m0n0wall beta 12 and FreeBSD 7.0 based pfSense

The m0n0wall and the pfSense projects have released a beta and 2 alpha versions respectively.

m0n0wall 1.3 beta 12 is out, containing a new feature: IPv6 support (routing and firewalling). The change log and the download link can be found on the beta page.

pfSense has a 1.2.1 alpha snapshot available for testing. This version contains a few bug fixes and the base OS has changed to FreeBSD 7.0. There’s also a 1.3 alpha snapshot available for testing. This version brings significant changes from 1.2 and brings all the great new features that have been added to pfSense over the past 8 months.

For the pfSense download links, upgrade instructions and more information visit the pfSense blog.

Embedded Monowall: Installation (video tutorial)

This tutorial will guide you through copying the m0n0wall image to a compact flash card and the initial configuration of the m0n0wall on the ALIX embedded board. I will be using a VPN accelerator card since I will have about 10 IPsec tunnels actively running at one time. I would only recommend using the VPN accelerator card if you plan on maintaining several VPN tunnels at one time, otherwise it is overkill.

Read the step-by-step howto & watch the video here

BSD releases – week 9

Week 9 has been an interesting one for FreeBSD and FBSD based operating systems: FreeBSD 7.0 and pfSense 1.2 were released and there were some minor releases: FreeNAS 0.686.2 and m0n0wall 1.3b10.

FreeNAS 0.686.2

Majors changes:

  • Add ability to set a CIFS/SMB share read only.

Minors changes:

  • Add m4a/m4p support in MediaTomb configuration file.
  • Add /usr/bin/bc – An arbitrary precision calculator language

Bug fixes:

  • GID was not displayed correct on ‘Access/Groups’ WebGUI page.
  • Use inadyn-mt to 02.01.13 because all newer ones causes a core dump.

Permanent restrictions:

  • It is not possible to format a SoftRAID disk with MSDOS FAT16/32.
  • It is not possible to encrypt a disk partition, only complete disks are supported.

The latest version can be downloaded here.

On an additional note, the FreeNAS team have started porting FreeNAS to FreeBSD 7.0. This means  some big changes:

  • ZFS (Sun ZetaByte File System) will be included
  • The Web Interface will undergo a full review, especially the disk management/mount point process for permitting real share configuration (with permission and quotas support).

I’ve been using FreeNAS for a month now and I’m excited about the upcoming FBSD 7.0 based version.  Keep up the good work!

m0n0wall 1.3b10

m0n0wall beta version 1.3b10 is ready; no new features have been added, but the base has moved to FreeBSD 6.3 and a few issues have been fixed; most notably:

  • PPPoE/PPTP client auto-reconnect
  • DHCP client (should hopefully not lose its lease anymore)
  • IPsec NAT-T fragments
  • intermediate SSL CA certificates now accepted

For the change log and the download links, http://m0n0.ch/wall/beta.php

7 Linux/BSD firewalls reviewed (incl pfSense & m0n0wall)

Wayne Richardson reviewed in total 7 different Linux and BSD firewalls back in Nov 2007 (ClarckConnect, Endian, Gibraltar, IPCop, m0n0wall, pfSense, SmoothWall) and compared them on basis of the following categories: setup, web-gui, extensibility and speed.

Since this is a FreeBSD blog I’ll just quote (with his kind permission) what he wrote about pfSense and m0n0wall. If you’re interested in the whole article and want to see how the BSD firewalls compare to Linux firewall, please refer to Wayne’s article.

pfSense was named the best firewall with a 95% pass rate; m0nowall received a 77% mark and was the smallest of the bunch.
[Read more…]

m0n0wall, an open source lightweight firewall

M0n0wall logo Jeff Goldman has done an interview with Manual Kasper, the creator of m0n0wall. Here it is: Manuel Kasper developed the embedded firewall software package m0n0wall back in 2002, he says, while experimenting with embedded x86-based computers.

Having just succeeded at stripping down FreeBSD enough to make it run on a Soekris net4501 board… and deploying it for use as a home firewall/NAT router, I wanted to go one step further, I wanted a nice, web-based interface to configure it, just like the commercial firewall boxes.

Kasper says he chose the name m0n0wall simply because “Mono” was his nickname in school.

