m0n0wall 1.8.1 released

m0n0wall logo 100x100Manuel Kasper has announced the release of m0n0wall 1.8.1. This version is based on FreeBSD 8.4 and will thus give better support for newer hardware than m0n0wall 1.34.

Some of the change highlights are

  • add scheduler (“Croen”) service with many different job types (enable/disable interface or shaper rule, Wake on LAN, reboot, reconnect WAN, execute command etc.)
  • improved IPv6 support, including IPsec, DHCPv6-PD, RDNSS and DNSSL, and NDP info on the ARP diagnostic page
  • major overhaul of wireless LAN support. On some cards, it is now also possible to create multiple APs at the same time. To reflect this change, the wireless settings have moved to the Interfaces: assign page, where WLAN subinterfaces can be created much like for VLANs.
  • DNS forwarder: add option to log DNS queries, add aliases (CNAMEs) and MXs
  • Add AES-256, SHA-256/384/512 and additional DH group options to IPsec
  • Make rule moving and deletion on shaper rules page work like for firewall rules.
  • Initial support for USB modems
  • enable CPU hardware crypto support
  • automatically reassign available physical network interfaces if none of the assigned interfaces in the configuration can be found on the system (i.e. for a new installation, or when moving an existing config to new hardware)
  • the “embedded” image is gone; generic-pc-serial should now be used for PC Engines and Soekris boards
  • console speed for serial images is fixed to 9600 baud (no longer tries to use BIOS preset value)
  • introduction of an automated build system that allows one to build m0n0wall from scratch with almost no manual intervention on a standard FreeBSD 8.4 system
  • countless bug fixes and improvements in UI and system configuration code

Links: Website | Downloads | Change Log | Upgrade Instructions

About M0n0wall: M0n0wall is an embedded firewall distribution based on FreeBSD, and provides a small image which can be put on and run from CF cards, CD-Roms and hard disks. It also runs on a number of embedded platforms and virtual PCs.

 

M0n0wall 1.34 Released

Manuel Kasper has announced a maintenance version in the m0n0wall 1.3 branch: m0n0wall 1.34. This version includes CSRF-related fixes as well as a few other security-relevant updates.

There are no major functionality changes, but those who use the traffic shaper extensively may be interested in the fact that the rules can now finally be moved around just like on the firewall rules page.

M0n0wall website  |  Downloads and Changelog  |  Announcement

About M0n0BSD: M0n0wall is an embedded firewall distribution based on FreeBSD, and provides a small image which can be put on and run from CF cards, CD-Roms and hard disks. It also runs on a number of embedded platforms and virtual PCs.

FreeBSD news and links round-up – week 44

Welcome to the weekly (Free)BSD news round-up (week 44) where we have a mix of news snippets, links, howto’s and software/package updates for you all. These tid-bits are all very interesting and news worthy, yet too small to package as individual posts.

FreeBSD News

A FreeBSD Success Story

… Then, we switched the server to a new one, quad core, sixty gigabytes of ram and two terabytes of disk. This time, I chose FreeBSD because I knew that it would work greatly ! Linux could have worked too, maybe we could have more performance, but it would not be as easy to manage as our FreeBSD box… More

FreeBSD Ports

Bernhard Fröhlich joined the FreeBSD Ports Team in October.

Releases

1. FreeNAS 8.3 User Guide

The FreeNAS 8.3.0 Users Guide is available for download as EPUB, HTML and PDF.

2. M0n0wall 1.34b1 released

Manuel Kasper has announced Beta1 of M0n0wall 1.34.

“A maintenance version in the m0n0wall 1.3 branch has been released: 1.34b1 includes the CSRF-related fixes recently made to the beta branch, as well as a few others security-relevant things. Nothing is high priority, but once 1.34b1 has received some wider testing, it will be re-released as 1.34, and 1.33 users will be recommended to upgrade.”

Software/package updates

1. FreeBSD/Raspberry Pi

Gonzo has mentions that he has moved his FreeBSD/Raspberry Pi project into FreeBSD Head / Current.

2 KNemo 0.7.4 receives major improvements for FreeBSD

KNemo is a tool that monitors the network traffic and provides a tray widget for every network interface, support for network statistics, and different icon themes.

Highlights of the release are:

• Bugs in the BSD backend has been fixed;
• Wrong traffic bug reported on FreeBSD has been repaired;
• Wrong encryption state for mixed WEP connections on FreeBSD has been fixed;
• Default gateway previously undetected on FreeBSD is now working properly;
• A monochrome icon theme has been added;
• Support for the legacy system tray icon has been removed;
• Embedded plotter code has been dropped in favor of libksignalplotter.

