Install Procedure for Velociraptor 1100

[MelfNeerg]

Hi Guys.

I have a couple of RAQ3s that I have ROM upgraded and they are now running Strongbolt. I was quite comfortable with doing the ROM upgrades, etc on them, so I blindly bought a Velociraptor 1100 off eBay in order to run RAQCOP to replace my PIX 515 (as I need the money it will raise for other kit).

After looking for at the scant documentation available for these boxes I have a couple of questions:

1/ How do I do a factory/password reset on the box so that I can assign new passwords and IPs? Is it the same procedure as on the other RAQs?

2/ Once I've done a reset I am presuming that I will then have a login prompt (telnet/ssh/console) that I can use so I can then perform the ROM upgrade?

Doing the install onto the hdd is not an issue - I just am not sure about getting the ROM update done beforehand

Any assistance would be greatly appreciated.

[Davesworld]

On question number 1 and 2, yes if memory serves me correctly because I have done this two years ago to a few raptors myself.

Have you ever used IPCop on a standard PC? This is what you'll be running with a re-skinned gui.

If you have a Strongbolt 1.x cd, you can use it to flash with and then back out after it flashes. I have also learned that you can use VMware to boot the Strongbolt CD ISO as the pcnet32 nic is supported by the Strongbolt installer. What I had done was to bridge VMWare to a usb nic and use a crossover ethernet cable to the Raq/Raptor and do it that way. These days I simply flash over serial from my Linux workstation. It's by far the quickest and easiest although more risky. This does not work well in Windows.

Warning! Do the following at your own risk! I cannot assume responsibility for any missteps you may make!

If you are brave and want to try the serial method, have a rom image ready in your home directory. Hook a nullmodem cable between your linux box and raptor and open minicom and turn it on. After the hard drive spins up you have a brief moment to hit the spacebar to go into the rom menu via minicom. Now you're at the main menu.  Type "boot" then enter, type "dl_kernel" then enter. Now open a terminal in your linux box, you do not need to be logged in as root to upload this, and type "cat cobalt-2.10.3-ext3-1M.rom > /dev/ttyS0" and press enter, the preceding assumes ttyS0 as your serial port. In minicom you will see a little spinning character showing that the upload is in progress. When it is done uploading, in minicom type "main" then enter and then type "eeprom" and then enter. Now here is where the point of no return takes place. Type "write_eeprom 0" and press enter. It will at least do an integrity check after it flashes. When it's done and hopefully it went well(see warning above), you now have a machine that will boot and run IPCop.

I recommend running Raqcop using a CF image on the ide flash device combo of your choosing and keep your hard drive with original os intact, you can always flash the rom to an older rom and put the original os back in and resell it. The Raptors use a standard Cobalt rom image anyway.

Note: Since you are used to using Strongbolt, keep in mind that while we have a useful lcd bandwidth meter here as well as detailed boot progress on our lcd display thanks to a perl script, we do not have button functionality on the running machine, only in the rom. I do not use the original Cobalt utilities at this time. They could be added and coexist with the perl driver which writes directly to the display at port 0x378 should I choose to revisit this. Do we really want button functionality on the front of a security appliance? If so, how much? Just enough to reboot from the front?

[MelfNeerg]

Thanks Daveworld.

I will go for the Strongbolt ROM upgrade process as this worked flawlessly for me before.

Either way, I'll be posting back with an update. Thanks for your help.

With regard to button functionality - I think it should be limited to information display & reboot. Maybe CPU usage, # connections, etc. Most security appliances these days make it as hard as possible to play with it unless you have CLI (and therefore a login) access via the console. And in my book - thats a good thing.

Just my 2p worth

[Davesworld]

True, things like password resetting ability on the front panel don't leave me with a warm fuzzy feeling. Brian Ridgeway who hosts this site has many of these appliances out in service. It's hard enough to keep the non technical types from switching the power off and back on when the network is down even though it is not the Raq appliance but they will shotgun anything when given the chance. Give them button functionality and they surely would abuse it.

[MelfNeerg]

After a little hassle, I now have it working nicely

It wouldn't update the ROM from the Strongbolt CD, so that idea had to be abandoned after multiple attempts.

I then setup a DSL vmware image and followed your instructions for upgrading the ROM over a serial connection. That didn't work either! It uploaded the rom image but when I issued a "write_eeprom 0" it just sat there. I left it for quite a while and then took the plunge and turned it off and on.

It booted back into 2.3.39 and was still working! I went back to basics and tried logging in as root over the console, hoping to try various password combos until one worked. No password was needed! If only I had known it was that simple all along. Doh!

Ftp'd over the flashtool and rom image and hey presto it is now all working perfectly.

I now have a beautiful yellow firewall ready to replace the "other" blue one

For reference, the ethernet ports get assigned as below:

Inside - eth0 - GREEN
Outside - eth1 - BLUE
Aux1 - eth2 - YELLOW
Aux2 - eth3 - RED

A little peeved that the port labelled "Outside" didn't end up as the RED though. Can that be easily changed?

[Davesworld]

Yes, if you edit /var/ipcop/ethernet/settings you can set the devices. It always tries to assign red to the highest numbered ethernet device, especially since all four nics use the same driver.