Watchguard Firebox II
From DD-WRT Wiki
Contents |
[edit] Introduction:
The Watchguard Firebox series are usually based on standard x86 processors, so this information may apply to a wider variety of Watchguard routers. Even though this guide is intended for the Firebox II, it also applies to the Firebox III and Firebox 700 as well, due to similar hardware designs. In this guide, I assume that you have some basic knowledge of DD-WRT and that you are familiar with the Watchguard Firebox II. This guide has been put together with hands on experience with these routers, but I make no guarantee that it will work for you.
[edit] Useful Info:
The software is not the only thing that can be upgraded. RAM memory on these routers can also be upgraded (up to 256MB PC66/100 standard SDRAM on Firebox II) if you find the need for this, and Wi-Fi or Ethernet PCI cards can also be added. Just make sure that they are of a low profile and that they face the front, not the back of the router. Only Atheros WiFi based PCI and PCMCIA cards are supported with the registered version of DD-WRT x86.
The PCMCIA slots on the Firebox II are usable, but I have seen problems with DD-WRT assigning an IRQ to this interface, and as a result no PCMCIA card has been recognized so far. It may be possible to manually assign an IRQ in the BIOS for this interface and get it working, but I have not bothered to do so at this point.
A compact flash card can be substituted for a notebook IDE hard drive, but please be aware of the limitations of hard disk space on these older routers, which is around 8.4GB. Anything bigger and you will need to limit the number of drive cylinders to 4092 by using the drive’s jumpers. This is due to an old BIOS limitation.
The compact flash solution is still a better approach since it consists of no moving parts and reduces the risk of hard disk failure, especially on a system that will be 24x7 on service. Compact flash is also very inexpensive, and the smallest you can use for this project is around 16MB, up to 8GB. Also, having no noise coming from the router can be accomplished by this as well.
The fans on these routers can be very worn and noisy, due to the many years they have been on service. Please note that they run on 5 volts, and also there is no 12 volts supply in these routers. They can be replaced with an equivalent, but if you want absolute silence, you can install a pair of 12 volts fans. They will run slower, but they do provide enough airflow for the CPU and components to stay cool, thanks to the oversized heat sink Watchguard installed. The oversized heat sink will also let you disconnect the fans while your router is on service; as long as the cover is off.
The mac address for the WAN cannot be cloned from the GUI, this is by design in the public version of DD-WRT x86 to avoid conflicts with the registered version, which relies on mac address for activation. This, of course, does not apply to the registered version of DD-WRT x86. Please read the notes on how to clone a mac address by using a script.
The Ethernet jacks on the Firebox II does NOT support automatic MDIX detection, which means that in the event that the router does not link to another device (another router, computer or switch) that does not support MDIX or auto MDIX detection, you will need to use a crossover cable.
I recommend the use of a DB9 to DB9 “Laplink” (or null modem) serial cable, so you can monitor the console of the router if you cannot find a compatbile PCI VGA card for this router. You can monitor it once connected by using HyperTerminal or Putty. The COM settings for this is 115200-8-N-1 when using DD-WRT x86. You also have to make sure that the serial image of DD-WRT is used, not the VGA version for this case. Keep in mind though, that both the VGA card and the serial cable are optional, there is a good chance that the router will boot without any problems.
[edit] To load DD-WRT to the Firebox, you will need these items first:
- Compact Flash to 44 pin Hard Drive Adapter
- 44 pin IDE Laptop HDD cable
- A compact flash card, up to 8GB (16MB minimum)
- A compact flash card reader
- An Old PS/2 Mouse Bracket (optional)*
- A PCI VGA card (S3 or Cirrus, optional)
- A null modem cable (optional)
[edit] Loading DD-WRT:
Start by loading DD-WRT to your compact flash card, by using a program called physdiskwrite.
- Then select your version of DD-WRT x86. Just drag your “dd-wrt_xxxx_vxx-x86.image” file to the physdiskwrite executable file.
- Indicate the program which physical disk to write to. Be very careful of not having any other card in your reader, or you can overwrite it by accident. In my case, Drive 3 was my card, since it has the smallest amount of cylinders.
- Change the CMOS jumper next to the RTC battery (JP13) from it's original position.
- Install the IDE adapter and compact flash card. The 44 pin IDE connector on the motherboard is labeled "J1".
[edit] Getting ready to boot
Now that the software is loaded, you can turn on your router, or if you prefer to monitor the boot process, you can continue with the following instructions:
The following steps are to monitor the console through PuTTY or HyperTerminal, and therefore are entirely optional. You can also disregard these steps if you are using a working VGA card, the VGA version of DD-WRT and a PS/2 keyboard connected to the router. Please see the notes for PS/2 pinout.
- Connect the serial cable to the “Console” port in your router and to your PC COM Port. Open HyperTerminal, it may ask you to enter an area code. You can just type 000. Then it will prompt for a name and to select an icon. Just name it to whatever you want and click OK.
- A prompt for “Connect to” is next. Select “Connect using: COMX”, where X is the COM port number that you are using for the cable. In my case, this is COM1.
- The COM properties are next. Make sure that settings are: 115200-8-N-1-N.
- Make sure that you have the router connected straight to your PC using the port labeled “TRUSTED”, no other PCs, DSL/Cable modems or other routers should be connected.
Now you can turn on the router, and you should see the console as it boots. It may take a little while, just be patient. Also, keep in mind that the original front LED panel will no longer work.
[edit] Configuring for the first time
It may take up to 2 minutes for your PC to acquire an IP address, be patient.
- Now that the router is up and running, you can access it by typing 192.168.1.1 on your web browser, and using the login name “root” and password “admin”, without the quotes.
- Access the page “Setup”, and change the connection type from “Disabled” to “Automatic Configuration – DHCP”. The router may be unresponsive after this, you will need to renew your IP after applying the changes.
This will automatically assign “eth0” as your WAN connection. Essentially, eth0 is “External”, eth1 is “Trusted” and eth2 is “Optional”. You can connect “Optional” to a switch or another computer, it will essentially be the same as “Trusted” in this case due to the default bridge option.
Now you can plug in your internet connection to the Ethernet jack labeled “External”, wait a few seconds, and you should have Internet access by using your Watchguard Router with DD-WRT.
[edit] Notes
1. The pinout of the PS/2 header on the Firebox II, labeled "P6", is
- Pin 1: Data
- Pin 2: Unused
- Pin 3: Ground (GND)
- Pin 4: +5v (VCC)
- Pin 5: Clock
- Pin 6: Unused
2. The pinout for the PS/2 header on the Firebox III is:
- Pin 1: Header Data
- Pin 2: Ground (GND)
- Pin 3: +5v (VCC)
- Pin 4: Clock
3. If you need to clone the mac address from your previous router or computer, and you are using the public version of DD-WRT, you need to add the following startup script under "Administration" ---> "Commands":
#!/bin/sh # sleep 5 ifconfig eth0 down nvram set wan_hwaddr=00:11:22:33:44:55 ifconfig eth0 hw ether 00:11:22:33:44:55 ifconfig eth0 up kill -USR2 'cat /var/run/udhcpc/pid' 2> /dev/null killall udhcpc 2> /dev/null /usr/sbin/udhcpc -i eth0 -p /var/run/udhcpc/pid -s /tmp/udhcpc -H ROUTERNAME #
Replace "00:11:22:33:44:55" with the mac address that you want to clone, and ROUTERNAME with your router's name, which by default is DD-WRT. This is not needed for the registered version of DD-WRT x86.
--Spy Alelo 16:24, 27 March 2008 (CET)