[ previous ] [ next ] [ threads ]
 
 From:  Mark Schoonover <schoon at amgt dot com>
 To:  "M0n0wall (E-mail)" <m0n0wall at lists dot m0n0 dot ch>
 Cc:  Mike Hiraga <hiragam at amgt dot com>
 Subject:  Announce: N0rwall Project
 Date:  Wed, 31 Dec 2003 11:06:46 -0800 
N0rwall Project

Overview

	N0rwall is a project inspired by the now famous M0N0WALL project.
The latter can be found at http://m0n0.ch/wall .  The company I work for had
purchased several Nortel Networks Contivity 100 systems to build our VPN to
connect several offices in different states. More information can be found
here: http://www.nortelnetworks.com/products/01/contivity/100/index.html .
Sadly, these systems proved to be underpowered, and we quickly outgrew them.
Not wanting to invest in more closed source equipment, the N0rwall project
was born. Obviously it's too expensive to purchase new units to run N0rwall,
but if already own these units this is a great way to recycle them. Also,
you can purchase used units from http://www.ebay.com  at very reasonable
prices. Copy the image file to the compact flash card that's already
installed in the Contivity unit, plug it in, and you're ready to go!

Goal

	To convert these Contivity units to run a custom version of
M0N0WALL.

Hardware

	The Contivity units can be purchased and configured a number of
ways. The units we had purchased came with an extra NIC, 12 MB of RAM and a
16MB CF card. Upon inspection, these units are an embedded PC, with an ATX
power supply, a 7 port 10/100 switch, and a serial port. They do make a
nifty package! Although this embedded PC has a VIA chipset, there is no way
to attach a keyboard or a mouse. A monitor was grafted in on connector J16.
See the monitor wiring diagram to be posted later.

	The processor is a Via Cyrix MII-333 333 Mhz, with the motherboard
supporting CPU speeds to 550 Mhz via switch SW3 settings. We could not
determine the manufacture of the motherboard, so we did not have any access
to documentation. If you know the manufacturer of these motherboards in the
Contivity 100, please let the development team know. We determined
everything about this system by brute force.

	After installing the monitor, and watching the system boot, it was
very clear the OS was a version of DOS.

Hardware Modifications

	If your unit is under warranty, you may not want to make these
modifications. The first modification is to add more memory. The motherboard
will accept an additional PC100 memory stick. Our unit handled an additional
64MB RAM, but nothing larger. This should be sufficient to run N0rwall.

	Some embedded PC motherboards have a watchdog circuit, and these
units are no exception. Since we are running FreeBSD, we will not need it!
J14 on our motherboard was cut to disable the watchdog circuit. Please check
the diagram for the various switch and jumper locations. If your system
reboots itself after about 2 minutes of on time, and continues to reboot,
then your watchdog circuit has not been disabled. Instead of using a jumper
for this setting, it has been permanently soldered on the motherboard.
Careful use of small wire cutters, and the watchdog circuit was set to off.
Since we did not have access to any documentation for this motherboard, we
could not develop a software solution to handle the watchdog circuit.

	The test unit had an additional NIC that was removed. In the next
version of N0rwall there are plans to add a wireless card to turn these
units into a WAP, with WAN and the 7 port switch.

M0N0WALL Modifications

	The generic PC image of M0N0WALL runs just fine so that could be
used. We went ahead and compiled a custom kernel to just support the
motherboard and the hardware in these units. Changing the kernel config file
to remove PCMCIA and APM helped keep the kernel as small as possible. Even
though we have 74MB of total RAM, we still wanted to have the maximum amount
of RAM available for N0rwall. Since these units have a serial port
available, N0rwall has been configured to use it as a serial console. You
don't need to graft a monitor on to the motherboard like we did. The serial
port on these units is set for 9600, 8N1. Using a null modem cable, and
appropriate terminal software, you can see the entire boot process. You'll
also have access to the basic M0n0 menu.

Conclusion

	This was a great project to resurrect some older equipment, and put
it back in service. Thanks to the M0n0wall team for developing this great
software. As soon as we can find a site to host the N0rwall image file, and
some basic documentation, I'd love to hear some feedback about this project.

Thanks!

Mark Schoonover
IS Manager
American Geotechnical
(V) 714-685-3900
(F) 714-685-3909

"We are successful when our bosses wonder what it is we do all day."  -- Tim
Mullen