Getting OpenBSD 5.1 on the ALIX firewall

Getting OpenBSD on the ALIX used to be quite an effort. You had to figure out what your CF card looked like, enter the right drive parameters, and hope. Now it’s dead easy:

1. Download the flashrd binary image. I used flashimg.i386.wd0.com0-20120531.gz, which is root wd0, com0 38400 console. This matches the Alix BIOS default, which also spits out 38400 serial.
2. Unzip the image with gzip -d
3. Write the image to the CF card. I have Cygwin installed, so I was able to use dd. Since I’m running this on Windows 7, I had to open my Cygwin shell as Administrator. The command I used:

   dd if=flashdist.i386.wd0.com0-20120531 of=/dev/sdd bs=128k

   I was pleasantly surprised that dd worked. (I found the device by doing sfdisk -l /dev/sda, then sdb, then sdc, until I found a partition table that looked like my 4 GB flash drive.) I picked 128k as the block size because the image was evenly divisible by that. I don’t know if it makes a difference, but I figured why risk it.

4. Next I hooked up a DB9 F/F mini null modem to my PC serial port, connected that to the Alix serial port, ran hypertrm (which I had to get from an earlier Windows release) and was talking to OpenBSD. Root password was “root” (no quotes).
5. At this point I reset the password:
   rw
passwd root
ro

   rw is the flashrd way to say “mount the file system read/write”, and ro says “mount the file system read-only”. flashrd boots up read-only (which saves wear on the flash card) so you need to set it to read/write if you want to do pretty much anything.

That’s all there is to it!

(This post is part of Building an ALIX firewall)

Building an ALIX firewall

It’s been a long time since I updated my firewall. Right now it’s a PC Engines ALIX 2c2 that I’ve been really happy with. I used flashdist and put OpenBSD 4.4 on it.

I think that’s a winning combination, but it’s time to upgrade. First, I want to go to OpenBSD 5.1. Next, flashdist has been replaced with flashrd, which is easier to install and use, and more appropriate for larger CF cards.

I started by getting an ALIX 2d2 (just one more IDE header than the 2c2, not much change). I bought it from mini-box.com, and I also picked up the custom enclosure for it and a power supply.

I already had a 4 GB CF card: a Kingston 4GB elite pro 133X, which was new when I built the original firewall. Make sure you have a good CF writer. I’ve had failures with cheapies, but got a Kingston FCR-HS219/1 and that worked.

There are a number of steps to get a working firewall. They are:

1. Getting OpenBSD 5.1 on the ALIX
2. Setting up networking for the ALIX firewall
3. Setting up PF for the ALIX firewall
4. Setting up BIND on the ALIX firewall
5. Final cleanup for the ALIX firewall