Websites / Social Media

As some of you may have seen already RootBSD has a new website. It looks very clean and slick and looks more ‘web 2.0′ than the previous version.

RootBSD was established with one goal in mind: to provide reliable, flexible, and supported BSD-based hosting services to professionals and businesses. Our extensive selection of FreeBSD, OpenBSD, and Linux hosting packages means there is a right package for almost everyone.

(Free)BSD Events

1. PfSense Weekend (Brazil)

There will be a classroom pfSense weekend in Porto Alegre (Brazil) from 14-16 December. More details on http://www.cursopfsense.com.br/

New FreeBSD Committers

In October 2012 the following people became new committers or were given enhanced FreeBSD update rights: Simon J. Gerraty (src), Erwin Lansing (src, ports) and Eitan Adler (src, ports, doc).

BSD / Unix Family News

OpenBSD 5.2 arrives with improved multi-core support.

The OpenBSD project has released version 5.2 of its free BSD-based UNIX-like operating system. According to its developers, the most important change in the new release is the switch from user-level to kernel-level threads. This allows programs with multiple threads to use multiple CPU cores. (via)

Embedded Monowall Installation (video)

This tutorial will guide you through copying the m0n0wall image to a compact flash card and the initial configuration of the m0n0wall on the ALIX embedded board. I will be using a VPN accelerator card since I will have about 10 IPsec tunnels actively running at one time. I would only recommend using the VPN accelerator card if you plan on maintaining several VPN tunnels at one time, otherwise it is overkill.


Available: m0n0wall 1.33

After eleven months of development, version 1.33 of the FreeBSD-based m0n0wall embedded firewall distribution has been released.

Manuel Kasper mentions that m0n0wall 1.33 includes several improvements over previous versions and will probably be the last version based on FreeBSD 6.4.

Some of the changes are:

  • a new image type “generic-pc-serial” has been added; the only difference to generic-pc is that it always uses the serial console
  • added Realtek customized network chip driver to support additional chipsets
  • updated ipfilter to 4.1.33
  • inbound NAT rules can now be added on the LAN interface with the WAN address as a target; this helps with accessing servers on an optional interface from the LAN interface by using m0n0wall’s WAN IP address

Links

Available: m0n0wall 1.33b2 & m0n0wall in 2011

Manual Caspar has announced the availability of the second beta of m0n0wall 1.33:

Another beta is ready – there is now a new image type called “generic-pc-serial”, which differs from generic-pc by always using the serial console (on COM1 at whatever speed the BIOS set it to). This should be useful for those who run m0n0wall on “headless” hardware that still has keyboard/VGA that confuses the auto-detection.

Also, hopefully the Realtek NIC driver issue has been fixed once and for all this time…

Manual has also emailed his plans for 2011. From feedback he’s had, most users are happy with m0n0wall, so if it’s not broken, don’t fix it. However, some improvements in the IPv6 support are planned and maybe a port with a FreeBSD 8.0 base:

I’d love to be able to tell you of many great things that are going to happen to m0n0wall in 2011, but unfortunately I can’t. There isn’t much development manpower behind m0n0wall at this time, so I invest my available time primarily in bugfixes. m0n0wall has reached a mature state, and it seems like some of its most faithul users prefer it that way (rather than a new version every other week that has a host of new features and also breaks a lot of existing ones ;).

That said, it is likely that there will be further IPv6 improvements, and we may also see a port to FreeBSD 8.x for better hardware support. Not new killer features, but simply continuing in the tradition of providing a stable and (relatively) lightweight firewall software image.

Download the beta version or have a look at the updated m0n0wall website.

pfSense development in 2011

Recently I contacted lead developers of different FreeBSD based projects and asked them about their development plans and ideas for 2011. Yesterday we looked at PC-BSD, let’s now see what the pfSense developers have in store.

As most of you will be aware, pfSense is a free, open source customised version of FreeBSD tailored for use as a firewall and router. In addition to being a powerful, flexible firewalling and routing platform, it includes a long list of related features and a package system allowing further expandability without adding bloat and potential security vulnerabilities to the base distribution.

The project started in 2004 as a fork of the m0n0wall project, but focused towards full PC installations rather than the embedded hardware focus of m0n0wall. (m0n0wall vs pfSense).

Chris Buechler emailed the following update for 2011:

“2011 looks to be the best year yet for the project. We’ll have 2.0 release candidate 1 out this month. Final release soon after though it’s hard to put a timeline on that.

