橘子腦師MIS: FreeBSD 嵌入式防火牆 m0n0wall Firewall 實作 (CF to IDE)

2007年12月13日星期四

FreeBSD 嵌入式防火牆 m0n0wall Firewall 實作 (CF to IDE)

FreeBSD 嵌入式防火牆 m0n0wall Firewall 實作 (CF to IDE)

m0n0wall 是一套FreeBSD 做的Embedded 的 Firewall,可以做在光碟,磁碟片,硬碟,還有CF 上,我把它裝在CF 上,韌體大小只有5M左右,安裝的版本是最新的generic-pc-1.2b9.img的版本到這裡下載,主要是以FreeBSD 4.11 + ipfilter做的嵌入式防火牆 , ipfilter 的firewall rules 的書寫習慣比較容易上手,不過在這裡的rules 規則是以 first match

要將img 寫入CF還要下載一個寫入程式physdiskwrite (在這裡下載)

補充使用方法

Installation on a standard PC requires the following steps:
download the raw CF/IDE image (generic-pc)
write the image to a CF card (> 5 MB) or an IDE hard disk, either with dd under FreeBSD or under Windows with my tool, physdiskwrite 0.5
FreeBSD:
gzcat generic-pc-xxx.img | dd of=/dev/rad[n] bs=16k
where n = the ad device number of your CF card (check dmesg)
(ignore the warning about trailing garbage - it's because of the digital signature)
Linux:
gunzip -c generic-pc-xxx.img | dd of=/dev/hdX bs=16k
where X = the IDE device name of your HD/CF card (check with hdparm -i /dev/hdX) - some CF adapters, particularly USB, may show up under SCSI emulation as /dev/sdX
(ignore the warning about trailing garbage - it's because of the digital signature)
Windows:
(use the -u flag if the target disk is > 800 MB - make very sure you've selected the right disk!!)
physdiskwrite [-u] generic-pc-xxx.img
(you must use v0.3 or later!)
put the CF card/HD into the target PC
plug the PC into the network (LAN/WAN/...)
power it up
assign functions (LAN/WAN/OPT) to your interfaces (hint: use auto-detection, or let the MAC addresses tell you which card is which one)
change the LAN IP address, or use the default (192.168.1.1; m0n0wall acts as a DHCP server by default)
access the webGUI (user: 'admin', default password: 'mono')
make the necessary changes to the default configuration