Embedded Firewall

In part of my quest to simplify my life I moved away from Windows workstations and servers to Macs. With the number of systems that were removed it had a large impact on the acoustics of the room as well as power consumption. I still had one relic left behind and that was a firewall running on a PC to keep my IPSEC tunnels up with all my clients. I decided I could replace that unit as well with something that was at least fanless. During my research I found something that would be fanless and work with a 15w power adapter so it would have a small electrical footprint. The hardware I used was a PC Engines ALIX 2c3 board on which I installed the m0n0wall embedded firewall OS. I also used a Soekris VPN1411 mini-pci card to offload the encryption processing from the CPU. It is very small and runs super smooth on a 30mbit connection with 10 tunnels running. The CPU never goes above 40% utilization on a full load. It is fairly inexpensive and quite simple to assemble and program. I am in the middle of doing a video tutorial on putting one of these together and programing it. I should have the video done along with support pages tomorrow, so check back.
UPDATE: An updated tutorial has been posted here: http://www.techunplugged.com/2009/07/22/alix-monowall-firewall-part-1/

4 Replies to “Embedded Firewall”

  1. Hi,
    I am thinking about using the ALIX board and MonoWall to build a hardware firewall per your instructions.
    Did you use the ALIX2C1 Board (3 LAN/ 1 MINI-PCI/ LX700)?
    I want to clarify this since your instructions said “ALIX2C1 Board (3 LAN/ 1 MINI-PCI/ LX700)”.
    Any idea if this hardware firewall will support 30-50 mbits/sec?
    Are you happy with the VPN connections?
    What software did you use on the Mac or Linux clients to create the VPN connections?
    We have 10 servers in a rack and I am looking for a low power hardware firewall solution.
    Thanks,
    Derek

  2. All the ALIX boards would be the same installation. I am using my firewall on a 30mbit connection with no problems whatsoever. Use the VPN add-on board if you are going to have multiple VPN connections. I use VPN Tracker on the Mac side for VPN connectivity.

  3. I bumped across your video on yourtube. Fantastic! Is there a reason why you selected monowal over using pfsense? I have pgsense running in a test system today and it appears very nice with more features than monowall?

  4. I am using Pfsense as well now for better Xbox live functionality since Pfsense uses UPNP which Monowall does not. However until recently the issue with Pfsense was that you could not use FQDN for VPN endpoints. You had to enter IP addresses which does not work when one of the endpoints has a dynamically assigned IP address and uses services such as DYNDNS.org to reconcile those IP addresses.

Leave a Reply

Your email address will not be published. Required fields are marked *