• Welcome to Overclockers Forums! Join us to reply in threads, receive reduced ads, and to customize your site experience!

Rebuilding my Firewall.

Overclockers is supported by our readers. When you click a link to make a purchase, we may earn a commission. Learn More.

Adragontattoo

Trailer Chasing Senior
So I get back from traveling for work and sit down to check email and use internet that is above 9 kb/s for the first time in a month and notice a small issue...

It's VERY slow.

hmm, ok?

reboot AP, nope.
Notice DHCP isnt being provided.
Check IPCop and its still running but I smell a faint burnt smell.

OH CRAP!

Pull network down asap and remove the firewall from the rack. Pop the top and start looking for burn marks.

Cant find any.

Start stripping the system to see if it is the PSU or bottom of the board etc.

Get the system down to bare metal and dont see anything so I look at the HDD. Burn marks on the bottom... Uh oh.

Remove the screws holding the HDD in place and flip it over, wow! The 160gb WD drive decided that the controller card on the bottom of the drive was better served as charcoal.

Whatever happened it blew a couple chips completely off, removed some solder as well it appears.

Im not sure if it was the PSU or a random spike that ONLY affected the drive (I left my rack on which I dont like to do), either way my IPCOP install which had a large block list in place and automagically blocked port scanning IPs, pingers etc is lost.

Note to self, this time dump a copy of your configured Firewall after you get it built dufus!

Gotta say that the IPCOP dropped my throughput by about 500kb/s but I didnt have to worry about anyone getting in (tested it with a few folks doing port scans etc. It appeared to be a blackhole), now I get to look at a rebuild on HOPEFULLY a good system...

Firewall specs:
2x P3 800 @ 1.1ghz
2gb PC100 ECC @ stock
no HDD obviously
2u rackmount case


Im still working on pushing ad blocking back to the Firewall and off of the browser, the new job is preventing testing of this though.

Anyone using any IPCop addons that they would recommend?
 

Ben333

Folding for Team 32!
Joined
Feb 18, 2007
Just curious why a dual pentium III system was used, is IPcop SMP?
 

madhatter256

Special Member
Joined
Jul 5, 2008
Location
CFL
Wouldn't a slower P3 (celeron) or cheap single core atom board be enough??

Plus with the newer boards you might be able to use USB drives...
 

Rider200

Member
Joined
Jun 3, 2008
Location
Arizona
Hi Adragontattoo,

Here is something I have done in the past -

With two of the same make/model drives and one smokes to get the data off the bad drive I have taken the PCB off of a good drive and put it on the bad drive. This will allow you to get your data, make an image, or back it up.

MHO...
 
OP
Adragontattoo

Adragontattoo

Trailer Chasing Senior
Ok to start with the first reply and go from there.

IPCop is SMP capable(Linux aquarium.localdomain 2.4.36-smp #1 SMP Tue Jul 22 13:07:25 GMT 2008 i686 pentium3 i386 GNU/Linux).

I run it with dual P3's because Snort is constantly running, along with a few other addons (once I remember how to install them and which ones I was using). With the Addons and Snort running it is averaging about a 30+% load constantly due to it actively blocking and doing its job beyond simple DHCP, I have had CISSP certified folks pound on it for a few and they knew SOMETHING was there but they werent getting enough info to make a go at figuring out what it was.


The firewall was originally for testing a few ideas that were being kicked around at an old job, after leaving there, it stayed in place an active with zero issues.

I know about swapping the PCBs on drives from the old Quantum Fireball days. I tried it on this system and had zero luck recovering that drive.