M0n0wall 1.3 BETA6 released

The M0n0wall project has released BETA6 (22/12/2007). This release adds support for IPsec filtering and tunnels with (dynamic) remote host names. It also allows up to 256 concurrent PPTP VPN clients (instead of only 16) and contains fixes for the filtering bridge and the captive portal. An ipfilter update also corrects the lockup issues experienced by some users with 1.3b5.

Full list of changes:

  • added support for IPsec tunnels with (possibly dynamic) remote host names (instead of fixed IP addresses); the host name is polled at regular intervals (default 60 seconds), and if the IP address that it maps to changes, IPsec is reconfigured. Note that this will also cause other (non-dynamic) tunnels to be briefly interrupted.
  • added firewall support for decapsulated IPsec packets (new pseudo-interface “IPsec” in firewall rule editor); this is on by default, but the default configuration contains a “pass all” rule on the new IPsec pseudo- interface (and this is also added automatically for existing configurations), which can then be deleted to actually filter IPsec VPN traffic
  • enabled larger client subnet sizes (= more concurrent connections) for PPTP VPN server (up to 256); change subnet size on PPTP VPN setup page if desired
  • fixed filtering bridge when used in conjunction with traffic shaper
  • captive portal reliability fixes
  • updated timezone data
  • stop discriminating against nge(4) (National Semiconductor PCI Gigabit Ethernet) adapters
  • fix DHCP release button on interface status page
  • updated FreeBSD to 6.2-RELEASE-p9
  • updated ipfilter to 4.1.28 (fixes lockup issues from 1.3b5)

LinuxReality Podcast: M0n0wall and pfSense

LinuxReality.com (a site with Linux related podcasts – similar to the BSD focused bsdtalk.blogspot.com) has posted a podcast (episode 84) that focuses on Linux and (network) security. In this episode Paul Asadoorian and Larry Pesce of the Pauldotcom Security Weekly Podcast are interviewed.

Amongst the many things discussed, M0n0wall and pfSense are also mentioned.

Download the podcast: MP3 or OGG

DigitalUnderground TV: M0n0wall

On the <a href=”http://digitalunderground.tv/”>Digital Underground</a> (episode 4) <em>Frank Linhares</em> and <em>Mike Lazazzera</em> discuss the open source FreeBSD based M0n0wall (from minute 34:03).

Other subjecs discussed are: Windows UI Hacking, MythTV and revive an old iPod

<a href=”http://www.metacafe.com/watch/937256/digital_underground_episode_4/”>Digital Underground – Episode 4</a>

m0n0wall 1.3 Beta5 released

m0n0wall-logo2.gifA new beta release (1.5) of m0n0wall 1.3 has been released. The development changelog of the FreeBSD-based mini firewall lists the following improvements:

  • Added siproxd for transparent SIP proxying and masquerading and simple registrar service
  • added vr(4) driver VLAN fix (for ALIX, etc.)
  • sisX interface names are now automatically changed to vrX when running on ALIX
  • added reset button driver for ALIX
  • upgraded ipfilter to 4.1.23
  • fixed FIN handling in ipnat FTP proxy
  • changed logo, license and footer to include registered trademark sign

m0n0wall 1.3b is based on FreeBSD 6.x and has better hardware support than the FreeBSD 4.x-based versions (up to version 1.23), as well as a few new features. However, it also has higher hardware requirements.

Smoothwall vs M0n0wall: a comparison

m0n0wall-logo2.gifWhen it comes to firewalls, most people are fine with a consumer grade solution like a Linksys, Netgear or D-Link “router,” but these devices lack in features. With a Pentium II 200MHz processor and 1GB of RAM, you can create a firewall that’s way more powerful than the standard cable/DSL router you get from a computer shop, and thanks to free software it has features those other devices can only dream about. Here, is a quick and small comparison between Smoothwall Express 3.0 (based on Linux) and M0n0wall 1.231 (based on FreeBSD).

Hardware
Both Smoothwall and M0n0wall run on low end hardware just fine. For both systems, you’ll want at least a Pentium 2 and 128MB of RAM. Smoothwall requires more hard drive space than M0n0wall, which only needs about 8MB! Machines like this are available at auction sites, flea markets and garage sales for next to nothing. Keep in mind that these machines will use more power than a consumer “router,” but M0n0wall does have an option to turn off the hard drive after a few minutes of being idle. Now, on to the feature comparison.

Features
Smoothwall offers many more features than M0n0wall, including a caching web proxy server, DNS server, intrusion detection system, instant messenger logging, NTP server and email virus scanning.
By design, M0n0wall is only a firewall. It keeps to the Unix programming concept of doing one thing very well. If you want things like a proxy server, IDS or DNS, you’ll want to use Smoothwall. If you want things like 1:1 NAT, M0n0wall is your best choice. Both systems offer web based management and traffic shaping.

Final Word
The bottom line is that both of these systems are excellent firewalls. Smoothwall has more features, but requires higher-end hardware, while M0n0wall’s web management of firewall rules and traffic shaping seemed to be easier to use.

This is a summary of a post found on Linux Brain Dump

New Project: AskoziaPBX

askoziapbx.gifMichael Iedema has posted details of a new FreeBSD based Asterisk OS(AskoziaPBX) forked from m0n0wall:

Greetings everyone,

I’ve been working on a (yet another) “all-in-one” Asterisk based project. It is aimed at embedded / low power systems (but scales fine on more capable hardware) and is based on Asterisk 1.4.x and FreeBSD 6.2. Because of this, I’ve mostly been hanging out on the asterisk-bsd list as bugs rolled in and the system’s features were improved. We’re currently at public beta 10 after releasing pb1 in June and, I hope, ready to announce this to a bit larger audience.

This is not a live-cd but rather an image that must initially be written to a disk, so a dedicated machine is needed. After that, the entire system is upgradeable through the webGUI. Anyone familiar with the m0n0wall project will feel right at home as AskoziaPBX was forked from it.
Continue reading

Interview with Jeff Starkweather, Chris Buechler and Scott Ullrich

Centipede Networks has recently entered a partnership with BSD Perimeter to offer commercial support for two important free software projects, pfSense and m0n0wall.

The Free Software Magazine talked to Jeff Starkweather (CEO of Centipede Networks), Chris Buechler (BSD Perimiter’s CTO) and Scott Ullrich (Chief Architect at BSD Perimiter).

TM: Hello everybody, and thank you for answering my questions! Jeff, Chris, Scott please introduce yourselves and your companies to our readers.

JS: My name is Jeff Starkweather and I am the CEO of Centipede Networks. Centipede Networks is a dba of S4F, Inc. in Tulsa, OK, U.S.A. The company started out about 10 years ago as an ISP providing dialup access that had content filtering bundled with the service. As time progressed we branched out into products which included an internet security appliance that provides firewall, content filter and spam and virus filtering services.

CB: My name is Chris Buechler and I am the CTO of BSD Perimeter, a co-founder of the pfSense project, and a long time m0n0wall contributor. I’m not a developer on either project, but possess a deep understanding of networks and security that has enabled me to contribute heavily to both projects in project direction, testing, documentation and support.

BSD Perimeter was founded in Louisville, KY, U.S.A. by Chris Buechler and I to provide commercial backing and support for the pfSense and m0n0wall projects.

SU: My name is Scott Ullrich, and I am the Chief Architect of BSD Perimeter, the other co-founder of pfSense, and its primary developer.

Read the whole interview here