Chapter 1. Introduction

Table of Contents

1.1. Features
1.2. Getting Started with m0n0wall on the PC
1.2.1. Why use a PC?
1.3. Prerequisites
1.3.1. Required Hardware
1.3.2. Optional Hardware
1.3.3. Required Network Information
1.4. Choosing Your Hardware
1.4.1. Storage Medium
1.5. Understanding CIDR Subnet Mask Notation
1.5.1. CIDR Table
1.5.2. So where do these CIDR numbers come from anyway?

1.1. Features

m0n0wall is a project aimed at creating a complete, embedded firewall software package that, when used together with an embedded PC, provides all the important features of commercial firewall boxes (including ease of use) at a fraction of the price (free software). m0n0wall is based on a bare-bones version of FreeBSD, along with a web server, PHP and a few other utilities. The entire system configuration is stored in one single XML text file to keep things transparent.

m0n0wall is probably the first UNIX system that has its boot-time configuration done with PHP, rather than the usual shell scripts, and that has the entire system configuration stored in XML format.

m0n0wall already provides many of the features of expensive commercial firewalls, including:

  • web interface (supports SSL)

  • serial console interface for recovery

    set LAN IP address

    reset password

    restore factory defaults

    reboot system

  • wireless support (access point with PRISM-II/2.5/3 cards, BSS/IBSS with other cards including Cisco)

  • captive portal

  • 802.1Q VLAN support

  • stateful packet filtering

    block/pass rules


  • NAT/PAT (including 1:1)

  • DHCP client, PPPoE, PPTP and Telstra BigPond Cable support on the WAN interface

  • IPsec VPN tunnels (IKE; with support for hardware crypto cards, mobile clients and certificates)

  • PPTP VPN (with RADIUS server support)

  • static routes

  • DHCP server and relay

  • caching DNS forwarder

  • DynDNS client and RFC 2136 DNS updater

  • SNMP agent

  • traffic shaper

  • SVG-based traffic grapher

  • firmware upgrade through the web browser

  • Wake on LAN client

  • configuration backup/restore

  • host/network aliases