I purchased a WatchGuard Firebox 1000 off eBay and started playing with it. Here are my findings.
| CPU | AMD K6/2 300 |
| RAM | 64MB laptop |
| Storage | 8MB flash |
| BIOS | Phoenix |
| Network | 3x 10/100 Ethernet |
| Console | RS232 9600N81 |
| Expantion | 1x 32bit PCI |
The Firebox 1000 appears to be built around a standard x86 chipset onto a custom motherboard. There is an AMD K6/2 processor and 64MB of laptop memory. There is an on-board flash chip providing 8MB of storage. Network comes in the form of 3 on board 10/100 ethernet ports. There is on onbaord serial console. The board also has a single 32bit PCI slot, an IDE port for 2.5" drives and a PS/2 header. There also appears to be an IP/SEC hardware accelerator on-board. There is a front light display showing network links and system load. Rather irritatingly, it all comes in a 1.5U case
Some pictures of the firewall can be found here.
The Firefox appears to run a 2.0 series of the Linux kernel. It uses the Lilo boot loader but for some reason can also chain-load Grub. It appears to be running a heavily modified kernel.
This is possible. I have inserted a video card into the PCI slot and connected a PS2 port to the PS2 header on the motherboard. I have also connected up a CD-ROM drive using a 2.5" > 3.5" IDE converter. I have been able to boot a Debian Etch install CD. If memory serves me, I had to download a Debian Etch Live CD in order to have all the tools to access the local drive. I used dd to image the flash drive and copy it to a NFS server. There are four partitions. Partitions 1, 2 and 4 can all be mounted as loop back devices, once imanged off. Partition 3 proved more difficult. This was until Shish came to my resuce and figured out what was hiding in hda3. I'll let him tell it in his own words:
Technical details of the file structure:
file = lilo_header + exfl_header + [archives] + junk_data
lilo_header = "LILO" and a load of null bytes
exfl_header = nothing useful that I can see
archive = archive_header + gzipped_file + padding
archive_header = filename + gzipped_file_length + padding_size
gzipped_file = a simple file; once you have the bytes, gunzip accepts them
padding = whatever it takes to make the archive length a multiple of padding_size
junk_data = looks like the partition was used several times without being zeroed; there's an extra file hiding in here, which can be recovered by changing the extraction method from "correct" to "hacky"
Disk & partition images: ftp://ftp.bobsbasement.co.uk/watchguard/hdd_images
Python script for extracting hda3: ftp://ftp.bobsbasement.co.uk/watchguard/scripts/wfextract.py
Files exacted from hda3: ftp://ftp.bobsbasement.co.uk/watchguard/file_images
Files exacted from hda, mounted: ftp://ftp.bobsbasement.co.uk/watchguard/file_images_mounted
Mystery file on hda3: ftp://ftp.bobsbasement.co.uk/watchguard/misc/unknown.dat
I imagine there are a few ways to install Linux on the Firebox. The only method I have tried is installing Linux on a Disk-on-Chip flash drive and plugging it into the 2.5" 44-pin IDE socket on the Firebox's motherboard. This obviouly requires another machine to do the install on. I used a Lex board, which has a 2.5" 44-pin IDE socket and a 3.5" 40-pin IDE socket. I guess it may be possible to install Linux to the Firebox's internal flash by connecting a CDROM to the 2.5" 44-pin IDE connector, however, the internal flash is only 8MB and I have not tried this. It may also be possible to use a PCI network card and PXE boot to install Linux on the Firebox, however, you require a VGA video card as well, so you would need to use a PCI splitter. Again, I have not tried this.
I purchase a 1GB 2.5" 44-pin IDE Disk-on-Chip flash drive from www.linitx.com. I used a Lex board to build the disk as it has an on-board socket for it, however, using a gender changing and a 2.5" to 3.5" IDE converter, you could build it in any old computer. I simply did a standard Debian 4.0 Etch minimal install on the drive.
Once the disk has been built, we need to make a few changes. Firstly, make sure that your grub.conf and fstab files have the correct devices for the disk. The firebox sees the disk as /dev/hda (make sure that the disk is set to master), as the port on my Lex board is /dev/hdc, I had to change grub.conf and fstab before inserting the disk into the Firebox. At this point you can also setup a serial console or this can be done later.
The next step is to shutdown and install the disk in the Firebox. Plug the disk into the Firebox and ensure that it is set to master. This will override the onboard flash, so you can simply pull the disk out and boot the Firebox OS, if you wish. Next we need to change the BIOS settings on the Firebox as the drive geometry is hard set for the internal flash. Boot the Firebox up with a keyboard and monitor attached and press F2 to enter the BIOS. Go into the drive settings and change the drive from manual to auto. Save the settings and exit and with a bit of luck, you should get the Grub boot loader. With a bit more luck, it should boot to Linux. You can now login and setup networking. For some strange reason, the three network ports are eth1, eth2 and eth3. Configure the networking, plug in and you should have a working device.