FreeBSD in 2007 – a review

2007 is over. It was a very successful year for open source software and another 12 interesting months have passed for FreeBSD. In this post I want to look back at 2007 and see how FreeBSD faired, what happened in “FreeBSD land” and how FreeBSD based operating systems have developed. This post will be a sort of summary of the messages I posted during 2007.

[if you like this post, please digg it, add it to your favorites or share it]

We’ll be looking at:

Start of this blog

Around April last year I was toying with the idea of starting a FreeBSD related news blog with the view to raise more awareness of FreeBSD and show it’s a perfect alternative to Linux. My first post was on 17 May 2007 and since then visitor numbers have rapidly gone up and feedback from visitors indicates that there’s definitely interest in such a blog. With the continuing growth of my hosted blog, I wanted to get some more flexibility and the ability to install plugins and scripts. Hence my move to Bluehost/FreeBSDOS (BTW, if you’re looking for cheap and reliable webhosting, I can really recommend them).

FreeBSD in 2007

FreeBSD LogoUnfortunately 2007 didn’t see the final release of FreeBSD 7.0; just 4 beta’s and a RC1. Well, maybe not “unfortunately”, because a top-quality product is better than a rushed-out flaky one that needs to be fixed and patched soon after its release. FreeBSD 7.0 incorporates some new and exciting technologies which will put this version a-par with, if not ahead of, Linux. Exciting stuff.

The FreeBSD Foundation have issued their quarterly newsletters (Q2, Q3, Q4), keeping the world up-to-date with the latest developments and news. The Foundation received a lot of coverage online and in the blogosphere with their Absolute FreeBSD book auction and their fund raising drive. The 2007 fundraising goal was $250.000, but a total of $403,511 was achieved. Well done.

There are already a couple of Linux related magazines for sale in stores, but BSD magazines aren’t available currently. “An interesting opportunity“, Software Media LLC/LP Magazine must have thought. They will issue first issue at the beginning of Q2 2008 and will contain an article by Dru Lavigne and Jan Stedehouder (Jan used and reviewed both PC-BSD and DesktopBSD for a month in his PC-BSB: the first 30 days and DesktopBSD: the first 30 days series).

Conference-wise, the ‘normal’ BSD conferences (BSDCan, EuroBSD, MeetBSD) were held, with a new one in Turkey (BSDConTR).

[Read more…]

M0n0wall 1.3 BETA6 released

The M0n0wall project has released BETA6 (22/12/2007). This release adds support for IPsec filtering and tunnels with (dynamic) remote host names. It also allows up to 256 concurrent PPTP VPN clients (instead of only 16) and contains fixes for the filtering bridge and the captive portal. An ipfilter update also corrects the lockup issues experienced by some users with 1.3b5.

Full list of changes:

  • added support for IPsec tunnels with (possibly dynamic) remote host names (instead of fixed IP addresses); the host name is polled at regular intervals (default 60 seconds), and if the IP address that it maps to changes, IPsec is reconfigured. Note that this will also cause other (non-dynamic) tunnels to be briefly interrupted.
  • added firewall support for decapsulated IPsec packets (new pseudo-interface “IPsec” in firewall rule editor); this is on by default, but the default configuration contains a “pass all” rule on the new IPsec pseudo- interface (and this is also added automatically for existing configurations), which can then be deleted to actually filter IPsec VPN traffic
  • enabled larger client subnet sizes (= more concurrent connections) for PPTP VPN server (up to 256); change subnet size on PPTP VPN setup page if desired
  • fixed filtering bridge when used in conjunction with traffic shaper
  • captive portal reliability fixes
  • updated timezone data
  • stop discriminating against nge(4) (National Semiconductor PCI Gigabit Ethernet) adapters
  • fix DHCP release button on interface status page
  • updated FreeBSD to 6.2-RELEASE-p9
  • updated ipfilter to 4.1.28 (fixes lockup issues from 1.3b5)

LinuxReality Podcast: M0n0wall and pfSense (a site with Linux related podcasts – similar to the BSD focused has posted a podcast (episode 84) that focuses on Linux and (network) security. In this episode Paul Asadoorian and Larry Pesce of the Pauldotcom Security Weekly Podcast are interviewed.

Amongst the many things discussed, M0n0wall and pfSense are also mentioned.

Download the podcast: MP3 or OGG

DigitalUnderground TV: M0n0wall

On the <a href=””>Digital Underground</a> (episode 4) <em>Frank Linhares</em> and <em>Mike Lazazzera</em> discuss the open source FreeBSD based M0n0wall (from minute 34:03).

