One Bad Pixel
It's Pixelicious!
«
»

Repurposing the Barracuda BSF-300a Spam Firewall

In my lab, I have a Barracuda Spam Firewall, model BSF-300a. I wanted to see how well it could be repurposed, since it is just a 1U rackmount server with Barracuda’s proprietary software on it. Since Barracuda has a very strict policy prohibiting gray-market appliances, once they have reached the end of their time for the original purchaser, they don’t have any usable life left as a spam firewall, but this is a good thing for those of us that are always in search of decent 1U servers for projects. They are plentiful on eBay and quite cheap. While I was installing Ubuntu server 12.04 LTS on it, I found a couple things that I wanted to both share and document in the event I ever need to rebuild it.

First, a note about the models. There is the BSF-300, and the newer BSF-300a. The former has an older AGP board with IDE drives, whereas the latter uses a 2.8GHz 64bit CPU with DDR3 memory, PCI-e motherboard (and a useable expansion slot in the chassis, with a little creative riser crafting) and SATA ports. You would have some similar success using the original BSF-300, but the BSF-300a is the one you want for modern uses. I am unsure what the hardware specs on the higher models is, such as the BSF-400, BSF-600, etc. I am sure the process is similar.

Next, they have a BIOS password. This can be an issue if you are trying to boot another device (such as a CDROM or thumb drive) in order to install a different OS. I am not entirely sure if the password is baked into the firmware, since I forgot to try the clear CMOS method of removing the password first. If this is the case, I recommend flashing the BIOS to the latest version for the motherboard in your Barracuda after gaining access to it, otherwise if the CMOS is cleared, you would have to remember the password again. The BIOS password is relatively well known, so a little googling should get you the answer. If you can’t figure this out, you will be hard-pressed to have much success here, since the BIOS is not a removable chip, there is no way to hot-flash it (This is how I repurposed the Infoblox 200, 500, and 1000 units, since the password was not floating around on the interwebs.)

The most interesting thing I found was their use of the parallel port for controlling the 3 LEDs on the system. They have a total of 5 LEDs, red, yellow, and green tied to the parallel port pins, and the standard HDD and PWR LEDs controlled by the motherboard. Since I was repurposing the hardware, I thought how great it would be if I could use those 3 LEDs for my own monitoring. I wasn’t familiar with programming for the parallel port, so I set off on a mission to teach myself how to do this. After a couple hours, I ended up with a cute little 13k binary that happily controls the state of the LEDs. Here is the C code to make the application to control the LEDs from Ubuntu linux. I am sure this applies to most linux systems, and probably applies to all the Barracuda devices.

Disclaimer: I am not a C programmer. If someone out there knows better ways to handle strings for arguments, please rewrite this and let me know. I just know this works. It is also hard-coded to LTP0 (0x378) and doesn’t have any way via command line to change it (I started to write a setport function to do this, but didn’t care to debug it).


#ppled.c - Parallel Port LED control, by Jim Barstow
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <sys/io.h>

#define base 0x378   //LPT0
#define redbit 6
#define yellowbit 7
#define greenbit 8
#define check_bit(var,pos) ((var) & (1<<(pos-1)))
#define set_bit(var,pos) ((var) |= (1<<(pos-1)))
#define clear_bit(var,pos) ((var) &= ~(1<<(pos-1)))
#define toggle_bit(var,pos) ((var) ^= (1<<(pos-1)))
int pval = 0;

//to compile:  gcc -O ppled.c -o ppled
//after compiling, set suid:  chmod +s ppled   then, copy to /usr/sbin/

void usage(void) {
  printf("Usage:\n");
  printf(" -r<1|0> = Enable/Disable Red LED\n");
  printf(" -y<1|0> = Enable/Disable Yellow LED\n");
  printf(" -g<1|0> = Enable/Disable Green LED\n");
  printf(" -s      = Show Current LED status\n");
  printf(" -t      = LED Test Mode\n");
  exit (8);
}

void showbits(unsigned int x) {
  int i;
  for (i=7; i>=0; i--)
    (x&(1< 1) && (argv[1][0] == '-')) {
    switch (argv[1][1]) {
      case 'v':
        sscanf(&argv[1][2],"%d",&pval);
        if((1*pval) > 255 || (1*pval) < 0)
          fprintf(stderr,"Invalid value %d\n",pval), exit(1);
        printf("Setting pin value 255 (all high)\n");
        setportval(255);
        printf("Setting pin value %d\n",pval);
        setportval(pval);
        break;
      case 'r':
        if((argv[1][2] != '0') && (argv[1][2] != '1'))
          fprintf(stderr,"Invalid value for %s (%d)\n",&argv[1][1],argv[1][2]), exit(1);
        pval = getportval();
        if(argv[1][2] == '1') //turn on
          printf("Turn on RED\n"), clear_bit(pval,redbit);
        else //turn off
          printf("Turn off RED\n"), set_bit(pval,redbit);
        setportval(pval);
        break;
      case 'y':
        if((argv[1][2] != '0') && (argv[1][2] != '1'))
          fprintf(stderr,"Invalid value for %s (%d)\n",&argv[1][1],argv[1][2]), exit(1);
        pval = getportval();
        if(argv[1][2] == '1') //turn on
          printf("Turn on YELLOW\n"), clear_bit(pval,yellowbit);
        else //turn off
          printf("Turn off YELLOW\n"), set_bit(pval,yellowbit);
        setportval(pval);
        break;
      case 'g':
        if((argv[1][2] != '0') && (argv[1][2] != '1'))
          fprintf(stderr,"Invalid value for %s (%d)\n",&argv[1][1],argv[1][2]), exit(1);
        pval = getportval();
        if(argv[1][2] == '1') //turn on
          printf("Turn on GREEN\n"), clear_bit(pval,greenbit);
        else //turn off
          printf("Turn off GREEN\n"), set_bit(pval,greenbit);
        setportval(pval);
        break;
      case 's':
        pval = getportval();
        printf("Red: %s\n",(check_bit(pval,redbit))?"off":"on");
        printf("Yellow: %s\n",(check_bit(pval,yellowbit))?"off":"on");
        printf("Green: %s\n",(check_bit(pval,greenbit))?"off":"on");
        break;
      case 't':
        led_test();
        break;
      default:
        printf("Invalid argument: %s\n", argv[1]);
        usage();
      }
    ++argv;
    --argc;
  }
  return (0);
}

