Download m0n0wall 1.3b14

The package m0n0wall is a firewall with extended possibilities† It basically uses the Freebsd 6.x operating system and is fully configurable via a web interface. M0n0wall has onboard support for wireless setups, 802.1Q vlan, nat/pat, ipsec/vpn tunnels and pptp-vpn. In addition, it can also apply packet filtering and has a traffic shaper. The developers have already kicked off the fourteenth beta version of m0n0wall 1.3 with the following list of changes:

Version 1.3b14:

• WARNING: this version (any platform) no longer fits on 8 MB CF cards! (>= 16 MB required)
• When upgrading from generic-pc 1.2x, you must install 1.3b7 first before you install this image. Other platforms are not affected.
• consolidated net45xx, net48xx and wrap images into a single “embedded” image. If you’re running m0n0wall on a Soekris or PC Engines board, download the “embedded” image and rename it to reflect your current platform to upgrade via the webGUI (ie replace “embedded” in the filename by “net45xx”, “net48xx” or “wrap”)
• an official VM for VMware is now provided with this and all future versions
• modified boot loader for embedded images to use the serial speed set by the BIOS (and no longer a fixed speed as soon as the kernel boots), as in 1.2x releases
• imported “install on Hard Drive” feature (console menu) from AskoziaPBX; this allows one to install an image on HD/CF by first booting with the cdrom version of m0n0wall
• removed SIP proxy (not much feedback from users; used a considerable amount of space)
• imported ipnat source port randomization patch from FreeBSD CVS (important when running DNS servers behind m0n0wall with NAT turned on); added new option to System: Advanced page to control the port range used for random source port allocation during outbound NAT (default is 1024 – 64535; portrange sysctls have been adjusted accordingly)
• fixed a long standing bug with regenerating firewall rules (including automatically generated ones) that reference the WAN interface when the WAN IP address changes
• changed ZoneEdit update server name to dynamic.zoneedit.com
• show driver names for network interfaces (obtained from dmesg) when assigning interfaces to make it a bit easier for the user to choose
• updated Dnsmasq to 2.45
• fixed broken time zones (hard links in zoneinfo.tgz)
• added kernel patch to fix ATA on some Cyrix/Geode based boards (see A HREF=” rel=”external”>here) (suggested by Konrad Jopek)
• fixed “RSA Cert Subject” choice for My Identifier on IPsec VPN Mobile Client setup page (reported by rdnzl)
• don’t allow the interface’s network or broadcast address to be used in the DHCP client range, and also make sure that the interface’s own address does not fall within the range
• made behavior of Interfaces: LAN page more intelligent (only disable DHCP server if the IPv4 address has actually changed; do not require reboot if only IPv6 address changed)
• updated PHP to 4.4.9

Version 1.3b13:

• added support for IPv6-in-IPv4 tunnels on WAN (for use with tunnel brokers)
• added support for IPv6 over PPPoE/PPTP (WAN)
• fixed issue where firewall rules on PPTP VPN (and access to m0n0wall’s own services, like ping or DNS, from a PPTP VPN client) wouldn’t work if incoming GRE packets were matched by a traffic shaper rule on WAN
• for wrap image, show whether we’re running on a WRAP or ALIX board on the system status page
• updated Dnsmasq to 2.43 (query source port randomization)
• fixed “Register DHCP leases in DNS forwarder” option