I’m not sure why I replaced the o’s for zeros—perhaps because all domain names with normal o’s were already taken—and when I look at it now, it seems a bit silly/’31337’—but it has become a trademark anyway,

he says. And what started as a home project to make it easier to configure FreeBSD on the Soekris net4501 has grown rapidly.

At some point, I decided that it had become good enough that other people might want to have a look at it, so I posted a note about the first version on a mailing list,” Kasper says. “The interest in the project turned out to be big, so I created a dedicated web page and started releasing new versions with new features every few weeks.

Looking at the solution as a whole, Kasper says the best way to explain m0n0wall’s strengths is to look at the stability and reliability of FreeBSD.

m0n0wall, owing to the fact that it’s based on FreeBSD, inherits those qualities

Read the whole interview on isp-planet.com

Note: Manuel Kasper’s embedded FreeBSD-based firewall software package is especially attractive to WISPs and small ISPs.

m0n0wall-CMI project


Stumbled upon m0n0wall-CMI today, a web-based centralised management interface to manage m0n0wall devices remotely.

It’s the result of an internal needs inside the TI Automotive firm that is now given to open source community; This work is licensed under the BSD license.
This project is developed in PHP5 Oriented Object and packaged together with a developer documentation to ease the work of someone who would like to contribute to the code.

Current features:

    m0n0wall-CMI

  • Centralized interface to manage m0n0wall devices
  • m0n0wall version supported: 1.231;
  • Fetch/Restore m0n0wall configuration through HTTPS;
  • Manage Users/Groups;
  • Manage Aliases of m0n0wall;
  • Manage Global aliases common to all m0n0wall devices managed;
  • Manage Interfaces and VLANs;
  • Manage Firewall rules;
  • Manage NAT entries;
  • Manage ProxyARP;
  • Manage Static Routes;
  • Manage Syslog and SNMP settings;
  • Dump XML configuration from interface;
  • Import existing m0n0wall devices into database;

Sounds interesting, doesn’t it? Especially if you administer a couple of m0n0wall firewalls remotely. Check out the online demo version

m0n0wall vs pfSense; similarities & differences

pfSense logoA common misconception about pfSense is that it is intended as a rival to m0n0wall as a BSD-based firewall system, since they are similar in structure and goals. This is not the case; some developers even contribute to both projects. m0n0wall is targeted at a specific level of hardware platform, which is the Soekris or Wrap (a 486 133MHz with 64 or 128 Mb RAM and low power consumption). pfSense requires 128 Mb ram. Likewise, m0n0wall gets away with a >= 10Mb CF card, while pfSense really needs a 256Mb card or bigger.

M0n0wall logopfSense is better in that it has more features, however m0n0wall is better in that it is smaller and simpler. Which of the two, m0n0wall or pfSense, you need, just depends on your (system/business) requirements.

Interesting link: BSD Firewalling, pfSense and m0n0wall (PDF – paper delivered at BSDCan2006)

m0n0wall tipped, screencasts and beta9

M0n0wall logoThe m0n0wall project now offers a couple of screencasts that walk you through different configuration steps of a m0n0wall. Since pfSense is based on m0n0wall, some of them apply to pfSense as well.

Carla Schroder from Serverwatch.com recommended m0n0wall in the Tip of the Trade series

m0n0wall is a specialized implementation of FreeBSD + pf designed for routers and firewalls. It weighs in at well under 10 megabytes, while still delivering a complete operating system, a firewall, Web administration, traffic shaping services, a DNS and a DHCP server, SNMP, support for DynDNS updates, and a whole lot more. m0n0wall offers a nice pointy-clicky interface for setting up your stout pf firewall, but for ultimate power, you must write rules the from scratch. more…

The 9th beta of M0n0wall 1.3 was released yesterday. This beta release corrects problems with large configuration files, fixes an issue with bridging interfaces that support hardware checksum offload, and adds a kernel patch to allow m0n0wall to boot on Nokia IP110/IP120/IP130 boxes.

m0n0wall 1.3 Beta8

Another beta for m0n0wall. The eighth.

This beta release fixes an issue with some PPPoE-based ISPs (most notably AT&T/BellSouth). MPD and PHP were updated. Two DHCP server options are exposed through the Web GUI.

Please note that the 1.3b8 image doesn’t fit on a 8MB CF card anymore (>=10MB required)