m0n0wall Virtual Appliance
The m0n0wall project has been around for more than three years, and in this time has become one of the most popular open source firewall distributions due to its reliability, speed, flexibility, minimal hardware requirements, and ease of management.
This passage from the m0n0wall web site provides an excellent overview of the project and its primary focus:
"m0n0wall is a project aimed at creating a
complete, embedded firewall software package that, when used together with an
embedded PC, provides all the important features of commercial firewall boxes
(including ease of use) at a fraction of the price (free software).
m0n0wall is based on a bare-bones version of FreeBSD, along with a web server, PHP and a few other utilities. The entire system configuration is stored in one single XML text file to keep things transparent."
Purpose of the Appliance
This appliance is intended for use in testing or development environments, or in protecting production Virtual Infrastructure. It is capable of using NAT, routing, or transparent bridging in any virtual environment, and works on VMware Workstation, GSX, Server, and ESX.
I have been a committer with this project for nearly two years now. I work primarily in the areas of documentation and assisting users on the mailing list and in IRC, and have dedicated a very significant amount of volunteer time to this project. As of May 25, 2006, I have more than 2,000 posts to the m0n0wall mailing lists (99.9% of which were helping others), surpassing the total of any other contributor several times over. While, like most open source projects, the documentation is still lacking in some areas, the vast majority of it has been written by me. It has gone from almost nothing to being up to par with comparable projects due to my contributions over the last two years.
Virtual Appliance History
I have used VMware Workstation since right after 4.0 was released. While testing and documenting m0n0wall, I have always used Workstation extensively to simulate complete network environments. Questions routinely surfaced on the m0n0wall mailing list about using m0n0wall with VMware. The most common issue was people having trouble configuring it to work properly, for a wide variety of reasons. After seeing this numerous times, and helping different people through the same issues over and over, I set out to write up a document on installing m0n0wall in VMware.
As I started writing this document, I came to the realization that it would be a lot easier if I just made up a template virtual machine and distributed it. It became a big hit within the m0n0wall community immediately upon its release on February 20, 2005. http://m0n0.ch/wall/list/showmsg.php?id=137/92
I believe this makes my m0n0wall images the first widely distributed community virtual appliance, several months before VMware announced their community virtual appliance program.
As of May 25, 2006, the various versions of my virtual appliance have been downloaded nearly 32,000 times, and are in use in numerous installations around the world for a variety of purposes, from testing to development and protecting production Virtual Infrastructure.
m0n0wall itself is released under the BSD license, as are most of the software components it is comprised of. Some of the included software is under the GPL, and similar open source licenses. The only proprietary application in the virtual appliance is VMware Tools, distribution of which is permitted by VMware in appliances. All the licenses of the included software allow for unlimited distribution of the virtual appliance.
License for m0n0wall and all included software (excluding VMware Tools) - http://m0n0.ch/wall/license.php
Overview of Build Process
m0n0wall is a stripped down version of FreeBSD 4.11, using
some minor kernel patches for bug fixes specific to the m0n0wall environment,
and some patches to the included applications. There is a detailed image
building guide available for those interested in specific details.
Since m0n0wall extracts its file system into RAM at boot
time and runs from RAM, any changes made to the file system of a running
m0n0wall installation are lost at reboot. To make changes that will
persist across reboots, the image has to be mounted and modified, then repacked.
There are a couple of scripts that automate this process on full FreeBSD
installations. I use a script created by Jeb Campbell called workon.sh,
which can be downloaded from my website.
Because m0n0wall does not include many of the dependencies required to install VMware Tools, like Perl for example, I had to improvise to get VMware Tools running in this appliance. I took a full FreeBSD 4.11 virtual machine and installed VMware Tools the usual way. I then pulled the appropriate kernel modules, binaries, and libraries off of this installation, and put them into a modified m0n0wall image. I then modified the system appropriately so vmxnet support is loaded and the appropriate VMware Tools binaries are started at boot time.
Virtual Machine Configuration
This virtual appliance comes configured with 64 MB RAM, a 16 MB hard drive and four network interfaces.
Many installations should be able to run with less RAM, though I would not suggest anything lower than 48 MB. Because of m0n0wall's primary focus on embedded hardware running from Compact Flash storage, which can only sustain a limited number of writes in its lifetime, the file system is extracted to RAM upon boot and the system runs entirely from RAM. The only time the disk is accessed after boot is when making configuration changes. This means unless you are making configuration changes, there are no partitions mounted read/write, so it is safe to power off this virtual appliance at any time.
Using the Appliance
Instructions on getting started with the m0n0wall virtual
appliance and documentation on commonly used configurations can be found on my
The m0n0wall Handbook is also a good reference for general
m0n0wall configuration information.
General m0n0wall questions are best suited for the
m0n0wall general mailing list, with a community of more than 1500 helpful
subscribers. I personally answer most posts there, and in addition to my
input, you'll likely receive feedback from others in the community who have
worked through similar issues in the past.
You are also welcome to email me personally about anything regarding this virtual appliance at firstname.lastname@example.org.