int openport(void) {
  if(ioperm(base,1,1))
    fprintf(stderr,"Couldn't open port %d\n",base), exit(1);
  return(0);
}

int setportval(int pinval) {
  openport();
  outb(pinval,base);
  return(0);
}

int getportval() {
  openport();
  return (inb(base));
}
int led_test(void) {
  openport();
  printf("Starting LED Test\n");

  int startval = getportval();
  fprintf(stderr,"Initial state is %d\n",startval);
  sleep(1);

  printf("Setting all leds off\n");
  setportval(224);
  sleep(1);
  printf("Setting red led on\n");
  setportval(192);
  sleep(1);
  printf("Setting yellow led on\n");
  setportval(160);
  sleep(1);
  printf("Setting green led on\n");
  setportval(96);
  sleep(1);
  printf("Setting red+yellow led on\n");
  setportval(128);
  sleep(1);
  printf("Setting red+green led on\n");
  setportval(64);
  sleep(1);
  printf("Setting yellow+green led on\n");
  setportval(32);
  sleep(1);
  printf("Setting all leds on\n");
  setportval(0);
  sleep(1);
  printf("Setting all leds off\n");
  setportval(224);
  sleep(1);
  fprintf(stderr,"Setting all leds back to previous state\n");
  setportval(startval);
  return (0);
}



After creating ppled.c, compile it with "gcc -O ppled.c -o ppled", then setuid on ppled with "chmod +s ppled" and move it to /usr/sbin.
Now, we can control the state of the LEDs using the command-line tool. The pin states are controlled by sending an 8-bit integer to the parallel port. When the pins are high, the LED is off. The Red is bit 6, Yellow is bit 7, and Green is bit 8. The code collects the current bit-value of the appropriate bit and does the math to turn it on or off accordingly. If you wanted to turn on Red and Green, and turn off Yellow, you would run "ppled -r1 -g1 -y0", they can be supplied in any order, and you can omit them if you don't want to change the current state of a specific LED.

 

7 Responses for “Repurposing the Barracuda BSF-300a Spam Firewall”

  1. Clay Jorgensen Says:

    hi – that bit of diy programming is pretty impressive! i have a quick question about your comment on the infoblox mod… i am hoping to hear hot flashing the bios isnt the only way to repurpose an infoblox 550a as a pfsense firewall. and if it is might you be able to point me to a resource to learn how to do it? i just ordered two of them!

    thx much!

  2. Jim Says:

    Unfortunately, Infoblox has the bios locked down pretty tight. They have booting from other devices disabled, a password baked in, and lots of other annoyances. I had an S5102 motherboard (which was the same as in the IB devices I had) which had normal bios, so I booted that board, pulled the bios chip while it was running, put in the IB bios, and flashed it using the normal flashing method.

    I have not checked if this is the same with newer IB devices that have a different motherboard.

    You can get the Tyan chips already flashed on eBay (search for s5102 bios chip) if you dont know how to do it.

  3. Jim Says:

    also, I would be willing to flash your chips for the cost of mailing them (about 5 bucks or less). If you dont have the Tyan S5102, I would have to investigate on my systems first (I have a couple of the newer ones)

  4. Clay Jorgensen Says:

    thanks for the info! i think this now must become one my little IT ed projects. i was also looking at the usb chip programmer tools… but wanted to see if there was a way to do it for free though so i will try your method. i see several people selling various networking appliances repurposed for pfsense, kind of wonder if there might be a little hobby money there. probably would need a source other than ebay to be profitable. the board in the ones i bought is a supermicro PDSMi-LN4+. it is a plcc32 chip. i do have numerous other supermicro server boards, one of those is bound to be compatible. again, thanks for the tips and the offer to help. i will let you know how it goes.

  5. BCheap Says:

    I managed to flash the bios on the Supermicro version of the Infoblox 1050a by installing Freedos and copy of the Supermicro BIOS and Phlash to a SATA harddrive using a different machine and then replacing the Infoblox boot disk with the Freedos drive. I lifted the front edge of the motherboard up on top of the chassis so I could install a PCI video card to see what was going on.

    If you don’t mind the loud fans you can just install pfsense or other OS on a SATA drive using a different machine and then swap it into the Infoblox, but I couldn’t work with the screaming default fan settings. The standard bios has a much quieter “workstation” setting.

    I bricked one of these by not cooling the CPU while flashing and was able to do the chip swap on a working one to recover it, so I can verify that works also.

  6. Jim Says:

    Yeah, I did this on one of the older IB-1000s, now I have a flat fan I put on top of the CPU while I have the MB out. Good to know that works, I suspected it would, just never tried it. Aren’t the 1050A models 64-bit CPUs? That would be nice upgrade from the IB-1000 which has a 32-bit CPU.

  7. BCheap Says:

    The 1050a models I have worked with have 3Ghz Pentium 4 D (dual core 64bit) processors, 2 G Ram.

Leave a comment!