With my fascination with FreeBSD and Information Security, it was only natural for me to get excited about pfSense, a “free, open source customized distribution of FreeBSD tailored for use as a firewall and router. In addition to being a powerful, flexible firewalling and routing platform, it includes a long list of related features and a package system allowing further expandability without adding bloat and potential security vulnerabilities to the base distribution.”
After testing it out, I decided to replace the anemic built-in “firewall” on my SoHo Linksys wireless router with pfSense. This would allow me to run pfSense in a production environment (even if it is just my home network) to get more familiar with it, as well as give me a robust firewall, able to do what I need for my up and coming plans to conquer the world from my home network. (More on this in another post)
So, I could run pfSense on a old box I had laying around, but I got to thinking of the electricity cost if I had this box on 24/7/365–There had to be a more efficient way to run it…
Which is when I stumbled across PC Engines, a Swiss-based engineering company that designs and manufactures hardware for embedded computer systems. After doing a bit of research, I settled on the Alix 2d3, which gave me a 500MHz AMD Geode LX800. 256 MB RAM, 2x USB ports, and 3x NICs. I started using this guy’s blog post as a guide to building my embedded PfSense firewall.
To start off with, here was my parts list:
(Costs include shippping)
(And yes, I know I could have gotten the serial cable stuff cheaper)
-1x Alix 2d3 Kit (Board + Power Supply + 1GB CF card + Black Case) $201.53
-1x USB-to-serial adapter $19.94
-1x Null modem adapter (female to female) $17.13
-1x IDE to CompactFlash adapter $8.20
Grand Total (with shipping): $246.80
I went ahead and bought the Alix 2d3 kit from Netgate, and the rest of the parts from other sources. Here is a photo of everything:
After downloading the latest embedded image from pfSense.com, I needed to write the image to the CF card. Well, the main OS I run on my laptop is Vista, so I thought I would just do it from there.
Now, I didn’t buy a regular CF Reader, but a CF to PATA converter. I didn’t think this would be an issue, because I would just hook it up to my IDE to USB adapter and to my machine, like so:
Unfortunately, this did not work. The OS never even recognized that I had something plugged into the USB port. I have no idea why. So I went to plan B, and plugged it into an IDE spot on my test machine, and booted it up into FreeBSD.
FreeBSD found the card no problem, and using dd, I was able to successfully write the image to the CF card.
Next, I ran through RockPenguin’s directions of applying power to the board, and getting into the bios. I will quote his directions here, after the photo:
-Connect one end of the null-modem cable to your computer’s serial port and the other end to the serial port on the ALIX.
-Fire up your favorite terminal emulation software such as minicom (or Hyperterminal on Windows) and use the following settings:
Baud rate: 38,400
Data: 8 bit
Stop: 1 bit
Flow control: None
-Now apply power to the ALIX. If you are connected correctly, you should start to see the ALIX BIOS text.
-While the BIOS is going through the memory test press the “s” key to enter the BIOS setup.
-If have successfully entered the BIOS setup, you should see the text with some different options. Do the following:
Press “9? to set the baud rate at 9600
Press “q” to quit the BIOS setup
Press “y” to save the settings to flash
-If you start seeing gibberish ASCI characters instead of text, then you need to set your terminal emulation software to 9600 baud instead of the 38,400 we set it at earlier.
-Now reboot the ALIX by power cycling the unit (unplug the power, plug it back in).
-With the terminal set to 9600 baud, we should see the boot-up process and if all is well it should look akin to a Free-BSD boot.
Fortunately, my bios was already to the latest version, so I did not have to flash it like he did.
After this, I shutdown the device, and put the board into the case, and screwed everything down.
I then hooked it up to where I wanted it, and got it connected to the right cables.
Finally, I started it up again, and finished the initial pfSense configuration.
Here is the final product, hooked up, and ready to go:
-I actually thought it was going to be alot more difficult–It only took me about 3 hours.
-You want to know what the average wattage for this bad boy is? 5 watts!
So ends my first firewall-building experience.