Security
m0n0wall is a firewall that runs on a PC. It consists of a modified version of Unix. The operating system for m0n0 resides on a CD-ROM. Because the CD-ROM is read-only, the configuration information is stored on a floppy disk. Any DOS formatted floppy disk will work.
The computer that runs m0n0wall must have two network interfaces. One of those interfaces is considered the WAN interface. It could be connected to the Internet, or to some other extended network (in the lab this other network might be quite small). The other interface is considered the LAN interface. It connects to one or more hosts. A likely configuration would involve a switch connected to the LAN interface of m0n0wall and some number of computers connected to the switch.
Setup
To use m0n0wall you must perform the following tasks:
When m0n0wall is running on a computer, the m0n0wall console setup menu appears on that computer's display. Once m0n0wall is set up you will ignore this display. If this is the first time m0n0wall has been used with this floppy disk, the initial display will look like this:
You must now select the interfaces to connect to the WAN and LAN. m0n0wall will show you the four network interfaces present in the computer, each identified by a short name. The first three interfaces shown will be eth1, eth2, and eth3. The last interface shown will be eth0. The identifier for eth0 is different because that interface is built onto the motherboard of the computer whereas the other three are interface cards. In the example below eth1 is used for the LAN, eth0 for the WAN, and eth2 is used as a second LAN interface:m0n0wall console setup ********************** 1) Assign network ports 2) Set up LAN IP address 3) Reset webGUI password 4) Reset to factory defaults 5) Reboot system Enter a number:
You must now assign an IP address to the LAN interface. (Check the m0n0wall console display - there may already be an IP address assigned that is acceptable to you). Choose an address in a network that does not conflict with the public or private networks (130.157.166.*/24 or 192.168.200/*/24). In the example below the address 192.168.1.100/24 is used:Enter a number: 1 Valid interfaces are: rl0 00:50:fc:57:87:cd fl1 00:00:b4:91:d3:ed rl2 00:00:b4:91:d4:73 xl0 00:06:5b:c3:f4:71 Enter the LAN interface name: rl1 Enter the WAN interface name: xl0 Enter the Optional 1 interface name ( or nothing): rl2 Enter the Optional 2 interface name ( or nothing): The interfaces will be assigned as follows: LAN -> rl1 WAN -> xl0 OPT1 -> rl2 (OPT1) The firewall will rebot after saving the changes. Do you want to proceed? (y/n) y The firewall is rebooting now
You must now connect the LAN interface of the firewall to an ethernet interface of some other computer. This can be done directly with a crossover cable or indirectly through a hub or switch. Then open a web browser and open the URL indicated on the console in the previous step.Enter a number: 2 Enter the new LAN IP address: 192.168.1.100 Subnet masks are entered as bit counts (as in CIDR notation) in m0n0wall. e.g. 255.255.255.0 = 24 255.255.0.0 = 16 255.0.0.0 = 8 Enter the new LAN subnet bit count: 24 Do you want to enable the DHCP server on LAN? (y/n) n The LAN IP address has been set to 192.168.1.100/24. You can now access the webGUI by opening the following URL in your browser: http://192.168.1.100/ Press ENTER to continue
A dialog box will appear that asks for a userid and password. The userid to use is "admin" and the password is "mono". If these do not work return to the m0n0wall console and choose the option to reset the webGUI password.
In the web browser choose the option "Interfaces WAN". If the WAN interface is either the public network or the private network, choose type "DHCP". If the WAN interface is not connected to one of these networks choose type "Static" and enter an IP address and subnet mask bit count under Static Configuration. To see the IP address assigned by DHCP to the WAN interface choose the option Status Interfaces.