m0n0wall v1.231 - Embedded ''All-In-One'' Firewall Package
Posted on Tuesday, October 11, 2005 @ 09:30:10 AST
Topic: security
|
 04/07/2007 - m0n0wall 1.231 released!
Following a long series of beta releases, the developers of the FreeBSD-based
m0n0wall firewall project have released version 1.231 final: "m0n0wall 1.231
released! m0n0wall 1.231 includes many new features as well as improvements to
existing ones (captive portal, PPTP VPN, logging, DHCP relay, diagnostics,
DynDNS updater, IPsec). Countless small changes have been made to make the
webGUI even more useful, and many bugs have been fixed in all components.
Most important
changes in this release:
IPsec certificate support;
Improved firewall rule handling in the
webGUI;
RFC 2136 DNS updater;
More diagnostics pages (Traceroute, ARP,
firewall states);
PPPoE/PPTP dial-on-demand;
DHCP relay service;
Bigger filter state table (30000
entries);
Logging for PPTP VPN and captive portal;
firewall log page allows filtering;
RADIUS accounting for PPTP VPN;
Captive portal improvements (HTTPS
login, local user manager, RADIUS, etc.);
Console speed no longer fixed to 9600
bps;
The firewall is no longer bypassed for
traffic that enters and leaves through the
same interface (due to static routes) by
default. This is now a configurable option
on the advanced setup page;
IDE hard disk standby option for
generic-pc;
More NIC drivers; support for polling;
All components updated to the latest
version;
Countless small improvements in the
webGUI;
Many bug fixes.
m0n0wall
is a project aimed at creating a complete,
embedded firewall software package that, when
used together with an embedded PC, provides all
the important features of commercial firewall
boxes (including ease of use) at a fraction of
the price (free software).
m0n0wall
is based on a bare-bones version of FreeBSD, along with
a web server, PHP and a few other utilities. The entire
system configuration is stored in one single XML
text file to keep things transparent.
m0n0wall
is probably the
first UNIX system that has its boot-time
configuration done with PHP, rather than
the usual shell scripts, and that has
the entire
system configuration stored in XML format.
Background
Ever since I
started playing with packet filters on embedded
PCs, I wanted to have a nice web-based GUI to
control all aspects of my firewall without
having to type a single shell command. There are
numerous efforts to create nice firewall
packages with web interfaces on the Internet
(most of them Linux based), but none met all my
requirements (free, fast, simple, clean and with
all the features I need). So, I eventually
started writing my own web GUI. But soon I
figured out that I didn't want to create another
incarnation of webmin – I wanted to create a
complete, new embedded firewall software
package. It all evolved to the point where one
could plug in the box, set the LAN IP address
via the serial console, log into the web
interface and set it up. Then I decided that I
didn't like the usual bootup system
configuration with shell scripts (I already had
to write a C program to generate the filter
rules since that's almost impossible in a shell
script), and since my web interface was based on
PHP, it didn't take me long to figure out that I
might use PHP for the system configuration as
well. That way, the configuration data would no
longer have to be stored in text files that can
be parsed in a shell script – it could now be
stored in an XML file. So I completely rewrote
the whole system again, not changing much in the
look-and-feel, but quite a lot "under the hood".
- Manuel Kasper
Facts
- The m0n0wall system currently takes up
less than 6 MB on the Compact Flash card (or
CD-ROM), and contains:
- All the required FreeBSD components (kernel, user programs)
- ipfilter
- PHP (CGI version)
- mini_httpd
- MPD
- ISC DHCP server
- ez-ipupdate (for DynDNS updates)
- Dnsmasq (for the caching DNS
forwarder)
- racoon (for IPsec IKE)
- UCD-SNMP
- choparp
- BPALogin
- On a net4501, m0n0wall provides a WAN
<-> LAN TCP throughput of about 17 Mbps,
including NAT, when run with the default
configuration. On faster platforms (like
net4801 or WRAP), throughput in excess of 50
Mbps is possible (and > 100 Mbps with newer
standard PCs).
