dslreports logo
 
    All Forums Hot Topics Gallery
spc
uniqs
37

index1489
Premium Member
join:2004-03-12
Chino, CA

4 edits

index1489 to Dunga Bee

Premium Member

to Dunga Bee

Re: How does m0nowall rank against a store brought router ?

m0n0wall is a project aimed at creating a complete, embedded firewall software package that, when used together with an embedded PC, provides all the important features of commercial firewall boxes (including ease of use) at a fraction of the price (free software).
m0n0wall is based on a bare-bones version of FreeBSD, along with a web server, PHP and a few other utilities. The entire system configuration is stored in one single XML text file to keep things transparent.
m0n0wall is probably the first UNIX system that has its boot-time configuration done with PHP, rather than the usual shell scripts, and that has the entire system configuration stored in XML format.
The m0n0wall system currently takes up less than 12 MB on the Compact Flash card (or CD-ROM), and contains
all the required FreeBSD components (kernel, user programs)
ipfilter
PHP (CGI version)
mini_httpd
MPD
ISC DHCP server
ez-ipupdate (for DynDNS updates)
Dnsmasq (for the caching DNS forwarder)
racoon (for IPsec IKE)
UCD-SNMP
choparp
BPALogin
On recent embedded platforms (like net4801 or WRAP), m0n0wall provides a WAN LAN TCP throughput in excess of 50 Mbps (including NAT). Newer standard PCs can easily reach > 100 Mbps.
On an ALIX.2, m0n0wall boots to a fully working state in less than 25 seconds after power-up, including POST (with a properly configured BIOS)
pfSense History
This project was started in September 2004 by Chris Buechler and Scott Ullrich. Chris is a long time contributor to the m0n0wall project. m0n0wall is a great embedded firewall, but one of the great things about its design is also a limitation to expandability. m0n0wall runs entirely from RAM, the entire OS and all applications are loaded into RAM at boot time. This is a great design for embedded systems, for performance and reliability reasons. However it has no capability of being installed into a normal file system on a hard drive. Hence many desirable functions can't be reasonably implemented.
WHAT m0n0wall is NOT! (This is where pfSense comes in and does many of whats listed below!)
m0n0wall is a firewall, and the purpose of a firewall is to provide security. The more functionality is added, the greater the chance that a vulnerability in that additional functionality will compromise the security of the firewall. It is the opinion of the m0n0wall founder and core contributors that anything outside the base services of a layer 3 and 4 firewall do not belong in m0n0wall. Some services that may be appropriate are very CPU-intensive and memory hungry, and m0n0wall is focused towards embedded devices with limited CPU and memory resources. The non-persistant filesystem due to our focus on Compact Flash installations is another limiting factor. Lastly, image size constraints eliminate other possibilities.

We feel these services should be run on another server, and are intentionally not part of m0n0wall:

Intrusion Detection/Prevention System

Proxy Server

Packet inspection at any layers other than 3 and 4

A general purpose web server

An FTP server

A network time server

A log file analyzer

For the same reason, m0n0wall does not allow logins: there is no login prompt at the console (it displays a menu instead), and no telnet or ssh daemon
-
For Sale
»Netgear Prosafe VPN Firewall $35 Shipped!
index1489

4 edits

index1489

Premium Member

Click for full size
Soekris Engineering net5501
Click for full size
Soekris Engineering Optional HDD
Click for full size
Soekris Engineering Front
Click for full size
Soekris Engineering Optional 4 Port Lan Board

PCEngines Older WRAP Board superseded by the new ALIX boards
 
m0n0wall is targeted at embedded x86-based PCs. The net48xx/net55xx range from Soekris Engineering (www.soekris.com) and the ALIX platform from PC Engines (www.pcengines.ch) are officially supported.

It is also possible to run m0n0wall on most standard PCs,(you just need 2 NIC)

The recommended amount of RAM for m0n0wall is 64 MB. It might work with less, especially if you don't use a lot of features/services, but there are no guarantees about that – watch out for failing firmware uploads (m0n0wall does not use swap space, so it can't do much about running out of memory).

Soekris Engineering net5501 Board you can run Compact Flash or get the optional hard drive kit.
»www.soekris.com/net5501.htm
PCEngines Older Wrap board (Latest Boards are ALIX)with grey case (black red grey avaliable)
»www.pcengines.ch/alix.htm
-
For Sale
»Netgear Prosafe VPN Firewall $35 Shipped!