Installing Alpine Linux on a Barracuda NG Firewall F100 and exploring its hardware

view of the Barracuda NG Firewall F100

A bit of backstory

I bought this firewall for 150CZK since it seemed like an interesting piece of hardware. Unlike most network equipment it's built on 32-bit x86 architecture. That means it can run any standard OS that's compatible with its architecture. Unfortunately, installing an OS was a bit harder than initially thought. There isn't a whole lot of information available about this firewall which is the reason I'm writing this post.

The hardware

The hardware of this firewall is definitely the most interesting thing about it so let me give it an introduction

At the heart of this system is a 32-bit ultra-low voltage Eden 500 CPU from VIA. Its power is roughly the equivalent of a legacy Pentium CPU but that doesn't hurt since firewalls don't need much computing power. What is important about this CPU is its minuscule TDP of 1W which is achieved by running the CPU at just 0.684 V. To put this into perspective, most modern desktop CPUs are running at almost twice this voltage. This reduces the power consumption and allows the firewall to be cooled passively which is of a large benefit.

In terms of networking capabilities, this firewall has four 100M network interfaces that use the RTL8100C chipset from Realtek. This many network interfaces allows user plenty of options for network configurations such as sing them for different VLANs and subnets, or (if you’re crazy enough) bonding them together in modes such as round robin.

Barracuda NG Firewall F100 connected to a networking switch and a PC over serial

As is common with other networking equipment, the primary means of direct communication with the firewall (especially when setting it up) is a serial port that is located next to the LAN ports. Unfortunately, it’s of the male variety so a cross-over cable is needed for communication with a computer. Externally, the firewall has 2 USB 1.1 ports which will come in for installing an OS. As for internal IO, this firewall has a compact flash connector, 2 SATA ports, a serial header, a VGA header, a PCI edge connector, with a riser connected to it, and a MiniPCI slot.

look on the inside of the Barracuda NG Firewall F100

Installing Alpine Linux

Now that you know what fun bits are hiding inside of this firewall it's time to share my experience of installing an OS on it as it hasn’t been supported by Barracuda for over 10 years and I’m not a fan of their subscription-based model.

At first, I tried installing a 32-bit version of Arch Linux as it’s what I use daily, but there were a couple of issues that made my efforts unsuccessful. I wasn't able to get a picture from the internal VGA header that’s connected to the GPU located in the chipset, presumably because it doesn’t have driver support in the Linux kernel. Next, I tried to install it over the serial port, but even though I was eventually able to get into GRUB, I couldn’t get to the shell.

At this point I gave up on the whole Arch Linux installation and started looking for another light-weight distro with good 32-bit support. That’s when I discovered Alpine Linux and things started cooking. This Linux distribution has support for many different CPU architectures, is fairly up-to-date, light-weight, and has excellent documentation comparable to Arch Linux. But as you might guess by now, there’s no way to install it using the standard ISO image provided on their website. That means I had to get a little creative and modify their ISO so that I'd be able to use it for installation over the serial port of this firewall. I’ll describe this process as a tutorial as I’m fairly certain I’ll visit this post to read it at least once and maybe even others will find it useful if they ever get their hands on this firewall.

We’ll need to mount the image to a directory as root using the mount -o loop <iso file> <directory> command. Now we’ll copy over the files from this directory to a new directory to edit them as they can’t be edited directly on the ISO. After the files are copied over to the new directory you can unmount the ISO using umount <directory> command. The only file that needs to be edited is syslinux.cfg that is located in the boot/sylinux directory in our new directory. You’ll need to add the line SERIAL 0 19200 to the top of this file and append console=ttyS0,19200 to the line of boot arguments which start with the word APPEND. This will enable console output on the first serial port labeled as Console on the firewall at the baudrate of 19200. Here’s how the file looks after the modifications described above in my case. 


SERIAL 0 19200
TIMEOUT 20
PROMPT 1
DEFAULT lts

LABEL lts
MENU LABEL Linux lts
KERNEL /boot/vmlinuz-lts
INITRD /boot/initramfs-lts
FDTDIR /boot/dtbs-lts
APPEND modules=loop,squashfs,sd-mod,usb-storage quiet console=ttyS0,19200

Now that we have modified the syslinux.cfg file so that we can install Alpine Linux over serial, we need to create a bootable ISO file from the files that we previously copied over from the original ISO file with xorriso by running this command in the root directory of those files which will create bootable ISO called alpine-i568-serial.iso in its parent directory. 


xorrisofs \
	-quiet \
	-output ../alpine-i568-serial.iso \
	-full-iso9660-filenames \
	-joliet \
	-rational-rock \
	-sysid LINUX \
	-volid "alpine-serial 3.14.2 i586" \
	-isohybrid-mbr boot/syslinux/isohdpfx.bin \
	-eltorito-boot boot/syslinux/isolinux.bin \
	-eltorito-catalog boot/syslinux/boot.cat \
	-no-emul-boot \
	-boot-load-size 4 \
	-boot-info-table \
	-follow-links \
	.

Now that you’ve created a modified bootable ISO copy it to your USB flash drive (from my testing only 8GB or smaller ones work) with dd, or other tool of your choice, and test it. To connect to the serial console I’ve used a female DB9 cross-over cable, cheap serial to USB adapter and minicom on the software side as it’s VT102 compatible. After installation edit /etc/inittab and /etc/securrety according to the Apline Linux wiki.