m0n0wall VMware Community Images

 

 

What is it?

m0n0wall is a popular open source firewall package.  Typically it is used on embedded hardware like WRAP and Soekris boards, however it is also installed on thousands of generic PC's, and makes a nice firewall or router for testing purposes in VMware.  The images on this page have been downloaded more than 3,300 times as of December 2005. 

Background

For those of you not familiar with the m0n0wall community, I write the vast majority of the m0n0wall documentation.  This started when I set out to document setting up VMware to work with m0n0wall. When I actually sat down to write how to do it, I came to realize what a pain it is, and how many steps you have to go through to get it working. It's also an error-prone process. So, rather than documenting how to set things up, I decided to make the virtual machines available.  These were first made available in February 2005, making them the first widely distributed community VMware images that I am aware of. 


Image Details
I'm not going to go through all the details of how these were created, because avoiding that was the point of creating them.  :)

They have all unnecessary hardware removed (USB, sound), 3 NIC's, the hard drive version has a 128 MB IDE hard drive and no CD-ROM or floppy drives, and the CD version has no hard drive, the m0n0wall iso mounted as the CD-ROM drive set first in the boot order, and a floppy disk image file mounted as the floppy drive. No physical CD's, floppies, or hard drives are required for any of them. They are all configured with 64 MB RAM.

The stock config.xml has some pre-configuration to make things easier.

Interface Assignments
The following VMware interface names correspond to the m0n0wall assignment shown, and the interface is connected to the VMnet shown.

Ethernet 1 - LAN - VMnet2
Ethernet 2 - WAN - VMnet3
Ethernet 3 - OPT - VMnet4

IP Addressing
The LAN IP is set to 192.168.96.1/24, the OPT IP is set to 192.168.97.1/24, and the WAN is set to DHCP with block private networks disabled. DHCP is enabled on the LAN interface with the range 192.168.96.51-99.

Why setup this way? Chances are you aren't using 192.168.96.0/24 or 192.168.97.0/24 on your physical network. You may want to bridge the VM WAN interface to your physical LAN, where the VM would get a WAN IP from your LAN DHCP server. Disabling block private networks allows you to use a private IP on your WAN, and get to the Internet from your test network (though it will be double NAT'ed, which isn't great, but it works). The odd subnet number is so it's extremely unlikely to conflict with your LAN subnet if you set things up this way. Having the same subnet on LAN and WAN in the VM isn't going to work.

Also these two networks are summarizable by 192.168.96.0/23 (which may mean nothing, but could be helpful for some purposes).

Login
The login is the default admin/mono.

Using the Images
To use the images, simply download them and extract to a new directory somewhere. Open your VMware, go to Open and browse to the directory where you extracted the image. Select the file shown there and click Open.

Download
Which image do you need? If you're using VMware for testing purposes, the CD image is probably best. If you want to use VMware for development purposes, the hard drive image is probably best since you can edit/rewrite the image easier. Download the appropriate image (legacy or VMware 5) depending on which version of VMware you are running.

Legacy Images (VMware Workstation 4.x, GSX Server 3.x, ESX Server 2.x, ACE 1.x)

m0n0wall 1.2
CD - 5.2 MB
HD - 6.9 MB

VMware Workstation 5 Images

m0n0wall 1.2
 CD - 5.2 MB
HD - 6.9 MB

Older Versions

Browse http://chrisbuechler.com/m0n0wall/downloads/vmware/ to find older m0n0wall versions, if you need them. 
 

Contact
Questions/comments?  Feel free to drop me an email. If your questions or comments are directly related to m0n0wall itself, please use the m0n0wall mailing list (I reply to most of the messages there anyway, and will see your message).  Or if you're an IRC user, drop in #m0n0wall on FreeNode (I'm cmb there). 

 

Chris Buechler
Last update:  December 19, 2005