Last update:
03/06/2010
Current version:
1.31
Notes/Bugs/Caveats
  • wireless cards: only wireless cards that work with the wi or an driver are supported. These are listed in the FreeBSD/i386 Hardware Notes. For hostap, you need a card based on the PRISM-II or -2.5 chipset. Cards that have been tested include D-Link DWL-520 Rev. A2 (PCI), Senao NL-2511CD Plus EXT2, Cisco Aironet AIR-PCM352 and Z-Com XI-815 (CF card in PCMCIA adapter).
    802.11g and 802.11a cards do not work because they're not supported by FreeBSD 4.11! Use an external access point if you need 54 Mbps wireless.
  • bridging two wireless cards together is only possible if they're both in hostap mode
  • with a dynamic IP address on WAN (DHCP, PPPoE or PPTP), IPsec VPN is brought up only when the WAN interface is up (DHCP lease obtained or PPPoE/PPTP session established) - keep this in mind when experimenting with tunnels to optional interfaces or LAN while for example WAN is set to DHCP but not actually connected. Use a static IP address on WAN if you want to test without a WAN connection
  • if you use the generic PC or CD-ROM version, be sure to disable APM (power management) in your machine's BIOS (if possible)

Viewing low-level status information and executing commands

If you want to see some low-level status information, try http://<m0n0wall-ip>/status.php. You can also view the current XML configuration there.

If you want to execute a command directly on the m0n0wall, go to http://<m0n0wall-ip>/exec.php. You may need to enter the complete path to the desired program.

Default Port configuration on net4501

LAN: Net 0 (next to the console port), sis0
WAN: Net 1 (sis1)

Recommended BIOS settings for the net45xx

ConSpeed = 9600
ConLock = Enabled
BIOSentry = Disabled
PCIROMS = Disabled
PXEBoot = Disabled
FLASH = Primary
BootDelay = 2
BootPartition = Disabled
ShowPCI = Enabled

Making a custom SSL certificate for the HTTPS webGUI

Execute the following commands on any UNIX machine with OpenSSL installed:

openssl req -new -nodes > cert.csr
openssl x509 -in cert.csr -out cert.pem -req \
  -signkey privkey.pem -days 365

The certificate can then be found in cert.pem and the private key in privkey.pem, ready for copy & pasting to the Diagnostics: Advanced page. cert.csr is not needed anymore. Note that if you screw up with the certificates and cannot access the webGUI anymore, you may use the console menu option "Set LAN IP address"; it will ask you whether you want to revert to HTTP.
© 2003-2010 by Manuel Kasper <mk@neon1.net>. All rights reserved.