Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Setting up a m0n0wall firewall/router

0 views
Skip to first unread message

Warren Block

unread,
Dec 23, 2007, 11:31:29 AM12/23/07
to
I mentioned this in another post, but here's more detail...

m0n0wall is a free dedicated firewall/router built on FreeBSD:

http://m0n0.ch/wall/

It provides a better quality firewall/router than the small dedicated
boxes from Linksys and DLink, and will run on "obsolete" hardware that
is easy to obtain.


Setup

Obtain a Pentium II or higher machine, 64M of RAM or more (free, too
slow to be useful to most people).

If it has more than 128M of RAM, remove some to save power. You can use
a hard drive, but CD is better--it spins down after a while, saving
power. CF card is even better; see below.

Two network interfaces are needed, one built-in and one PCI card are
fine, or two PCI cards. Brand is not particularly important; try
whatever is free.

A monitor and keyboard are useful for initial setup. After that, they
aren't needed. You can access the m0n0 system from a web browser on a
client.

Download the m0n0 CD file and create the CD. Boot the system from it,
perform the config, and use it for a while.

Client systems should be set to use the IP address of the m0n0 system as
gateway (and DNS, and NTP). m0n0 is a DHCP server, so you can just set
the clients to use DHCP and everything will be handled automatically.
Good luck with Windows not-quite-NTP-but-nearly-as-good-we-promise time
configurations. (Don't take it personally, Microsoft hates everyone
equally.)


Optional Extra Bonus Points

Once the configuration has been tested, save the config file. You can
rebuild the CD to include the config file, or...

Find an old 8M CompactFlash card (free, too small to be useful any
more). Obtain a CF-to-IDE adapter like this:

http://www.monoprice.com/products/product.asp?c_id=104&cp_id=10407&cs_id=1040705&p_id=2785&seq=1&format=2

Put the m0n0 image and your config file on the CF card and install in
the m0n0 computer. Disconnect the CDROM drive to save power.

The system will boot and run from the CF card.


Final Steps

Explain to users that a firewall mostly just keeps their Windows
systems from being rooted when connected directly to the net, and risky
behavior is still risky.

"It's like vampires," I tell them, "they won't come in unless you invite
them in." This is followed by a long explanation of all the non-obvious
ways that Windows helps them offer vampire invitations.

--
Warren Block * Rapid City, South Dakota * USA

Jason Bourne

unread,
Dec 23, 2007, 11:52:24 AM12/23/07
to
Warren Block wrote:

[snip]


>
> It provides a better quality firewall/router than the small dedicated
> boxes from Linksys and DLink, and will run on "obsolete" hardware that
> is easy to obtain.
>

[snip]

When I first got DSL I closed off all ports in the firewall found in the
Westell modem/router. Supposedly nothing should be able to enter from
outside. When I tcpdumped the traffic and examined it with Ethereal lo and
behold all kinds of stuff was leaking past. Since I had no Windows boxen
the Windows Messenger spam that was leaking in had nowhere to go, but it
drove home the point that just because the promotional material for
the "dedicated" hardware says it has a firewall doesn't necessarily mean
that firewall is any good.

So I run it in split-bridge and have a k6-2 500MHz/128M RAM FreeBSD gateway
running pf/NAT. I just like it better this way. :-)

-Jason

0 new messages