Wednesday, March 7, 2012

How To Virtualize a Barracuda Spam & Virus Firewall

We just got a brand new 200 series because we have too many users for the 100, and there is no 200Vx, only a 100Vx or a 300Vx with the 200Vx oddly left out of the lineup.  I decided to try and virtualize it just to see if i could.  The answer is yes!  It's pretty easy to virtualize the device for vmware without having to open the case.  You can also use these steps to make a backup (clone) image of the hard drive in case it fails.  Then you could use the image to restore your barracuda to a replacement hard drive

My barracuda does not have the tulip network driver so I was unable to get it working in Hyper-V, but VMware workstation worked great for me.  Some other posts talk about IDE hard drives, USB cd boot in bios, which my device does not support.  I may have a newer revision which is an atom D525 in what looks like a rebranded supermicro 1u chassis and a 250gb Seagate Barracuda hard drive (har har).

I don't recommend it but if you are looking to play around you can unlock many of the features from the higher end models fairly easily.  Look at the last few steps of the post to learn more about how to do that, just note that it requires you to have root access to the machine.

Power it up:

  1. Press p at the bootloader pictured above
  2. The grub bootloader password is bimg
  3. Press e on barracuda
  4. Press e on the second line, scroll to the end, and add init=/bin/bash
  5. Once you get a command prompt, mount –o remount,rw /
  6. Remove the root password in /etc/shadow (I copied shadow to shadow.bak so I could put the box back to factory if i ever needed)
  7. Reboot
  8. Press p at the barracuda boot splash screen (this is a grub boot loader)
  9. Press e on barracuda
  10. Press e on the second line, scroll to the end, and add the word single after the word quiet
  11. Press b for boot
  12. Log in as root (this is why we removed the root pw)
  13. Connect a usb drive that is the same size or larger than your barracuda, mine has a 250gb sata disk (I formatted my external /dev/sdb1 as ext3)
  14. mkdir /mnt/usb
  15. mount /dev/sdb1 /mnt/usb
  16. dd if=/dev/sda of=/mnt/usb/barracuda.img
  17. Now you have a backup image on your USB hard drive. I connected it to another linux server, copied it to my windows server and used starwind v2v to convert the raw image to an expanding virtual machine image. 
  18. If you convert it to a VMWare Virtual Machine it will work just fine, boot it up
  19. Edit the boot loader and add init=/bin/bash to the end of the entry
  20. Once you have a prompt mount the partition read/write: mount -t remount, rw /
  21. Edit /etc/fstab and change all of the sda[x] entries to be hda
  22. Edit /boot/grub/menu.lst and change the sda entries to hda.
  23. Optional: remove the bootloader password in /boot/grub/menu.lst
  24. Optional: allow yourself to SSH to it: iptables -I INPUT -p tcp --dport 22 -s 192.168.0.0/16 -j ACCEPT
    1. To make this persistent add an entry in /etc/sysconfig/iptables
  25. Optional: to SSH in to it you will need a root password, so log in to the box as root and set one
  26. Optional: If you want to add some features that are in the higher end models this post tells you what files to create to unlock them:  http://blog.shiraj.com/index.php/2009/09/barracuda-spam-firewall-root-password/
  27. Optional: If you want to unlock even more than you can find in that post you will need to do a little work.  Look for the file Features_table.pm on the filesystem, and create a blank file in /etc/barracuda/features for each feature you want to enable. Beware, many of the features are meant for higher end models so some features may not work or may have unexpected behaviors.

16 comments:

  1. Great post. Thanks for the help with my SF400 unit!

    ReplyDelete
  2. I'm sorry but I have to comment about Barracuda.....

    They are a TOTAL SCAM of a business. They do a great job of blocking spam, don't get me wrong, but that's only half of the story. So Barracuda Networks has a program where they sell you their hardware, it's a little 1u racked unit and you manage the administration of it through a little web interface. We purchased their 300 model for $2,000. You can only purchase the units from them and they have a "paper weight" policy where once it's activated it cannot be activated by anyone else. You'll see why they do that in a minute. Here is the start of the scam....

    Barracuda doesn't tell you what the actual specs are to the device you're buying, they advertise "features" such as: Supports up to 300 users, 50 domains, phone tech support, etc. What they don't tell you is that the $2,000 unit is actually a big piece of crap worth about $75, no joke. It has about a 10 year old ATX motherboard that is worth about ten bucks, a single 40gb IDE hard drive despite the motherboard actually having a SATA port, one stick of 512mb of ram while leaving the second memory slot free, and a very low wattage power supply. Oh and their is no raid whatsoever, so when your one hard drive dies, you are out of luck. It is a total joke to sell a piece of crap like that for $2,000.

    Their next model up (model 400) doubles the size of everything the 300 model has but they do it in a way that sounds like you're getting a lot. The 400 model sells for about $3900 and only difference is it comes with an 80gb IDE hard drive. I kid you not people. And then to make the scam complete, they send you firmware updates about twice a month and each update they send you makes the unit go slower and slower and slower until it finally won't even respond. Think I'm kidding? We couldn't even log into our unit anymore without pulling the power cord and plugging it back in, and even then we only had about 5 minutes to do what we needed to until it locked up again. It would still deliver email, but we couldn't get into the web GUI to administer it after about 5 minutes.

