Moving in m0n0

Submitted by James on Thu, 07/09/2009 - 08:09

Tuesday was fun.  In that not fun way.  After getting home from the ballet, I found my home network to be... less than functional.  After some prodding at various things, I determined that my firewall's hard drive had given up the ghost.  Of course, the machine that I set up the longest time ago and had absolutely no backup of.  Of course.

After several hours of trying to convince the drive to work so I could extract my precious configuration files, I determined that it was a lost cause and went to bed, still with no home network.

A little background...  My home network is pretty sophisticated.  Different machines at home are connected to different subnets, with specific rules regarding how traffic can flow between them.  I have traffic shaping, quality of service, authentication and access control (though I got rid of that recently as it was more annoying than it was worth), and even fully deployed, fully routable IPv6.  You can't do most of this stuff with a $40 Linksys box you pick up at Best Buy.  No, you need to spend several hundred or thousand dollars to buy enterprise-grade equipment from the likes of Cisco, Checkpoint, or Juniper.  Or... you can spend absolutely nothing and do it all with open source software, if you know how (plus the cost of the hardware, but honestly, who doesn't have at least one old computer lying around somewhere).  My home network was built around my firewall, a PC I built several years ago (and had consequently evolved from one piece of otherwise discarded hardware to the next), and ran the FreeBSD operating system.

So fast forward back to Tuesday.  Because my firewall ran on conventional PC hardware and ran a PC operating system, without a hard drive, it was... pretty useless.  I contemplated taking one of the other hard drives I had laying around the house and rebuilding the machine the way it was, but it occurred to me that I built that machine at least 5 or 6 years ago, and had basically done nothing to it in the interim.  To set it up again, I'd have to look up everything that I did, learn it again, and hope that I get it all right.  And this process would take, well, much longer than I wanted to dedicate to fixing a computer.

A few years ago, I'd heard of a project called m0n0wall, a firewall/router distribution built on FreeBSD, designed to run on x86-based embedded hardware systems, but can also run on most generic PC hardware.  Doing a little more research, I determined that m0n0wall provides all of the functionality I want, in supposedly an easy to use package.  Even better, you can apparently use it on a system that doesn't even have a hard drive.  It can be run from a CD (and store its configuration file on a floppy disk or USB flash drive), or from a compact flash card (which only needs to be 32 MiB).  I chose the CD route, and downloaded the 17 MiB ISO and wrote it to a disc.

I have to say, I am very impressed with this distro.  After booting the machine using the new CD, I had everything, and I mean EVERYTHING I wanted set up in about half an hour.  If my network wasn't so complicated, I could have had it all done in under 10 minutes, but it took me a while to get all of the firewall rules set up, and to configure my IPv6 tunnel (insert side rant about not being able to get IPv6 transit from any residential ISPs in the US).

So now everything is back to the way it was.  And I did make a backup of my configuration file, just in case.  Woo.

And as always, bonus points for picking out the title reference.