How to repair a D-Link DFL-200 Firewall
The problem:
Background:
For me it all started when I, by misstake, flashed my DFL-200 box with a DFL-700 firmware update I had.No errors or warnings during the update-procedure.. but It have not been able to start up since then.
After several mails and call to D-Link Support I decided to try to fix the problem my self - as all they could come up with was to send everything in for replacement.
I searched the net for a few days - and didn't find anything useful in this matter, so I started a new thread at dslreports.com.
My thread at dlsreports.com
The DFL-200 unit:
Hardware:
It's a quite simple firewall targeted for the Home/Small Business market.It has 1 100Mbps WAN-port, 4 100Mbps LAN-ports and 1 100MBps DMZ-port.
It's configurable by a webinterface, but also trough a Serial Console (DB9).
Processor: Intel IXP422 Network Processor.
Most of the software and configuration is placed on an internal 16MB CompactFlash-card (CF). It's located in a socket so it can easily be unplugged and read from a card-reader on any other machine.
Software:
The firewall software in the DFL-200 is based on code from Clavister.The inside:
The unit is opened up by removing two screvs in the bottom.Gently lift the rear top-cover a few centimeters so it's in the same hight as the sides. Then slide the top-cover forward and it will come off.
Click here to view a larger image.
Copy of the 16MB CF-card:
I think that this is an exact copy of the whole card - but I'm not sure that I get everything right when I mount it under linux.
This is the files that exists on the card.
... I'm no longer sure on how the CF-card is partitioned and formatted as I don't have a working original anymore, and I may have fucked it up while trying to write other versions to the card.
If you have the possibility read your card and give me some more information about this it would be most appriciated.
But. I know that the card has 1 primary partition (/dev/hda1), and it's readable in Windows as well - so it's some kind of FAT-partition.
The Partition-table and MBR may be a little odd - as it's not recognized by linux fdisk.
Status as of November 2006:
I have not managed to get my DLF-200 to work with this image.It looks like a upgrade of the unit also puts some code in some internal flash-memory, so even if I start up in CLI-mode without the CF-card I get a wrong CLI-menu.
However I do now believe that it is possible to use TFTP to get a remote image and write that in memory.. But I have no idea on how to do this.
Update 2008-03-23:
I managed to replace my failing DFL-200 unit with a new from D-link as my fist contact with them regarding this issue was during warranty.I have also received information - and questions from other having similiar problems, booth with the 200 and 700 unit.
I received a full Recovery-description from Scott Thomas from Australia. As I managed to get my unit replaced - I have not tested it. But it looks to contain the info I was looking for back then. - Thanks a lot! I hope it can help someone else.
Scott Thomas - Dfl-200 Recovery manual and images
Angelo Amoruso, has a different kind of problem with a DFL-700 unit.
DFL-700 seems to have a SolidState-disk instead of the CF-memory-card.
That makes the debugging and restoring of the card more difficult.
Or is it just a standard IDE interface - so it could plug directly into the IDE-connector on a PC motherboard?
Click here to view a more complete image of the inside of a DFL-700 unit.
Any help with the following issue is greatly appriciated - and I will forward the info to Angelo.
D-Link DFL-700 1.00.00V Copyright Clavister 1996-2003. All rights reserved SSH IPSEC Express SSHIPM version 5.1.1 library 5.1.1 Copyright 1997-2003 SSH Communications Security Corp. Build : Jan 14 2004 Reading previous random state from efwrand.bin... OK CFG ERROR: file "FWCore.cfg" not found ! Re-trying current configuration file in safe mode... CFG ERROR: file "FWCore.cfg" not found ! Trying backup configuration file... Configuring from FWCore_O.cfg CFG Error: failed to attach interface dmz CFG ERROR (S1385) line 53 section 'IFACES' - Could not attach one or more interfaces
For futher contact. Write to me (johanelmis) at dslreports.com or write an email to johan@elmerfjord.com