Improve Network Security with Open Source Monowall

By Carla Schroder | Posted July 06, 2011

A good firewall is a must for any Internet-connected network, and the open source Monowall (often written as "m0n0wall") is one of the best. Follow along as we set up strong network security using the excellent Monowall to protect our local network (LAN). Today we'll install and do basic security configurations, and in Part 2 we'll set up a good stout Internet firewall, a secure VPN, and a wireless bridge.


Why Choose Monowall?

Monowall is a complete software firewall package that includes its own operating system. All you need is some sort of computer to install it on. There are two downsides to Monowall: its goofy spelling and no commercial support. Its advantages are many. It is free of cost (though donations are welcome), and it is based on the superior FreeBSD operating system.


FreeBSD is an open source Unix that powers everything from tiny embedded devices to some of the world's most high-demand servers. Monowall comes with an excellent graphical configuration interface, and it's designed to be run entirely from its Web-based GUI.


It's a small file, weighing in at about 16 MB. It runs on the excellent Soekris and PC Engines single-board computers -- my first choices for specialized network devices, because they are robust and flexible. They will not become obsolete for many years and can be repurposed into a variety of tasks. Monowall also runs on ordinary PCs from a CD-ROM, USB stick, hard drive, Compact Flash, and even offers a VMware image.




Monowall open source firewall test lab
Monowall test lab -- from left to right: ZaReason Teo netbook, IBM Thinkpad running Monowall, tiny old cheap but still good Netgear Ethernet hub.
(Click for larger image)
.

Old laptops make great firewalls because they are small, self-contained and low power consumption. They're nice for wireless network bridges, because most have both a wired Ethernet and a Wi-Fi interface built-in. They're less reliable just from being old, so don't use them where you can't afford a hardware failure.

Another potential problem with old PCs and laptops is support for network interfaces. You'll need a minimum of two NICs, and they must not be cheapie Win-interfaces that run only in Windows, but "real" ones with fully-functional hardware controllers. The fastest way to find out if yours will work is to run Monowall to see if it detects them.

Let's set up a simple test lab. You will need:

  • Two PCs, one to run Monowall and one to serve as your LAN client (any Linux, Mac or Windows PC will do)
  • Ethernet hub or switch and patch cables
  • A FAT16- or FAT32-formatted USB stick for storing configuration data
  • Monowall CD

Your test lab connects like this: Internet => Monowall => switch/hub => PC/laptop as shown in Figure 1. We'll start without the Internet.



Page 1 of 2

 
1 2
Next Page

Comment and Contribute


     


    Get free tips, news and advice on how to make technology work harder for your business.

    Submit
    Learn more
     
    You have successfuly registered to
    Enterprise Apps Daily Newsletter
    • webcast video
      Microsoft Publisher Tips This video shows you how to create great-looking business brochures with Microsoft Publisher 2003.
    • webcast video
      Photoshop Tips In this video, we show you how to improve on or eliminate ugly and unwanted backgrounds.