT 16 interface
cpu0 on motherboard
pcib0:  pcibus 0 on motherboard
pir0:  on motherboard
pci0:  on pcib0
isab0:  at device 7.0 on pci0
isa0:  on isab0
atapci0:  port 0x1f0-0x1f7,0x3f6,0x170-0x177,0x376,0xf000-0xf00f at device 7.1 on pci0
ata0:  on atapci0
ata1:  on atapci0
uhci0:  port 0x6400-0x641f irq 11 at device 7.2 on pci0
uhci0: [GIANT-LOCKED]
usb0:  on uhci0
usb0: USB revision 1.0
uhub0: Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1
uhub0: 2 ports with 2 removable, self powered
piix0:  port 0x6200-0x620f at device 7.3 on pci0
Timecounter "PIIX" frequency 3579545 Hz quality 0
fxp0:  port 0x6800-0x681f mem 0xe0300000-0xe0300fff,0xe0000000-0xe00fffff irq 10 at device 13.0 on pci0
miibus0:  on fxp0
inphy0:  on miibus0
inphy0:  10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
fxp0: Ethernet address: ff:ff:ff:ff:ff:ff
fxp1:  port 0x6c00-0x6c1f mem 0xe0302000-0xe0302fff,0xe0100000-0xe01fffff irq 12 at device 14.0 on pci0
miibus1:  on fxp1
inphy1:  on miibus1
inphy1:  10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
fxp1: Ethernet address: ff:ff:ff:ff:ff:ff
fxp2:  port 0x7000-0x701f mem 0xe0301000-0xe0301fff,0xe0200000-0xe02fffff irq 5 at device 15.0 on pci0
miibus2:  on fxp2
inphy2:  on miibus2
inphy2:  10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
fxp2: Ethernet address: ff:ff:ff:ff:ff:ff
pmtimer0 on isa0
atkbdc0:  at port 0x60,0x64 on isa0
atkbd0:  irq 1 on atkbdc0
kbd0 at atkbd0
atkbd0: [GIANT-LOCKED]
fdc0:  at port 0x3f0-0x3f5,0x3f7 irq 6 drq 2 on isa0
fdc0: [FAST]
ppc0: parallel port not found.
sio0 at port 0x3f8-0x3ff irq 4 flags 0x10 on isa0
sio0: type 16550A, console
sio1 at port 0x2f8-0x2ff irq 3 on isa0
sio1: type 16550A
unknown:  can't assign resources (port)
speaker0:  at port 0x61 on isa0
unknown:  can't assign resources (memory)
unknown:  can't assign resources (port)
unknown:  can't assign resources (port)
unknown:  can't assign resources (port)
unknown:  can't assign resources (port)
ppc1:  at port 0x378-0x37f,0x778-0x77a irq 7 drq 3 on isa0
ppc1: SMC-like chipset (ECP/EPP/PS2/NIBBLE) in COMPATIBLE mode
ppc1: FIFO with 16/16/8 bytes threshold
ppbus0:  on ppc1
lpt0:  on ppbus0
lpt0: Interrupt-driven port
ppi0:  on ppbus0
Timecounter "TSC" frequency 167046593 Hz quality 800
Timecounters tick every 1.000 msec
Fast IPsec: Initialized Security Association Processing.
ad0: 3098MB  at ata0-master UDMA33
Trying to mount root from ufs:/dev/ad0s1a
fxp0: link state changed to UP
fxp1: link state changed to DOWN
fxp2: link state changed to DOWN
pflog0: promiscuous mode enabled
I'm guessing that the board is locked at one clock rate and one multiplier. Maybe I'll find something better in the BIOS, once I find a serial cable that works for BIOS access.

Other Interesting Stuff

Hidden Stuff

Firstly, there is a hidden socket on the front panel. Its just to the right of fxp2 and left of the Power and Fault lights.

The machine has these things not used

  1. USB controller - Intel UHCI
  2. Floppy controller - solder pads on the left by the cPCI slot
  3. An ISA bridge - isab0: PCI-ISA bridge at device 7.0 on pci0
  4. Two IDE channels, one not used
  5. A keyboard controller - atkbdc0: Keyboard controller (i8042) at port 0x60,0x64 on isa0
  6. Parallel printer port - ppc1: ECP parallel printer port at port 0x378-0x37f,0x778-0x77a irq 7 drq 3 on isa0

pfSense tricks

I have a CF card rather than a hard drive. So enable Embedded mode with

echo embedded > /etc/platform 
This minimises writes to the CF card to help prolong its life.

The need to fix up the mac addresses has been removed. pfSense notices the invalid MAC address now and writes a new one into its config file. The only drawback is that if you reinstall the mac address may change.

freeBSD tricks

Seems that polling is a bad thing on this machine.

With polling enabled on all three NICs
CPU states:  0.0% user,  0.0% nice,  1.5% system, 47.5% interrupt, 51.0% idle

With polling disabled.
CPU states:  0.4% user,  0.0% nice,  3.1% system,  3.1% interrupt, 93.4% idle

Anyone got any ideas?

More details will be added over time. Any queries - email me from this mailer page


Google
 
Web criggie.org.nz
This file last modified Friday July 14, 2017

If you find something here useful, feel free to donate bitcoin: Donations address: 14LHst9s1UEh8NMem87qaEd9tJWSCiNt1x

Valid HTML 4.01!

.