m0n0wall, an open source lightweight firewall

M0n0wall logo Jeff Goldman has done an interview with Manual Kasper, the creator of m0n0wall. Here it is: Manuel Kasper developed the embedded firewall software package m0n0wall back in 2002, he says, while experimenting with embedded x86-based computers.

Having just succeeded at stripping down FreeBSD enough to make it run on a Soekris net4501 board… and deploying it for use as a home firewall/NAT router, I wanted to go one step further, I wanted a nice, web-based interface to configure it, just like the commercial firewall boxes.

Kasper says he chose the name m0n0wall simply because “Mono” was his nickname in school.

I’m not sure why I replaced the o’s for zeros—perhaps because all domain names with normal o’s were already taken—and when I look at it now, it seems a bit silly/’31337′—but it has become a trademark anyway,

he says. And what started as a home project to make it easier to configure FreeBSD on the Soekris net4501 has grown rapidly.

At some point, I decided that it had become good enough that other people might want to have a look at it, so I posted a note about the first version on a mailing list,” Kasper says. “The interest in the project turned out to be big, so I created a dedicated web page and started releasing new versions with new features every few weeks.

Looking at the solution as a whole, Kasper says the best way to explain m0n0wall’s strengths is to look at the stability and reliability of FreeBSD.

m0n0wall, owing to the fact that it’s based on FreeBSD, inherits those qualities

Read the whole interview on isp-planet.com

Note: Manuel Kasper’s embedded FreeBSD-based firewall software package is especially attractive to WISPs and small ISPs.

m0n0wall-CMI project


Stumbled upon m0n0wall-CMI today, a web-based centralised management interface to manage m0n0wall devices remotely.

It’s the result of an internal needs inside the TI Automotive firm that is now given to open source community; This work is licensed under the BSD license.
This project is developed in PHP5 Oriented Object and packaged together with a developer documentation to ease the work of someone who would like to contribute to the code.

Current features:

    m0n0wall-CMI

  • Centralized interface to manage m0n0wall devices
  • m0n0wall version supported: 1.231;
  • Fetch/Restore m0n0wall configuration through HTTPS;
  • Manage Users/Groups;
  • Manage Aliases of m0n0wall;
  • Manage Global aliases common to all m0n0wall devices managed;
  • Manage Interfaces and VLANs;
  • Manage Firewall rules;
  • Manage NAT entries;
  • Manage ProxyARP;
  • Manage Static Routes;
  • Manage Syslog and SNMP settings;
  • Dump XML configuration from interface;
  • Import existing m0n0wall devices into database;

Sounds interesting, doesn’t it? Especially if you administer a couple of m0n0wall firewalls remotely. Check out the online demo version

m0n0wall vs pfSense; similarities & differences

pfSense logoA common misconception about pfSense is that it is intended as a rival to m0n0wall as a BSD-based firewall system, since they are similar in structure and goals. This is not the case; some developers even contribute to both projects. m0n0wall is targeted at a specific level of hardware platform, which is the Soekris or Wrap (a 486 133MHz with 64 or 128 Mb RAM and low power consumption). pfSense requires 128 Mb ram. Likewise, m0n0wall gets away with a >= 10Mb CF card, while pfSense really needs a 256Mb card or bigger.

M0n0wall logopfSense is better in that it has more features, however m0n0wall is better in that it is smaller and simpler. Which of the two, m0n0wall or pfSense, you need, just depends on your (system/business) requirements.

Interesting link: BSD Firewalling, pfSense and m0n0wall (PDF – paper delivered at BSDCan2006)

m0n0wall tipped, screencasts and beta9

M0n0wall logoThe m0n0wall project now offers a couple of screencasts that walk you through different configuration steps of a m0n0wall. Since pfSense is based on m0n0wall, some of them apply to pfSense as well.

Carla Schroder from Serverwatch.com recommended m0n0wall in the Tip of the Trade series

m0n0wall is a specialized implementation of FreeBSD + pf designed for routers and firewalls. It weighs in at well under 10 megabytes, while still delivering a complete operating system, a firewall, Web administration, traffic shaping services, a DNS and a DHCP server, SNMP, support for DynDNS updates, and a whole lot more. m0n0wall offers a nice pointy-clicky interface for setting up your stout pf firewall, but for ultimate power, you must write rules the from scratch. more…

The 9th beta of M0n0wall 1.3 was released yesterday. This beta release corrects problems with large configuration files, fixes an issue with bridging interfaces that support hardware checksum offload, and adds a kernel patch to allow m0n0wall to boot on Nokia IP110/IP120/IP130 boxes.

m0n0wall 1.3 Beta8

Another beta for m0n0wall. The eighth.

This beta release fixes an issue with some PPPoE-based ISPs (most notably AT&T/BellSouth). MPD and PHP were updated. Two DHCP server options are exposed through the Web GUI.

Please note that the 1.3b8 image doesn’t fit on a 8MB CF card anymore (>=10MB required)

FreeBSD in 2007 – a review

2007 is over. It was a very successful year for open source software and another 12 interesting months have passed for FreeBSD. In this post I want to look back at 2007 and see how FreeBSD faired, what happened in “FreeBSD land” and how FreeBSD based operating systems have developed. This post will be a sort of summary of the messages I posted during 2007.

[if you like this post, please digg it, add it to your favorites or share it]

We’ll be looking at:

Start of this blog

Around April last year I was toying with the idea of starting a FreeBSD related news blog with the view to raise more awareness of FreeBSD and show it’s a perfect alternative to Linux. My first post was on 17 May 2007 and since then visitor numbers have rapidly gone up and feedback from visitors indicates that there’s definitely interest in such a blog. With the continuing growth of my WordPress.com hosted blog, I wanted to get some more flexibility and the ability to install plugins and scripts. Hence my move to Bluehost/FreeBSDOS (BTW, if you’re looking for cheap and reliable webhosting, I can really recommend them).

FreeBSD in 2007

FreeBSD LogoUnfortunately 2007 didn’t see the final release of FreeBSD 7.0; just 4 beta’s and a RC1. Well, maybe not “unfortunately”, because a top-quality product is better than a rushed-out flaky one that needs to be fixed and patched soon after its release. FreeBSD 7.0 incorporates some new and exciting technologies which will put this version a-par with, if not ahead of, Linux. Exciting stuff.

The FreeBSD Foundation have issued their quarterly newsletters (Q2, Q3, Q4), keeping the world up-to-date with the latest developments and news. The Foundation received a lot of coverage online and in the blogosphere with their Absolute FreeBSD book auction and their fund raising drive. The 2007 fundraising goal was $250.000, but a total of $403,511 was achieved. Well done.

There are already a couple of Linux related magazines for sale in stores, but BSD magazines aren’t available currently. “An interesting opportunity“, Software Media LLC/LP Magazine must have thought. They will issue first issue at the beginning of Q2 2008 and will contain an article by Dru Lavigne and Jan Stedehouder (Jan used and reviewed both PC-BSD and DesktopBSD for a month in his PC-BSB: the first 30 days and DesktopBSD: the first 30 days series).

Conference-wise, the ‘normal’ BSD conferences (BSDCan, EuroBSD, MeetBSD) were held, with a new one in Turkey (BSDConTR).
CONTINUED

Continue reading