M0n0wall and Soekris embedded firewall and VPN solution

M0n0wall's firewall rule setup. Rules can be set up by address and port across all interfaces supported by the the underlying hardware. Additionally protocols can be NAT'd (handled via network address translation) or even remapped (to allow the user to use protocols that may be blocked by an ISP's routing rules).

© CNET Networks - Submitted by David Spector

M0n0wall's dynamic DNS setup screen. This allows the firewall to have a Domain Name visible on the Internet in implementations where the end-user doesn't control their own IP address such as a cable-modem or DSL connection.

© CNET Networks - Submitted by David Spector

The setup for M0n0wall interfaces; here one can set up both wireless and wired interfaces. This screen capture shows a wireless interface being configured to allow WEP ("Wired Equivalent Privacy") Security.

© CNET Networks - Submitted by David Spector

The M0n0wall IPsec status page showing an active connection to another IPsec compatible system.

© CNET Networks - Submitted by David Spector

The M0n0wall setup page for IPsec VPNs; this allows the system to connect with other M0n0wall system as well as other IPsec compliant systems (such as commercial firewalls) to create secure virtual private networks.

© CNET Networks - Submitted by David Spector

The M0n0wall setup page showing the settings for PPTP connections which allow remote users to connect tot he M0n0wall using standard remote access clients.

© CNET Networks - Submitted by David Spector

The M0n0wall status pages showing the status of the network interfaces and how much traffic each network has handled.

© CNET Networks - Submitted by David Spector

The M0n0wall software runs on a large variety of hardware, but the most popular is a small but very powerful embedded system made by Soekris engineering. This particular board, the NET4521, supports two 100Mbit Ethernet interfaces and 2 PCCard/PCMCIA slots which can be used to add wireless (WiFi) cards; there is also a CompactPCI slot that can be used with a hardware encryption accelerator to speed up VPN access.

Picture courtesy of Soekris Engineering, used with permission.

Soekris also makes optional cases for these embedded systems; this shows the NET4801. These are very compact systems, taking up the space of a small hardcover book.

Picture courtesy of Soekris Engineering, used with permission.

The rear of the NET4801 in its optional case showing the network interfaces and console/power connections.

Picture courtesy of Soekris Engineering, used with permission.