|
||||||||
Hi folks, I spent about 10 hours today working on m0n0wall... and you bet, I turned quite a few things upside down! :) Here's the one big change: - completely reworked DMZ/WLAN interface support. The concept of DMZ/WLAN is gone; every interface other than LAN and WAN (which retain their special meaning for the time being) is now just referred to as an "optional interface" (which may have a custom name assigned to it). Wireless interfaces are no longer restricted to specific functions (i.e. they may be used for LAN, WAN or optional interfaces). The number of optional interfaces is essentially unlimited (you can assign as many of them as you have via the console menu). And yes, again - as a side effect, this change also means that you can now use a wireless interface for WAN. That was by far the most popular request! You can upgrade any version of m0n0wall to pb11; the configuration will be automatically converted to reflect the new architecture (including firewall/shaper rules) on the first boot. Filter and traffic shaper rules that have interfaces or source/destination networks that don't exist anymore (e.g. if you have DMZ rules but the DMZ interface is not set) will be removed. Please don't forget to make a backup copy of your configuration before you upgrade - just in case... I think this change is very important to the future of m0n0wall; now that the architecture has been cleaned up quite a bit (I'd still prefer to have LAN and maybe even WAN lose their special status, but that would just require too many changes at this point), I can focus on the smaller issues (time, NAT on/off, etc.). Besides, show me one commercial firewall manufacturer (except for CheckPoint) that offers that kind of flexibility (and for free ;) ... As always, please test thoroughly and let me know of any inconsistent behavior. OK, that said, there's another thing that's been bugging me for some time. I already posted to soekris-tech about this, but nobody seemed to have a clue: a few buddies of mine have m0n0walls (on net4501s) that crash every few days (anything between 2 and 6 days) - they don't respond to pings anymore, and while the serial console still echoes characters, the menu is gone, too. They have to be power-cycled to make them work again. I see this on the newer of my net4501's (one with the serial double-character bug), too, while it has never ever happened on an older box (that doesn't have the serial bug, BTW). My buddies' m0n0walls are either from the same order as my newer box or ordered shortly after it. This happens in three different (physical) locations; the only common thing is that all use PPPoE on WAN. The interesting thing about this is that in exactly the same situation (connected to the same cables and power supply and running the same version and the same configuration), the newer net4501 crashes while the older one doesn't. I also noted that the newer one reports net45xx during POST while the older one says net4501 (both at BIOS 1.15). I strongly suspect some hardware change has occurred sometime after I ordered the first one. I would love to hear from anybody who is experiencing the same issue, and likewise, from people who use m0n0wall on a net45xx and have never experienced this problem at all (i.e. uptimes > 7 days and especially with PPPoE). Now go download that release and have fun! :) Manuel |