|m0n0wall Firewall - Part 1|
|Summary||Powerful and easy-to-configure FreeBSD firewall with Web GUI IPsec and PPTP endpoints and bandwidth shaping|
|Update||8/22/2004 m0n0wall 1.1 released . See Part 2 of the review for details.|
|Pros||• Runs on both embedded PC platforms and normal PCs
• Includes bandwidth shaping and VPN endpoint features
|Cons||• Firewall configuration could be daunting for some users|
We all know that the internet is a potentially a nasty place. Anyone from bored teenagers to organised criminals are trying to access your computer. Once connected to the Internet, nobody is immune.
Attacks are also becoming ever more sophisticated as they increasingly exploit social engineering methods, i.e. you. Phishing, Spyware, Trojans, Worms and email Viruses all have the attention of the computing press. Yes, there is no doubt we need a ever more layered approach - Anti-Virus software, Spam filters, Spyware detection software. The base layer however is still the most important and this is a firewall.
In his recent article about the LEAF project, Jim Hubbard summed up very well what a firewall is and its purpose. At its most basic, it is a device that allows you to control what traffic enters and leaves your network.
The main thing that differentiates these devices is the quality and balance of functions. If you were to go out and buy a hardware firewall, at the bottom of this scale are low cost products such as the venerable Linksys BEFRS41 Broadband Router that you can pick up for as little as $40. Its main purpose is to easily share a single broadband Internet connection between a small number of users.
At the top of the scale you have high cost products such as Watchguard, Cisco and Checkpoint firewalls costing many thousand of dollars. These are capable of supporting thousands of users or supporting large numbers of Internet connected services such as web servers.
And your choice is not limited to just commercial hardware devices. Alternatively, you can convert standard PC hardware into a firewall by just installing software that is available, both to buy and for free. Commercial examples are SmoothWall, Astaro and Coyote/Wolverine. However, there is plenty of free Open Source software such as Freesco, IPCop, and of course LEAF. Typically these are based on a Unix-like operating systems, the most well-known of these being Linux.
Don't wrongly think that firewalls based on an operating system such as Linux makes them any less secure or capable than the commercial firewalls. The Watchguard Firebox-X range of firewalls is based on standard PC hardware and a customized version of Linux. Even the low-cost Linksys hardware is now using Linux.
However, Linux is not the only free Open Source UNIX-like operating system. There is also the BSD family of operating systems (FreeBSD, OpenBSD and NetBSD), their roots predating Linus Torvald's first Linux kernel by 14 years.
The aim of this review is to introduce you to m0n0wall firewall software based on FreeBSD, and the Soekris net4501, one of the specific embedded PC platforms m0n0wall is designed to run on. In this Part 1 of a two-part series, I'll run through installing m0n0wall on the Soekris net4501, and also show you how the same software can be installed on any standard PC that meets m0n0wall's minimum specifications.