A good firewall is a must for any Internet-connected network, and the open source Monowall (often written as "m0n0wall") is one of the best. Follow along as we set up strong network security using the excellent Monowall to protect our local network (LAN). Today we'll install and do basic security configurations, and in Part 2 we'll set up a good stout Internet firewall, a secure VPN, and a wireless bridge.
Why Choose Monowall?
Monowall is a complete software firewall package that includes its own operating system. All you need is some sort of computer to install it on. There are two downsides to Monowall: its goofy spelling and no commercial support. Its advantages are many. It is free of cost (though donations are welcome), and it is based on the superior FreeBSD operating system.
FreeBSD is an open source Unix that powers everything from tiny embedded devices to some of the world's most high-demand servers. Monowall comes with an excellent graphical configuration interface, and it's designed to be run entirely from its Web-based GUI.
It's a small file, weighing in at about 16 MB. It runs on the excellent Soekris and PC Engines single-board computers -- my first choices for specialized network devices, because they are robust and flexible. They will not become obsolete for many years and can be repurposed into a variety of tasks. Monowall also runs on ordinary PCs from a CD-ROM, USB stick, hard drive, Compact Flash, and even offers a VMware image.
Monowall test lab -- from left to right: ZaReason Teo netbook, IBM Thinkpad running Monowall, tiny old cheap but still good Netgear Ethernet hub.
(Click for larger image).
Old laptops make great firewalls because they are small, self-contained and low power consumption. They're nice for wireless network bridges, because most have both a wired Ethernet and a Wi-Fi interface built-in. They're less reliable just from being old, so don't use them where you can't afford a hardware failure.
Another potential problem with old PCs and laptops is support for network interfaces. You'll need a minimum of two NICs, and they must not be cheapie Win-interfaces that run only in Windows, but "real" ones with fully-functional hardware controllers. The fastest way to find out if yours will work is to run Monowall to see if it detects them.
Let's set up a simple test lab. You will need:
- Two PCs, one to run Monowall and one to serve as your LAN client (any Linux, Mac or Windows PC will do)
- Ethernet hub or switch and patch cables
- A FAT16- or FAT32-formatted USB stick for storing configuration data
- Monowall CD
Your test lab connects like this: Internet => Monowall => switch/hub => PC/laptop as shown in Figure 1. We'll start without the Internet.