    These jokers at Barracuda even then have the nerve to offer an Instant Replacement program (IR) for $400 a year to make sure you always get a replacement if and when it goes out. We finally had enough and so we asked them if we could switch to a virtual unit or run the software ourselves. They didn't allow that for obvious reasons (it would mess with their master scam). Well now most competitors of theirs offer virtual devices, and are probably what most customers prefer because they can use their own hardware and be up and running right away. So finally Barracuda decided to offer a virtual appliance for it's customers. I'm sure their greedy / cheating executives had several meetings about how they were going to do this because it interfered with their master scam. This is what they came up with: Barracuda offers a virtual appliance but you have to pay $1500 a year for the subscription instead of the regular $699 that you pay when you have a hardware unit. Yes I'm dead serious. They try to claim that it's a different "solution" but that is total crap, it's the same exact thing. It is a TOTAL SCAM.

    Barracuda has really sunk to the lowest of low and they do it right in broad daylight. I've filed a notice to the US attorney general's office and the state attorney general's office of Texas and I hope you do the same.

    ReplyDelete
    Replies
    1. They don't even offer a virtual Spam 200, and I agree that their pricing model for a virtual is crazy. It's more expensive to have a virtual machine than a physical box? I don't think so.

      Our 200 came with a 250gb sata HDD in a rebadged Supermicro 1U Atom D525 with 1GB of memory.

      Also, like you said the web interface is crazy slow, it's ridiculous.

      The only thing the barracuda does well is filter spam once you get it to work (and work around the bugs in the interface). And pray you never need to go back in to it and search the message log or change something.

      Delete
    2. AGREED! These idiots have knocked my box out of production 4 times out of the last 5 support calls. They don't know what they're doing! I even had this twat who worked there accuse me of not buying my energizer update the day I applied it and I had the reciept. I've never lost my temper with a woman on the phone before that day. Moron... Anyway, these idiots have created a giant botnet of worthless appliances that allows them to dictate mail flow on the internet. They have an active hidden white/blacklist of spam that their engineers use (energizer updates) that is developed with your appliance's processor. So, I have to pay annually for a whitelist that I'm actively developing with my internet and electricity? How is that even legal? You should be allowed to bow out of a support subscription, but not a subscription that makes your appliance function. I hate this company.

      Delete
  3. Very good information, Thanks!

    When I did mine, I got a kernel panic error. Are you running your VM on Intel or AMD? I'm on ESXi 5 on a Xeon processor (Dell T110).

    The newer Barracuda's are coming with Seagate ES drives and either MSI or Asus motherboards. The older stuff was total crap.

    ReplyDelete
    Replies
    1. OK, got it working. The image I first used was from a SATA drive, which didn't work. I then imaged an IDE drive and it booted (I have a few of these). Next, I had to log in as root and edit /etc/modules.conf and change "via-rhino" to "e1000", saved it and checked it with "modprobe e1000" to verify the nic was up. After that, I rebooted and configured the nic using the admin/admin login. This was done on the T110 which is a Xeon processor. I figured it should work as the 600 and above are Xeon's.

      Excellent tutorial/writeup again! Thanks!

      Delete
  4. This comment has been removed by a blog administrator.

    ReplyDelete
  5. This comment has been removed by a blog administrator.

    ReplyDelete
  6. This comment has been removed by the author.

    ReplyDelete
  7. I press "p" at the boot loader pictured above and nothing happens. Any thoughts?

    ReplyDelete
  8. Same issue here. I can edit and use the username and password and it appears I get to GRUB>, but I dont know how to enter single user mode from there.

    ReplyDelete
  9. Did you do this procedure on a clone of an IDE barracuda or an SATA? I cloned a SATA version, moved over the drive IMG, converted it in starwind, tried this under both Hyper-X and VMWare but both get a Kernel Panic error at the exact same spot. (don't worry, I used the correct starwind output format)

    I am not a linux expert and I need help to figure this out.

    Here is what happens:
    Loading Barracuda...
    BIOS data check successful
    Uncompressing boot image... booting...
    mount: error 6 mounting reiserfs flags rw
    well, retrying w/o the option flags
    mount: error 6 mounting reiserfs
    well, retrying read-only without any flag
    mount: error 6 mounting reiserfs
    pivotroot: pivot_root(/sysroot,/sysroot/initrd) failed: 2
    umount /initrd/proc failed: 2
    kernel panic: no init found. Try passing init= option to kernel.

    ReplyDelete
    Replies
    1. Update: It re-imaged the barracuda (using Acronis true image). restored it to a one-piece, pre-allocated VMWARE image. Booted, and it still kernel panics in the exact same way. Has anyone successfully cloned and got an SATA version of the barracuda working under any virtual machine, Hyper V or VMWARE?

      Delete
  10. Nacho,
    Yes, I have in VMWare workstation 10 and 11. Make sure that you use the SATA controller after the v2v conversion that Andrew mentioned above. I also removed the virtual sound

    card and kept the hardware MAC address. It booted up and I was able to upgrade the firmware from v5 to v6, then to v7. I selected CentOS x64 as the OS, then attached to the

    converted VMDK. I dod not upgrade the disk format though, nor have I installed VMWare tools. I will be moving into my ESXi 6 infrastructure for further testing.

    I'm not a Linux guy, but I am seeing on the console screen:
    "Init Id "s1" respawning too fast: disabled for 5 minutes"
    Anyone know what that means?

    -el mono

    ReplyDelete
  11. Hi,

    Is anybody have an HDD image of a barracuda spam firewall 300? Mine is 6 years old and I can’t go higher than 5.1.
    If you have an image, contact me at nicomicro@gmail.com

    Thanks

    ReplyDelete
  12. I am in a very "funny" situation, My company bought one SF400 and we tried to restore it to default, Now the funny thing just coming, when the re-image started, it got a kernel panic, and now we cannot even use it. May anyone help me to restore the OS, because the support said, they cannot help, because it was not bought from them, and there is no support on it.

    Many thanks any help.

    ReplyDelete