Basic m0n0wall Configuration

m0n0wall has a very simple, but easy to use Web interface for configuration. The screen shots and examples that follow are based on m0n0wall on the Soekris net4501, but are applicable to all the m0n0wall images.

Enter the m0n0wall IP address into the Address box of your web browser and you will be prompted for a Userid and Password. Enter the defaults are admin and mono (both lowercase, no numbers) and you'll be then taken straight to the Status page (Figure 1).

Figure 1: m0n0wall Status page

The web GUI has a simple layout with all configuration options and features grouped and listed in a pane down the left side of the page and the details of the selected option are displayed in a large pane on the right side of the page.

As with most firewalls, m0n0wall offers a certain amount of security in its default configuration. The important defaults are:

Security

• The WAN interface is configured to get its IP configuration by DHCP. 
• Traffic entering on the LAN interface is allowed to pass to any other interface, WAN and optional interfaces.
• Outbound NAT is enabled; all outbound traffic passing through the WAN interface appears as if it originated from the WAN IP address.
• Inbound traffic entering on the WAN interface is blocked.

Administration

• Web administration is allowed on the LAN interface IP (default 192.168.1.1/24) on port 80 (http).
• The DHCP service is enabled on the LAN interface so that PCs are correctly configured with an IP address in the 192.168.1.100 - 199 range. The DNS forwarder service is enabled allowing PCs connecting to the LAN interface to use the LAN IP address as a DNS server. Queries are forwarded to the DNS servers, statically configured or obtained by DHCP / PPP, on the WAN interface.
• The firewall's time zone is set to Etc/UTC and synchronises its internal clock every 5 hours with one of the time servers at pool.ntp.org ¹ .

Under most circumstances, this is enough to give a small network of PCs and other Ethernet devices using TCP/IP protected access to the Internet. All other features and services are disabled.

¹ pool.ntp.org is a voluntary project providing public Network Time Servers. The project uses 'Round Robin' DNS to spread the load of time requests over a large number of servers, currently 188.

Tags: firewall, Linux, m0n0wall, open source,

Related Articles: