What you'll need: hardware: Intel SE440BX-2 motherboard 2 - 4 Intel 82557/82558/82559 Intel NICs (Dime a dozen) Cisco 16MB PIX Flash card (most expensive bit and the hardest to source; it's a regular ISA card that can be bought from Cisco or resellers) Floppy drive Case/power supply 128MB PC100 SDRAM 350MHZ Processor w/ 512K cache (clock speed doesnt really matter, but watch out over 750 as the board may not support it) Serial->Console adaptor (for console access) (you might also want an AGP video card to start with, to make sure the bios doesnt have any whacky settings - but be warned, the pix WONT boot with a video card inserted. software: Pix OS (obtainable from CCO, or your nearest Cisco warez monkey) Pix Boothelper (Ditto) The Howto: First thing to do is to create the boothelper floppy disk. Get the bh61.bin files (thanks monkeysand use rawrite.exe / ntrw.exe / fdimage.exe on Windows or dd on Unix or workalike to create the bootdisk. Sample command lines: Using dd (on Unix or workalike): dd if=bh61.bin of=/dev/fd0a (/dev/fd0 on Linux) Using ntrw.exe (on Windows): ntrw bh61.bin A: Then get all the pix bits and connect them up like you would any other system, making sure the floppy is connected, the ram and processor are seated well, and the power is all hooked up. To start with, I just put the system into a regular case, just until Ii was comfortable that it worked etc. (down the track, make the move over to a rackmount case, because rackmount cases get you chicks). Plug your video card in, and boot it up into the BIOS. Set it to boot from floppy and to NOT halt on any errors (lack of kb etc) and then shut the beast down. Attach the console adaptor to com1 and plug your console cable into your management machine and fire up a terminal emulator program (I just used HyperTerminal under Windows or minicom from Unix, but any will do). The settings need to be 9600 8-N-1. Remove the video card and boot the mofo up. It'll beep at you, letting you know it doesn't have a keyboard or video card, but it will continue to boot (if you followed the instructions). It should boot from the floppy disk, and then your terminal app will start spewing out the Pix boot information. It has ended when you have the following prompt: pixboothelper> Now you need to get the fully-fledged Pix OS onto the flash card.. and now that the image is bigger than a floppy disk, the only way to do this is over TFTP. Cisco provide a tftp server (which I use), but other options exist, including Pumpkin (by Kin) or the regular tftp built into most Unix and workalike operating systems. Dump your pix622.bin file (or similar; the version number may be different) into the root directory of the tftp server. Almost there. Back on the pix, you now need to configure the inside interface to connect to the server - by default the inside interface is the 2nd one along. (I'm assuming you all know how to wire up a network, so i'll skip that). Use the following commands: address ip-address (ie "address", followed by the IP address of the inside interface (same subnet as tftp server) server tftp-ip-address (ie "server", followed up the IP address of the tftp server) file pix-os-filename (ie "file", follwed by the Pix OS filename (eg pix622.bin)) then type: tftp and hit enter to begin the transfer. Now you have the Pix OS software on the firewall. You can begin configuring the interfaces as usual, and you're away. Cisco.com is filled with useful documentation, so knock yourself out. If I get sufficient requests I might document how I constructed the rackmount case, but I suspect the most interest to be focused on the actual guts of itSo here's a page with some pix pix. peace out 原文见:http://orbital.wiretapped.net/~pleb/routermonkey/原文的作者莫非也来过中国,或者在中国工作? Cisco 16MB PIX Flash card 在ebay上要650美元http://cgi.ebay.com/ws/eBayISAPI.dll?ViewI...item=5734820865 SE440BX-2主板比较难搞到. 据说PIX的源代码被人弄走了,希望不要FLASH卡就可以做就好了 谁给我组装一台防火墙,肯定付款,要求基于pc设备,可以用P4-3.0E等最好的PC元件,我们有小机箱,要求能够防止对网站的攻击、入侵,能够一定程度地抵御ddos攻击,但是不能影响网站的访问运行,我的QQ:76842750 tanghua@usacase.com 我在北京海淀区。
页:
[1]