Wednesday, January 28, 2009

My m0n0wall setup

Last week I replaced my home firewall, an aging D-Link DI-524A, with a dedicated PC running m0n0wall and have been satisfied with the results. I used an old IBM Netvista purchased off Ebay, from which I removed the hard disk to reduce noise and electrical comsumption. It boots off a live CD and an old 64Mb USB key holds the configuration. The PC sits in my utility room, near the ceiling.

M0n0wall follows the Unix tradition: do one thing and do it well (there are exceptions in the Windows world such as Putty which also follows the principle). The user interface is simple and elegant, and its footprint is very small. I could actually run it on a 486, as long as it had enough memory. There is an alternate project name pfsense which includes many features, but this come at the expense of security and stability, and for this I prefer m0n0wall's philosophy.

This means that extra features such as a log analyzer or SSH daemon are not included in m0n0wall and you have to rely on another server. I would actually have like to be able to do this without needing another server, so running m0n0wall in a QEMU VM along with a small FreeBSD server (or even pfsense) could be a good idea for my next implementation. Time will tell.

No comments: