m0n0wall hardware installation and startup

Installing NICs and CF card:.

Now that you have the boot image on the CF card, it's time to install the card and any additional network adapters into your soon to be m0n0wall.

Installing CF Card:

The CF slot is located almost underneath the cross brace. It is directly in front of the IDE socket, about midway between top and bottom on the motherboard. When its installed, the top surface of the card faces towards the rear of the chassis. You can see the location and orientation of the socket in the top screenshot on the right. When you install the CF card, unplug the power cord from the power supply connector, and touch the case to discharge any static buildup before working on anything inside the chassis. This applies or course to any other connections inside any PC, but since USB CF card readers are essentially "Hot-Swap" I thought it should be mentioned here. Make no mistake about it, the CF socket on the motherboard is definitely NOT hot-swap. When you are ready to install the card, press it into the slot, making sure the top surface of the card faces the rear of the chassis, and lightly press it in until it bottoms in the socket. Now it's time for the NICs.

Installing NICs:

Thanks to the standard architecture of the Netvista and the excellent job the m0n0wall developers have done, you can use almost any reasonably current PCI NICs in your Netvista. I have used Intel, 3com, Dlink, Netgear, and many other generic NICs without difficulty. It is easy to find inexpensive NICs for less than $15 even at retailers, and they can be had for $3 to $5 each on eBay.

Once you have your NICs, install them by loosening the thumbscrew and retaining bracket on the rear of the chassis, just beside the top most serial connector on the back. You can see this easily in the rear view screenshot on the right of this page. Lay the chassis on it's back and slide the retaining bracket towards the top, out of the way of the top tab of the NIC brackets. Press the NICs into the PCI slots, making sure the card(s) are seated into the slot completely, and that the top of the cards are correctly positioned on the small tabs that go into the screw slots on the NIC brackets. I've found that it is much easier to get everything positioned correctly when the chassis is standing upright. While you're holding the cards in place with one hand, slide the retaining bracket back down, checking the fit and making sure everything is interlocking correctly. Tighten the thumbscrew to hold everything in place.

At this point the hardware installation is complete and you can slip the case back over the chassis. Watch the small catch on the top edge of the chassis, it has a tiny tang that sticks up and catches the case as you slide it back on. Just press it down as you slip the case over it. I have yet to figure out it's purpose, other than being an annoyance. See the picture at the right for a detailed view.

Initial Startup and Configuration:.

Finally it's time to breath some life into the little Netvista. Plug in the power cord, keyboard and monitor cables. No need for a mouse, and don't plug the network cable in yet. Flip the power switch on the power supply to the "on" position. Look up front at the power led, it should be on steady. If it blinking, possibly you have forgotten to move the password ovrd jumper back to the default position. After 20 seconds or so, you will see the Network Station boot splash screen, followed by a black screen with the m0n0wall bootloader message, and a rotating bar cursor under the bootloader messages.
If you see this... * SUCCESS * this is your new m0n0wall starting up.

After another 20 seconds or so and numerous boot messages, you will be presented with the m0n0wall console. From here you should select option "1)Interfaces: assign network ports". You will be shown a list of Valid interfaces, their names and MAC addresses. The number of interfaces should match the number of interfaces in your Netvista, one built in, plus either one or two more depending on how many NICs you have installed. For now, just answer "n" to the question "Do you want to set up VLANs now (y/n)". You will be able to do that later if needed. The next question is "Enter the LAN interface name or press 'a' for autodetection:". If you plan on using the on-board NIC as the LAN interface, just type in "fxp0". That is the way the on board Intel pro 100 interface is identified by m0n0wall. If you are going to use another interface for the LAN segment, or just want to see the autodetection in action, enter "a". You will be asked to plug in the cable to whatever NIC you wish to use for the LAN interface. Plug in the cable, then press [enter] You will see the message: "Detected link up on interface XXXX" Where the XXXX's represent the interface that m0n0wall had previously located. Repeat the same process of either entering the interface name directly, or using autodetection to identify the interfaces, for the WAN interface and the Optional interfaces (if you are using three or more zones). When you have completed this step for each interface, you will be asked to save the changes, and warned that this will reboot the m0n0wall. Say "y" to save and reboot.

After the reboot, which takes about 50 seconds total on my Netvista, the next step is to set the LAN IP address. Enter "2" to select the "2) Set up LAN IP address" option. You will be asked to enter the IP address you wish to assign to the LAN interface of the m0n0wall. If you do not know what to enter, go back to the start of this section and study up on understanding firewalls. A basic knowledge of networking and addressing is required, so learn it if you don't already know it. It will be time well spent. For our purposes, we will enter an IP address that will work on my internal network, so I type in 192.168.20.1 and press [enter]. The next question we need to answer is the subnet mask bit count. Since this is a class "C" network, I enter "24" and press [enter]. Next I'm asked if I want to enable DHCP on the LAN interface. Since I'm integrating this into an existing network I answer "n". If you make the wrong choice here you can enable DHCP later from the web interface. After a brief pause, your LAN interface is brought up with the address you specified. Just press [enter] to continue. This will bring you back to the console. At this point this is everything that needs to be done at the console. You can shut it down, remove the monitor, and keyboard, you did remember to enable keyboardless operation in the startup options didn't you? You may wish to leave the keyboard and monitor plugged in until you are confident that you have these options correct. If you have problems, just select option 4, "4) Reset to factory defaults" and begin again at the setup step above.

Web Interface:.

Now for the real thing ! With this all complete, you should be able to access your new m0n0wall from your web browser. Just enter the IP address that you assigned to the LAN interface in the step above. In this example it was 192.168.20.1 , so you would enter "http://192.168.20.1" . Once you enter that you should be greeted with a login prompt. The default administrator name is "admin" and the default password is "mono". Unlike in most other places in m0n0wall documents, those are lowercase o's not zeros. If all is well, you will be greeted with a very nice m0n0wall web admin interface. Your next steps should be to assign interface names,IP addresses and enable the WAN and any optional interfaces. Then I always add aliases for any hosts or subnets that I will be creating rules for. This really simplifies the rule creation. If you want help with rule and NAT setup, or just more information, there is a very nice group of documents on the m0n0wall site. Just check out the m0n0wall Handbook, quickstart guide and mailing list archives.

I think the only thing left to do is to say thanks to the developers, and you might want to consider donating to the cause by either buying some m0n0wall merchandise, or donating via PayPal. The developers have done an amazing job, and you will probably not find a better piece of open source (or proprietary for that matter) software anywhere!