UPDATE: An updated tutorial has been posted here: http://www.techunplugged.com/2009/07/22/alix-monowall-firewall-part-1/
This tutorial will guide you through copying the m0n0wall image to a compact flash card and the initial configuration of the m0n0wall on the ALIX embedded board. I will be using a VPN accelerator card since I will have about 10 IPsec tunnels actively running at one time. I would only recommend using the VPN accelerator card if you plan on maintaining several VPN tunnels at one time, otherwise it is overkill. The following is a list of the items that were used:
Obtained from soekris.com: http://www.soekris.com/ VPN1411 mini-pci card (VPN Accelerator Card)
I will be setting this up using a Mac Pro running OS/X Leopard. I will be using a USB to Serial cable with a Null Modem adapter. This cable will be used to interface between the ALIX board and the Mac for initial configuration purposes. During the initial setup it is best to keep the board outside the enclosure as there is no space to remove or insert the card.
To begin we will download the following files and placing them on your desktop:
Bootable image of Freedos with ALIX Bios: http://www.pcengines.ch/file/freedos3.zip Embedded m0n0wall image: http://m0n0.ch/wall/download.php?file=wrap-1.3b11.img
The first thing we are going to do is make sure that the newest version of the bios is installed on the ALIX board. To do this we will copy the Freedos image to the CF card.
- Insert CF card into a card reader attached to the Mac
- Open ‘Disk Utility’ and click on any partition on the CF card and click ‘unmount’. Repeat the previous step on every partition listed under the CF card.
- Right click on the CF card inside Disk Utility and select information.
- Write down the disk# listed next to ‘Disk Identifier’
- Open Terminal
- Type: cd Desktop
- Type: cat freedos_alixupdate_0.99.img | dd of=/dev/disk# bs=16k (replace disk# with what was listed in step 2 [ie disk6])
- Eject the CF disk
- Remove the CF card from the reader and insert it into the ALIX board
- Connect the ALIX board to the Mac with the USB to Serial cable with the null modem adapter attached. Within terminal hit Command-T to open a new session
- In the new session type: screen /dev/tty.usbserial 38400
- Apply power to the ALIX board, you will see the board boot within the terminal session. When it completes boot and displays the C: prompt, type: sb and hit enter If you have an older version bios it will be updated, if not the command will just complete.
- Remove power from the ALIX board
Next we will copy the m0n0wall image to the CF card. Keep the terminal screen open from the previous steps.
- Insert the CF card into the card reader.
- Open Disk Utility and unmount and partitions listed on the CF card.
- Go to the terminal screen that is already open and go to the previous session.
- Type: gzcat wrap-1.3b11.img | dd of=/dev/disk# bs=16k (Replace disk# with the actual disk that was listed next to the disk identifier)
- Remove the CF card from the card reader
- Insert the CF card into the ALIX board.
- Within terminal switch to the other session (the session in which you watched the ALIX boot)
- Apply power to the ALIX board and watch it boot.
- When it is completed booting you will see a menu screen.
- Type: 1 (Assign network ports)
- Type: n (Assign VLAN)
- Type: vr0 (Lan Port)
- Type: vr2 (Wan Port)
- Hit Return (To skip optional port)
- Type: y (Reboot system)
- Once the system has rebooted you will see the menu again
- Type: 2 (Setup Lan address)
- Type: 192.168.240.1 (Or change 240 to another number between 0-254)
- Type: 24 (For the subnet 255.255.255.0)
- Type: y (To enable DHCP)
- Type: 192.168.240.100 (Beginning of the DHCP client range, change 240 to whatever number you changed in the previous step.)
- Type 192.168.240.199 (End of the client range, change 240 to whatever number you changed it to in the previous step.)
- Hit Enter (The unit is now configured)
- Pull the power from the unit.
You can now install the ALIX board into the enclosure. Once it is installed you can hook up the unit to your LAN using the network jack closest to the power jack (vr0). You can hook up your Cable/DSL Modem to the Wan port (VR2) which is next to the serial port. Apply power to the unit and give it a minute to boot up. Open up a web browser and point it to: 192.168.240.1 (If you changed LAN address to something other than 240 change it here respectively as well). This will bring up the GUI interface for the rest of the configuration. Right out of the box it will operate as a basic router. In the a following segments I will walk you through setting up more advanced features such as:
- IPsec Tunnels
- Port Forwarding
- Dynamic DNS