Other subjecs discussed are: Windows UI Hacking, MythTV and revive an old iPod

<a href=””>Digital Underground – Episode 4</a>

m0n0wall 1.3 Beta5 released

m0n0wall-logo2.gifA new beta release (1.5) of m0n0wall 1.3 has been released. The development changelog of the FreeBSD-based mini firewall lists the following improvements:

  • Added siproxd for transparent SIP proxying and masquerading and simple registrar service
  • added vr(4) driver VLAN fix (for ALIX, etc.)
  • sisX interface names are now automatically changed to vrX when running on ALIX
  • added reset button driver for ALIX
  • upgraded ipfilter to 4.1.23
  • fixed FIN handling in ipnat FTP proxy
  • changed logo, license and footer to include registered trademark sign

m0n0wall 1.3b is based on FreeBSD 6.x and has better hardware support than the FreeBSD 4.x-based versions (up to version 1.23), as well as a few new features. However, it also has higher hardware requirements.

Smoothwall vs M0n0wall: a comparison

m0n0wall-logo2.gifWhen it comes to firewalls, most people are fine with a consumer grade solution like a Linksys, Netgear or D-Link “router,” but these devices lack in features. With a Pentium II 200MHz processor and 1GB of RAM, you can create a firewall that’s way more powerful than the standard cable/DSL router you get from a computer shop, and thanks to free software it has features those other devices can only dream about. Here, is a quick and small comparison between Smoothwall Express 3.0 (based on Linux) and M0n0wall 1.231 (based on FreeBSD).

Both Smoothwall and M0n0wall run on low end hardware just fine. For both systems, you’ll want at least a Pentium 2 and 128MB of RAM. Smoothwall requires more hard drive space than M0n0wall, which only needs about 8MB! Machines like this are available at auction sites, flea markets and garage sales for next to nothing. Keep in mind that these machines will use more power than a consumer “router,” but M0n0wall does have an option to turn off the hard drive after a few minutes of being idle. Now, on to the feature comparison.

Smoothwall offers many more features than M0n0wall, including a caching web proxy server, DNS server, intrusion detection system, instant messenger logging, NTP server and email virus scanning.
By design, M0n0wall is only a firewall. It keeps to the Unix programming concept of doing one thing very well. If you want things like a proxy server, IDS or DNS, you’ll want to use Smoothwall. If you want things like 1:1 NAT, M0n0wall is your best choice. Both systems offer web based management and traffic shaping.

Final Word
The bottom line is that both of these systems are excellent firewalls. Smoothwall has more features, but requires higher-end hardware, while M0n0wall’s web management of firewall rules and traffic shaping seemed to be easier to use.

This is a summary of a post found on Linux Brain Dump

New Project: AskoziaPBX

askoziapbx.gifMichael Iedema has posted details of a new FreeBSD based Asterisk OS(AskoziaPBX) forked from m0n0wall:

Greetings everyone,

I’ve been working on a (yet another) “all-in-one” Asterisk based project. It is aimed at embedded / low power systems (but scales fine on more capable hardware) and is based on Asterisk 1.4.x and FreeBSD 6.2. Because of this, I’ve mostly been hanging out on the asterisk-bsd list as bugs rolled in and the system’s features were improved. We’re currently at public beta 10 after releasing pb1 in June and, I hope, ready to announce this to a bit larger audience.

This is not a live-cd but rather an image that must initially be written to a disk, so a dedicated machine is needed. After that, the entire system is upgradeable through the webGUI. Anyone familiar with the m0n0wall project will feel right at home as AskoziaPBX was forked from it.
[Read more…]

Interview with Jeff Starkweather, Chris Buechler and Scott Ullrich

Centipede Networks has recently entered a partnership with BSD Perimeter to offer commercial support for two important free software projects, pfSense and m0n0wall.

The Free Software Magazine talked to Jeff Starkweather (CEO of Centipede Networks), Chris Buechler (BSD Perimiter’s CTO) and Scott Ullrich (Chief Architect at BSD Perimiter).

TM: Hello everybody, and thank you for answering my questions! Jeff, Chris, Scott please introduce yourselves and your companies to our readers.

JS: My name is Jeff Starkweather and I am the CEO of Centipede Networks. Centipede Networks is a dba of S4F, Inc. in Tulsa, OK, U.S.A. The company started out about 10 years ago as an ISP providing dialup access that had content filtering bundled with the service. As time progressed we branched out into products which included an internet security appliance that provides firewall, content filter and spam and virus filtering services.

CB: My name is Chris Buechler and I am the CTO of BSD Perimeter, a co-founder of the pfSense project, and a long time m0n0wall contributor. I’m not a developer on either project, but possess a deep understanding of networks and security that has enabled me to contribute heavily to both projects in project direction, testing, documentation and support.

BSD Perimeter was founded in Louisville, KY, U.S.A. by Chris Buechler and I to provide commercial backing and support for the pfSense and m0n0wall projects.

SU: My name is Scott Ullrich, and I am the Chief Architect of BSD Perimeter, the other co-founder of pfSense, and its primary developer.

Read the whole interview here