After that, we’ll be adding IPv6 support this year for the 2.1 release. That may be the only major new feature or change in the 2.1 release, which we expect by the end of 2011 at latest and probably sooner. We’re speeding up our release cycles and adding far fewer
things on each release, so we’ll have major releases out much more frequently going forward (in addition to any needed maintenance releases). The 2.0 release brings major enhancements to virtually every single piece of the system, and hence has taken a while to get through the release cycle. It’s looking very good now though.”

Thanks, Chris, for the update. Whishing you, Scott and the team a successful 2011. pfSense 2.0 is set to rock the routing/firewalling world and we’re all looking forward to its release.

If you, blog readers, have any requests, ideas or general views on pfSense, let us know via the comments below.

pfSense website | pfSense blog

4 open source firewall/router projects, incl pfSense and m0n0wall

LinuxPlanet has a post with some background information of 4 great open source firewall/router projects. Two are Linux-based (endian and smoothwall) and the other two are based on FreeBSD (m0n0wall and pfSense):

pfSense

pfSense is a customized distribution of FreeBSD. It actually started in 2004 as a fork of the m0n0wallproject. However, it concentrates more towards full PC installations, where m0n0wall is more towards embedded hardware.

pfSense can be considered as a popular package, as it has more than 1 million downloads. It can be used in homes or in large corporations and organizations. It’s available as a Live CD, hard drive installation, or embedded.

pfSense has low system requirements; 100 MHz Pentium CPU and 128 MBs of RAM. The Live CD requires a CD-ROM drive and a USB flash drive or floppy drive for storing the configuration file. The hard drive installation requires a CD-ROM for the initial installation and at least 1 GB hard drive. The embedded version requires a serial port for console and at least a 128 MB Compact Flash card.

pfSense, of course, includes a powerful firewall, including the ability to filter based upon the passively detected operating system. Its state table can be finely customized. It can do Network Address Translation (NAT) and load balancing of multiple WAN connections. It has a DHCP server and relay functionality.

Other important features include redundancy and synchronization, captive portal, and the support of three VPN solutions: IPsec, OpenVPN, and PPTP.

pfSense includes great reporting and monitoring features. RRC graphs show historical values of CPU utilization, firewall states, throughput, and more. There are also SVG graphs showing the real-time throughput of interfaces.

m0n0wall

m0n0wall is also based from FreeBSD. This firewall project is designed for use with embedded x86-based PCs. However, it is possible to run m0n0wall on most standard desktop PCs.

m0n0wall officially supports the embedded net48xx/net55xx systems from Soekris Engineering and the ALIX platform from PC Engines. It requires at least a 16 MB Compact Flash (CF) card and they recommend using at least 64 MBs of RAM.

Getting m0n0wall running on an embedded system just takes downloading an image and writing it to a CF card. For desktop PCs, you can be write a disk image to a small IDE hard drive or CF card, or use the CD-ROM and floppy disk version. A VMware image is also available.

The entire system configuration is conveniently stored in one single XML text file, eliminating multiple text files parsed in a shell script. m0n0wall can completely boot up in less than 25 seconds after hitting the power button. On embedded platforms it provides a WAN to LAN TCP throughput of more than 50 Mbps (including NAT), and with newer PCs you can see 100+ Mbps.

The firewall provides stateful packet filtering and supports Network Address Translation (NAT). It also features a DHCP server and relay support. It supports VLANs and IPsec and PPTP VPNs. It even features wireless support for certain chipsets to create an access point (AP).

Other important features include a captive portal, SVG-based traffic graphing, SNMP agent, DynDNS client, and Wake on LAN client.” (full article)

Great to see the attention given by LinuxPlanet to FreeBSD based router/firewall projects. It would be nice if this was followed up by an in-depth review, comparison and benchmarking to help users decide which of the four is the best for their particular need.

M0n0wall vs pfSense vs NanoBSD

This shows how secure and rock-solid FreeBSD is. Makura no Soshi was running FreeBSD 4.11 as fil ter ing net work bridge, and thinking of upgrading, he’s compared the pros and cons of  m0n0wall, pfSense and NanoBSD. In the end he decided to go with NanoBSD.

Thus I chose NanoBSD. YMMV, and I would not recommend it for anyone not familiar with BSD. But with four other BSD servers the addition al maintenance effort is really small; possibly even easier than with any non-standard or web-based configuration.

Read the full post here: M0n0wall vs pfSense vs NanoBSD