Hardware

Hi all,

I am planning to install m0n0wall 1.231 for one of my customer. However, I am very new to BSD and I am not sure which PC to purchase. Looking at the list of support hardware for FreeBSd 4.11, it seems very limited. I am not sure if the latest HP/Compaq/Dell offerings will boot properly at all. Please let me know which model works on m0n0wall. I will try go that the model and specs that will work. I don't want this project to end in failure because of unsupported hardware.

I will get a D-Link DFE530TX+ network card which is listed as support hardware. So if onboard network isn't supported, let me know and I will get an additional DFE530TX+.  Thanks very much.

hey i run it on a virtual machine, disabling the tcp ip on wan adapter in host system.
that way no packet from wan will reach ur host system but tools like pcap will be able to see the passing traffic before it reaches monowall.
vmware server is free and the virtual mahcines can run as a service.
u just need to take following torrent, cause in this version the virtual NICs of vmware supported:
http://torrent.vmware.com/torrents/x-mono.tar.bz2.torrent , its 1.231 release.

its not only a nice tryout without hardware requirements, u yield flexibility too...

greets


wurst

Running on a Virtual machine is fine if you are just evaluating, but not advised for a firewall.  To be honest, you would be better off getting an older machine.  If you are wanting this for a customer though, I might suggest that you could do worse than looking at http://www.linitx.com (UK site as you don't list your country in your profile) I am very happily running Monowall on this http://linitx.com/viewproduct.php?prodid=10127 Though you might find one of the 1U units more suitable. Looks more pro than a PC as well and you don't have to buy a copy of Windows with it.

Hi,

My country is malaysia. If possible, I would like to purchase from my country. Importing might be a little more troublesome.

Running on a Virtual machine is fine if you are just evaluating, but not advised for a firewall.  To be honest, you would be better off getting an older machine.  If you are wanting this for a customer though, I might suggest that you could do worse than looking at http://www.linitx.com (UK site as you don't list your country in your profile) I am very happily running Monowall on this http://linitx.com/viewproduct.php?prodid=10127 Though you might find one of the 1U units more suitable. Looks more pro than a PC as well and you don't have to buy a copy of Windows with it.

Running m0n0wall on VMWare/Virtual PC will be my last resort. I managed to bootup m0n0wall using VMWare workstation 6 a couple of days ago. I have no experience on VMware Server. You mentioned about running it as a service. So I would assume that the VMware machine will auto start once the host is booted? Thanks.

Seeing that the latest PC comes with Intel 945 mobo with ICH8 diskcontroller, SATA hardisk, I am just afraid that it will not boot up properly due to unsupported hardware.

hey i run it on a virtual machine, disabling the tcp ip on wan adapter in host system.
that way no packet from wan will reach ur host system but tools like pcap will be able to see the passing traffic before it reaches monowall.
vmware server is free and the virtual mahcines can run as a service.
u just need to take following torrent, cause in this version the virtual NICs of vmware supported:
http://torrent.vmware.com/torrents/x-mono.tar.bz2.torrent , its 1.231 release.

its not only a nice tryout without hardware requirements, u yield flexibility too...

greets


wurst

My country is malaysia. If possible, I would like to purchase from my country. Importing might be a little more troublesome.
[/quote/
I'm sure there will be some similar products that you can source locally. I found that site by googling ITX as I was looking at building my own with an ITX mainboard.  You could also try looking for a Soekris board locally and find a suitable enclosure.

hey markb:

je sure its not advised to run a firewall on the same physical computer.
thats very much true for a software firewall. if the program crashes, the machine is unprotected.
in mine case a crash would remove the ip, the next router would give back a "no route to host" later.
idk any soft firewall that show such a save behaviour on hard crash.
and i think thats the reason why they are normally on a separate hardware.


see:
- its very easy, but sure important to remove tcp/ip from the adapter over that the wan interface is bridged. as ip is the lowest thing that get transported in internet, it should be pretty safe.
- the traffic is scanable on the wan side easily with pcap. so u can snort or whatever. this gives a big advantage of monitoring traffic in problematic situations.
- the cpu resources that u need on normal dsl line are small, 64 MB ram are aviaible in every desktop machine of these days. that could make the firewall even interesting for advanced desktop firewalling
(like bring every client behind own nat, connecting the clients over vpn through lan/wlan...)

i use that in thisvirtual installation often as a vpn tunnel to other networks in branch firms.
then its allready behind a nat.
its nice and stable, theres no additional cost and nice flexibility and distribution is pretty fast and simple copypasting.


to darthobiguan:

hmm, je theres a service in background that start and stop virtual machines.
u can check in the properties of ur virtual machine, theres possibility to specify a user that runs that machine and the possibility to start it on system start.
(they need up to 5 min after boot to start up, dunno why...)

vmware server is "free" btw, u can download at vmware.com
serials need registering but you get the serials immideatly on page there, not by mail.
its licensed up to 16 cpu (sockets) and run pretty fast, with some performance probs in harddisks.                                                     

hm for a hardware solution id prefer some smaller device too, specially cause energy cost is high in my country.
a desktop pc, if switched on 24/7 will eat 20 euro / 30 dollar ca. for electricity every month.
within lets say 5 jears running time we have pretty expensive box then.
better spend 200-300 on some little device.
btw. theres cheap ibm compatible low power systems too. they come with a ca. 10 min batery backup unit and console/monitor. what im talking bout is old notebooks, i think if i would be in the situation to run such a system, id take old notebook of chef 
all u need is compatible networking devices, dunno theres some differences between monowall versions they say.