Messages

16

Services / Re: Anyone using mobile IPsec?

« on: September 01, 2015, 05:40:30 PM »

You connect fine, but no traffic passes.  Discussion in these two threads;
http://smallwall.freeforums.net/thread/71/mobile-vpn-thegreenbow-smallwall
http://smallwall.freeforums.net/thread/73/m0n0wall-smallwall-migration-ipsec-issue

I am having a hard time replicating it since I do not use mobile IPsec or Windows.   I was trying to find out if anyone was using it successfully since the b576 patch.

17

Feature Requests / Re: VMware Tools Installation

« on: August 27, 2015, 11:48:21 PM »

The is a vmx3 nic driver that works in m0n0wall and smallwall.  But again, it is the closed source, so releasing it is a bit of a challenge.  I have been working on a version using the open-vm-tools in my free time.  (In other words, it is slow.)

Some notes and links in no particular order...



http://www.freshports.org/emulators/open-vm-tools-nox11/


http://www.vmug.nl/phpbb/viewtopic.php?t=336



To add the VMXNet driver to the monowall image you need a virtual FreeBSD installation (i used 5.4, default user-install). Follow these steps:

- add the monowall harddisk image to the FreeBSD VM and start it

- mount the cdrom (mount -t cd9660 /dev/acd0 /mnt/cdrom) and unpack the vmware-tools.tar.gz

- copy the FreeBSD4.9 vmxnet.ko from the modules/lib32 directory to /tmp

- mount the monowall harddisk (mount /dev/da0c /mnt/mono)

- add the vmxnet.ko driver to the /boot directory of the mounted disk

- edit the boot/loader.rc directory and add the following line below the loading of the mfsroot.gz!

'load vmxnet.ko'

- umount /mnt/mono

- shutdown the FreeBSD machine and boot the new harddisk image into a Monowall VM

- don't forget to set the networkcards to VMXNET in the vmx file of the Monowall VM (ethernet0.virtualDev="vmxnet")


(and ofcourse if you already have a configured firewall, you can backup the config, do the vmxnet thing, find/replace 'lnc' with 'vxn' and restore it)



Additional changes to the root filesystem can be made as follows:

- copy the mfsroot.gz to /tmp and gunzip it

- make a filebase memorydisk (mdconfig -a -t vnode -f /tmp/mfsroot -u 0)

- mount the memdisk (mount -t ufs /dev/md0 /mnt/mfs)

- make you changes (i.e. default configfile, additional scripts / php files)

- umount the memdisk (umount /mnt/mfs)

- remove the memdisk (mdconfig -d -u 0)

- gzip the mfsroot

- copy the mfsroot.gz file back to the mounted monowall harddisk


https://forum.pfsense.org/index.php?topic=34043.0
https://forums.freenas.org/index.php?threads/vmxnet3-ko-for-freenas-9-x-in-esxi-5-5.18280/
https://forums.freebsd.org/threads/vmwhttps://forums.freebsd.org/threads/vmware-tools-and-freebsd-8-0.8707/are-tools-and-freebsd-8-0.8707/

18

Services / Anyone using mobile IPsec?

« on: August 24, 2015, 03:36:12 PM »

I have had two reports of problems with mobile IPsec on SmallWall since the b567 upgrade to allow l2tp.  As we share this code exactly, I wanted to get more eyes on it.  Is anyone using mobile IPsec on t1n1wall successfully?

19

Feature Requests / Re: SNMP Agent Upgrade to 64bit

« on: August 17, 2015, 06:31:50 PM »

While I was looking at the code and options to pull this into SmallWall I noticed some potential problems in the .configure options.

First, whitespace is inconsistent, and in one case, missing.  So at some point in the future "--with-sys-location="location"--without-openssl"  may get silently dropped.

Second, --with-default-snmp-version="2" is set twice.

I cleaned it up to make it easier to parse and read, and this is what is in SmallWall.  Please feel free to use my trivial, but potentially helpful later, changes.

Code: [Select]

# ucd-snmp
        cd $MW_BUILDPATH/tmp
rm -Rf net-snmp-5.7.3
        tar -zxf $MW_BUILDPATH/freebsd8/build/local-sources/net-snmp-5.7.3.tar.gz
        cd net-snmp-5.7.3
./configure --with-default-snmp-version="2" --with-sys-contact="contact" \
--with-sys-location="location" --without-openssl --enable-ipv6 \
--disable-set-support --disable-des --disable-privacy --disable-md5 \
--disable-debugging --enable-static --enable-mini-agent \
--disable-testing-code --disable-shared-version --disable-shared \
'--with-out-transports=TCP Unix TCPIPv6 Callback' --enable-mfd-rewrites \
'--with-mib-modules=if-mib host mibII/var_route ucd_snmp' --with-defaults
make


20

Services / Re: PC Engines APU1D4 and SNMP

« on: August 13, 2015, 10:05:47 PM »

I am including the link in the SmallWall SVN, but the t1n1wall file is the same.  I am also posting this on the SmallWall forum as my links are "no follow" here.

