Hello m0n0wall users,
in case you've been wondering - no, I haven't fallen off the face of the earth yet - just had other things than m0n0wall to keep me busy.
But not to worry - m0n0wall 1.3b12 is out, and there's a new feature: IPv6 support (routing and firewalling)! I realize that IPv6 is still a bit of a geeky thing without much use/demand in real life, but maybe, hopefully, one day... The base for this was actually contributed by Michael Hanselmann way back in 2005, and with some modifications to reflect the changes in m0n0wall since then, as well as a few fixes/improvements (most notably easy to configure 6to4 support), it is now finally in an official release. (Belated) Thanks, Michael!
IPv6 support must be explicitly enabled on the System: Advanced setup page before any of the new options will become available. Also, by default there are no firewall rules for IPv6, so everything is blocked. Make sure to add at least a rule on your LAN interface for outbound connections if you want to use IPv6.
Since it's the first release with IPv6 support, bugs in the implementation are likely. As always, please post on the mailing list or in the forum if you've found something odd (with a detailled description of what you did, please). Also let us know if everything worked "out of the box".
If you don't have native IPv6 connectivity yet, don't worry: 6to4 tunneling is supported, which should work anywhere you've got a (non-firewalled) public IPv4 address. Simply choose "6to4" for the IPv6 mode on both the WAN and LAN interfaces - no need to manually configure any IPv6 addresses (check the IPv6 RA option on the LAN interface and your LAN hosts will be able to automatically obtain an IPv6 address). It can also work with dynamic WAN IPv4 addresses (LAN/OPT IPv6 subnets are adjusted automatically). Note that some operating systems do not use IPv6 when connecting to a host that supports both IPv4 and IPv6 if they are configured with a 6to4 IPv6 address (-> RFC 3484), so use an IPv6-only host (try
http://ipv6.m0n0.ch) for browser testing, or simply do a "ping6".
If you've got native IPv6 connectivity (not supported over PPPoE/PPTP yet), remember that you'll have to statically route your m0n0wall's LAN subnet from your upstream router - there's no NAT for IPv6 in m0n0wall (and it would be pretty pointless in most cases anyway
.
Also, if you've gotten it to work and need some IPv6 capable web sites to try it out, have a look at
http://sixy.ch (or
http://ipv6.sixy.ch), a directory of IPv6 enabled web sites.
In other news, m0n0wall now generates a self-signed SSL certificate and key pair for the webGUI on the fly if there's none when switching from HTTP to HTTPS - this should be much more secure than the default, shared one. There's also a button on the System: Advanced page to regenerate the cert/key - you may want to use that one if you've got existing configs with HTTPS and no custom certificate.
Finally, a bug in ipnat has been fixed that I have found to cause rare and thus hard to diagnose kernel panics on a non-m0n0wall system that I'm managing.
Detailed change log and downloads:
http://m0n0.ch/wall/beta.phpEnjoy,
Manuel