[ home | files | links | topics | stickers | about ]



Todays Stats

Visitors: 322
Referrers: 17
User Agents: 97
Pages Served: 1242
 
Total Pages
Served:

4795697


Search


m0n0wall and you - part tres!
hardware : by Corey - February 12th 2006, 10:32AM
hardware
So the system hardware is configured and ready to go. It's now time to install the m0n0wall image onto the CF card. Because my main machine is Windows, I used PhyDiskWrite 0.5.1 to unpack the image and write it to the card. It's a handy command line utility written specifically for Windows users who need to write the m0n0wall generic PC image to a CF card. Do be aware of what disk interface you select to write to when running this application; it displays all logical drives on your system so you could potentially write the image to one of your hard drives. That would be bad, m'kay?

Once the image is written, simply plug the card into the adapter and boot the machine. Upon booting the G1, I noticed that the BIOS revision was A06 and having looked at the Dell site I knew A10 was available. Having already removed the floppy drive from the machine, I was not apt to update it unless it was necessary. As it turns out, it was not.

Fire it up and pray you did everything correctly. Prior to installing the CF to IDE adapter and card I did boot the machine and make BIOS edits. I turned off all interfaces not required for operation and ensured that nothing else was amiss. During the initial boot, you will need to connect the machine to a monitor and have a keyboard connected. If you're running it on a virtual machine or have a serial port you can use HyperTerminal through a console. For me, that was a lot more trouble that in it was worth considering that the G1 has a video card built in.

After the boot process completes, m0n0wall is up and running. You're greeted with a list of options that looks much like this. The first thing you'll need to do is assign interfaces. It is interesting to note how m0n0wall sensed the two NICs present in the machine; one integrated and one PCI. The PCI NIC was presented first and thus made into the WAN interface; the integrated NIC was then made into the LAN NIC. For units without integrated NICs, the PCI slot closest to the AGP slot will probably come up as the first interface. After assigning interfaces, I set the LAN IP to my normal networking scheme of 10.0.0.254/24; With the 24 subnet, DHCP clients have 10.0.0.1-253 to use.

Once this is accomplished, I connected cables. One Cat5 to my cable modem; the other to my Dell Powerconnect 2016 10/100 switch. I also have a Netgear FS-104 five port switch for my media center. You can set up an optional third interface for a separate subnet as well as VLAN tagging but all of that is overly complicated for my simple home network. After powercycling the router and the cable modem the network was operational. All of my clients received DHCP leases according to the default settings in m0n0wall; two hours by default and a maximum of two days.

Now that all the interfaces are operational, I can access the web-based GUI for m0n0wall. Much like consumer routers, opening a browser and navigating to the router's LAN IP works for this. The options in m0n0wall are quite extensive and do require some basic networking skills to properly configure and implement things like firewall rules and NAT rules, known in some circles as port forwarding. Because I'm not going into great detail here, you can read the documentation on all of the features by clicking here.

The first thing to do is, of course, set a password and the time zone for logging purposes. The only other really special settings I needed were to enable the PPTP VPN server so that I can create an encrypted tunnel for VNC when I'm at work or away from home. To this point I've been using VNC unencrypted over the commodity Internet because I had neither the hardware nor the time to set up an SSH tunnel for windows or a generic VPN server. m0n0wall comes with both PPTP and IPSec VPN server capabilities; the PPTP flavor works best with Windows XP. It is important to note that when setting up the VPN, all of the options it asks for are internal. That is, the server IP should be an internal address; same with the DHCP leases it gives out on a /28 subnet. Because it requires /28, be sure your private assignable space starts with 192 (ex: 10.0.1.192). After this is done, check the box that adds a firewall rule and save the settings. Create a user and you're good to go.

It is important to note that interface or protocol changes are not implicitly applied to the firewall like they are in most consumer networking routers. When you create something like a PPTP VPN or other interface feature, you must also add a firewall rule to allow that traffic to pass. Most setup screens in the GUI prompt you with a checkbox to create a firewall rule for you. If you choose not to do this, it's ok. Just remember why you can't connect later. =)

To say that m0n0wall is fully featured is an understatement; it has everything you could ever want in an enterprise-grade router with none of the fuss and certainly a lot less expense. As a geek, I was overjoyed when the entire unit worked almost completely out of the box. Minimal problems have been experienced in three days of duty.

For action shots, click here and here.
Tweet|Google+|Facebook


tags:





-+- neodux blog -+-
Page generated for 54.158.21.176 in 0.03462 seconds.
rss 2.0 feed