The package is here. http://svn.smallwall.org/SmallWall/freebsd8/build/local-sources/ucd-snmp-4.2.7.1.tar.gz And here... http://sourceforge.net/p/t1n1wall/code/HEAD/tree/branches/freebsd8/build/local-sources/ucd-snmp-4.2.7.1.tar.gz?format=raw

The IF-MIB.txt file is rather large, but the options are defined. But I am having trouble finding where they are turned on.   There are also patches http://svn.smallwall.org/SmallWall/freebsd8/build/patches/packages/ucd-snmp.config.h.patch and http://svn.smallwall.org/SmallWall/freebsd8/build/patches/packages/ucd-snmp.patch

Lastly, the actual build takes place in script 2 at the bottom. http://svn.smallwall.org/SmallWall/freebsd8/build/scripts/2makebinaries.sh

I am thinking the key is in the build script with this line...

Code: [Select]

        '--with-mib-modules=host mibII/interfaces mibII/var_route ucd-snmp/vmstat_freebsd2' \

21

Services / Re: PC Engines APU1D4 and SNMP

« on: August 13, 2015, 06:05:29 AM »

I have been looking at this too, and so far I can not find out if UCD-snmp 4.2.7.1 supports 1.3.6.1.2.1.31.1.1.1.6.1 and 1.3.6.1.2.1.31.1.1.1.10.1 at all.  And the bump is non-trivial.

22

Installation / Re: iso image file to bootable usb stick

« on: August 12, 2015, 05:08:00 AM »

I need to think about it a bit more, and consider how to make sure that someone doesn't use the installer img for an upgrade through the UI etc.

Wouldn't just having a different name trigger the improper image type error?

And I think a simple Linux based CLI installer might actually work out quite well.  Let me work on that a bit.   I can probably spin something up in a week or so.

23

Installation / Re: iso image file to bootable usb stick

« on: July 23, 2015, 06:10:37 AM »

I think it could probably be done.  It might just need to identify as CD-Rom to work.  Check out the SmallWall Hacking Guide. http://www.smallwall.org/docs/dev/index.html  Specifically the section on playing with images. http://www.smallwall.org/docs/dev/dev-workon.html

This will work for SmallWall, t1n1wall and m0n0wall images.

24

Installation / Re: iso image file to bootable usb stick

« on: July 22, 2015, 04:10:10 PM »

I understood what you needed, but I was unclear in my response.

Because of the way it is built, there is not an easy way to install a LiveCD to USB.  You best bet is to make a Linux install to USB (For example, install Ubuntu Server to a 2 gig stick) and use it with zcat and dd to install the image, much like Chris's original m0n0wall installer CD.

25

Feature Requests / Re: Ability to Disable/Enable Interfaces From the Serial Console

« on: July 20, 2015, 06:53:55 PM »

How about a toggle-able "Deny All" rule in the firewall?  If you leave the antilockout feature in place, you can not lock yourself out, but you can black all traffic.  Or, you can make one for that IP address only.

26

Installation / Re: iso image file to bootable usb stick

« on: July 20, 2015, 06:46:38 PM »

The CD-Rom image is a special image that will boot from and run a CD-Rom, and save the config to a floppy or USB stick.  For burning to a CD, use one of these. http://www.techdrivein.com/2011/03/9-good-cd-and-dvd-burning-tools-for.html

You want an image file if you are burning directly to a USB stick or CF-Card.  Also, the image is compressed, and uses small blocks, so try "zcat ./generic-pc-1.8.2b42.img | dd of=/dev/sdc bs=16k" as root. (sudo -i on ubuntu)

If you are wanting to make a "Live-CD" from the cd-rom image, you will have issues, as it will not find the parts it expects when booting.  If you want a flash drive to boot and imaged systems, I recommend a Linux CLI install for that.

27

Feature Requests / Re: Access Restriction (MAC ACL)

« on: April 15, 2015, 08:52:45 PM »

You realize that hard coded IPs talking to other devices on the lan have nothing to do with the firewall, right?  So there is no way to block local communication.

28

Installation / Re: I need to try this...

« on: March 01, 2015, 04:32:21 PM »

But you and I both missed that reference back to the m0n0wall.ch site. Great minds mess up alike?

29

Installation / Re: I need to try this...

« on: February 28, 2015, 04:49:31 PM »

there will be a b8 shortly with more branding changes (I missed a few!), then I have a bug to fix , listed on the bug page, around l2tp

It is easy to do...  Here is my list of ones I did not get on the first pass...  Might save you a hit or two.

SmallWall icon at the top left still points to: m0n0.ch/wall/
Have wrong favicon.ico
System: Firmware You are using the most recent version of m0n0wall
Console screen and password reset still m0n0wall