- On a net4501, m0n0wall boots to a fully
working state in less than
40 seconds after power-up, including POST (with a
properly configured BIOS).
Hardware
- m0n0wall is targeted at embedded
x86-based PCs. The net45xx/net48xx range
from Soekris Engineering (www.soekris.com)
and the WRAP platform from PC Engines
(www.pcengines.ch) are officially supported.
All it takes to get m0n0wall up and running
on one of these systems is to download the
relevant image and write it to a CF card (8
MB or larger). See Installation for more
information.
- It is also possible to run m0n0wall on
most standard PCs, either by writing the
generic-pc image to a small IDE hard disk or
CF card, or by using the CD-ROM + floppy
disk version. Since m0n0wall is based on
FreeBSD 4, most hardware that works with
FreeBSD also works with m0n0wall. See the
FreeBSD/i386 Hardware Notes for a detailed
listing of supported hardware.
- The
recommended amount of RAM for m0n0wall is 64
MB. It might work with less,
especially if you don't use a lot of
features/services, but there are no
guarantees about that - watch out for
failing firmware uploads (m0n0wall does not
use swap space, so it can't do anything
about running out of memory).
VLAN tagging
The following drivers/NICs either support VLAN
tagging in hardware or handle long frames
properly. All other drivers/NICs use software
emulation that causes a reduced MTU (which may
lead to problems):
Hardware support:
bge, em, gx,
nge, ti, txp
Long frame support:
dc, fxp,
sis, ste, tl, tx, xl (most)
Features
At this time, m0n0wall can be used as-is with
the Wireless Router Application Platform from PC
Engines (www.pcengines.ch), the net45xx/net48xx
embedded PCs from Soekris Engineering
(www.soekris.com) or most standard PCs (with a
BIOS that supports booting from CD-ROM (El
Torito standard) for the CD-ROM version).
m0n0wall already provides many of the features
of expensive commercial firewalls, including:
- Web interface (supports SSL)
- Serial console interface for recovery
- Set LAN IP address
- Reset password
- Restore factory defaults
- Reboot system
- Wireless
support (access
point with PRISM-II/2.5/3 cards,
BSS/IBSS with other cards including Cisco)
- Captive
portal
- 802.1Q
VLAN support
- Stateful packet filtering
- NAT/PAT (including 1:1)
- DHCP client, PPPoE, PPTP and Telstra
BigPond Cable support on the WAN interface
- IPsec VPN tunnels (IKE; with support for
hardware crypto cards and mobile clients)
- PPTP VPN (with RADIUS server support)
- Static routes
- DHCP server
- Caching DNS forwarder
- DynDNS client
- SNMP agent
- Traffic shaper
- SVG-based traffic grapher
- Firmware upgrade through the web browser
- Wake on LAN client
- Configuration backup/restore
- Host/network aliases
Homepage, download & more info here:
http://m0n0.ch/wall
Changelog
download
diagram:
|
|
| m0n0wall v1.231 - Embedded ''All-In-One'' Firewall Package | Login/Create an Account | 3 comments | | | The comments are owned by the poster. We aren't responsible for their content. |
|
|
Guaranteed Cash Advance Loans (Score: 1)
by ErBhQyRocB on Saturday, January 20, 2007 @ 21:42:59 AST
(User Info ) | | Cash Advance - Provider in confidential programs called Cash Advance [cash-advance.allstarpaydayloan.com] with no hassles. |
[ Reply to This ]
|
|
Personal Advance and Bad Credit Specialists (Score: 1)
by CRISTINPRTTU on Tuesday, January 23, 2007 @ 20:52:39 AST
(User Info ) | | Personal Loans through financial programs that offers Loan [www.completeloansource.com] can also be found on-line. You can search for Loan and also other loans like Debt Consolidation Loans [www.completeloansource.com] |
[ Reply to This ]
|
|
| |
| Article Rating | Average Score: 4
Votes: 1
| |
|
