|
Post by Admin on Feb 19, 2015 5:45:41 GMT
Well, it is real, so time to figure out a path forward. This board is more free form, as long as it is firewall related.
|
|
|
Post by clintonb on Feb 19, 2015 12:05:32 GMT
Has anyone considered porting from x86 over to ARM? Mammoth task, but as it keeps in line with small, flexible and reliable. What do we think?
|
|
|
Post by Lee Sharp on Feb 19, 2015 16:06:53 GMT
Mammoth task is right. Especially since some of the things needed by m0n0wall ^H SmallWall (It will take a while to get used to that...) are not ported over to arm yet, and the arm ports are considered Tier 2 Architectures, and not officially supported by FreeBSD. Also, "ARM" is not really "an architecture" as each implementation is slightly different. So we would need to pick which "ARM" and have a port for each. That gets ugly quick. You can see more details here. www.freebsd.org/platforms/arm.htmlThat is not to say it will not be done. But it will be tough finding someone who wants to do it.
|
|
web
New Member
Posts: 2
|
Post by web on Feb 19, 2015 17:40:46 GMT
but wait...
Doesn't FreeBSD already run on ARM?
I think yes since I run 10 (or is it 11) on a RPi
Since m0n0wall is built atop FreeBSD, this should be a "freebie", or am I missing something?
|
|
|
Post by Lee Sharp on Feb 19, 2015 18:49:58 GMT
Check out the link www.freebsd.org/platforms/arm.html and you will see that "Arm" is not a totally descriptive target. It runs on Raspberry Pi, but not everything with the Pi Chip... And not all ARM chips. Also, as Tier 2 Architecture, it gets ports later, and sometimes not at all... So, the problems are; Are all the components we need ported, current and working on the ARM branch? Is the hardware we want to support, working on the ARM branch? As each bit of hardware is essentially a separate port and build, does a given bit of hardware have enough demand to make the port worth it? That is not to say it can not be done... But it would be a lot more work than most people think. That said, since you are running FreeBSD the Pi, do you want to do it?
|
|
|
Post by clintonb on Feb 19, 2015 19:13:29 GMT
These are fair points. Let us see what others think. It doesn't need to be a primary goal (more a background, future development plan) as there is enough minor work required on the present m0n0wall build that others feel are priority. BUT seen that the Pi and beaglebone are probably two very popular enthusiast boards, we could start a port onto these if we can formulate the suitable hardware components required to comprise as been a suitable firewall. I would like to see m0n0wall be a platform for the next generation (educate, trusted, used everyday) as it has done for us.
|
|
|
Post by Lee Sharp on Feb 19, 2015 19:29:46 GMT
Now getting multiple nics to work on the Pi/Bone/other at any reasonable speed is a whole other issue... But, I am not trying to shut anyone down, as long as they are not trying to extend beyond the scope of a firewall.
|
|
|
Post by brianlloyd on Feb 19, 2015 19:58:38 GMT
I know we like m0n0wall. It has been an excellent and long-lived tool. However, Manuel has suggested we move to OPNsense. The current sentiment over on the OPNsense forum is that it should be possible to run OPNsense on something as small as an Alix board and the new APU board from PC Engines looks just about perfect for an OPNsense appliance. The only roadblocks to using OPNsense seem to be:
1. Currently there is no boot image to just burn to flash to run. You have to use their installer and it then creates the runtime environment on the target disk/storage.
2. Currently a graphics card is required to do the install. Once there is a version that can handle initial configuration via serial, or has a default IP address on one of the ports (LAN), it should be possible to start it up and then configure it from a terminal or a browser.
Now this seems a whole lot farther along than starting a new project. And the OPNsense developers are open to the idea of making an appliance version that will just boot and run. I like that. It seems like the most direct path from m0n0wall.
Just sayin'.
Brian
|
|
|
Post by Lee Sharp on Feb 19, 2015 20:27:28 GMT
It may be... If so, this site will fade away. But the philosophy I am seeing over there is different from what m0n0wall was. And if they make an embedded version that is an afterthought, I am not sure that is something I want...
As for how far along it is, m0n0wall works now. The only thing we need in place is a structure to make sure security patches can come out, and some new features. I could "release" a smallwall-1.8.2 today just from the latest beta builds. OpenSense could not.
|
|
|
Post by rpsmith on Feb 19, 2015 22:12:22 GMT
Right on Lee!
Roy...
|
|
azdps
Junior Member
Posts: 20
|
Post by azdps on Feb 20, 2015 0:44:01 GMT
Thanks Lee for starting this forum. I also like the name SmallWall as being the new fork for m0n0wall. I think we can do better on a forum though using either Vbulletin www.vbulletin.com/ or Simple Machines Forum www.simplemachines.org/. Example of Simple Machine Forum: masm32.com/board/I would like SmallWall to stay on the same track as m0n0wall. I would not like to see any additional features. If anything, less features would be fine by me. Trying to support arm processors for instance is far beyond the scope of what I think you are trying to achieve here. I'm willing to donate some cash to help this project get on it's way. Would like to see a nice website design, and a nice forum for starters. I would like to see a similar website design as Opnsense has. I want to help out where I can, and i'm will to donate some cash to help this fork get started.
|
|
|
Post by rpsmith on Feb 20, 2015 1:31:53 GMT
I'm also fine with the name "SmallWall". As far as features goes, I mainly want to see the OS kept up to date so there won't be a problem running on newer hardware. The only other thing that I think would be nice to have is OpenVPN support.
Roy...
|
|
|
Post by Lee Sharp on Feb 20, 2015 2:59:22 GMT
When I was putting all of this together, I had limited time and money. (That job thing is always interfering!) So I picked something I could set up easy at a minimal cost while we figured out what to do. ProBoards was easily good enough for that, and not to bad on the features. (Actually has more than I know ho to use right now...) But if it shows too many limitations, we can ditch it once the project team is finalized. I am not married to it. But first I wanted to figure out who will be developing, and what tools we will use for that. (Git, svn, other...) I still have to set up e-mail! And yes, my website is ugly. I am no artist... I welcome contributions! It is just static pages with css, so feel free to go wild with it, and let me have a copy. It should not take much to dobetter than I did, and then you become famous! (Well, not really...) And Roy, the facts page lays out what I think are items for the short list in upgrades. Again, I am open to submissions, but I take them more seriously when they come with code.
|
|
weust
New Member
Posts: 2
|
Post by weust on Feb 20, 2015 13:44:31 GMT
As I mentioned over at the OPNsense forum, I'm a home user/hobbyist and going for a hypervisor setup this year based on free Hyper-V. The advantage of OPNsense and pfSense is that they run on FreeBSD 10.1 (OPNsense has a try out version ready atm) which runs great on Hyper-V or ESXi (XEN too I believe, but I never even touched XEN so far).
IDS, Captive Portal and all that are things I don't need. A firewall and router is what I need, and perhaps a DHCP, NTP and DDNS would be handy to have on the same machine.
So, if and when SmallWall would use FreeBSD 10.1, or higher, as its base I would be interested in using it.
Rpi use to me would be pointless. I can't handle anything over 100Mbit Ethernet. And I have a 180Mbit internet connection at home. And using USB NICs... Not thnx. Just doesn't feel right.
Having it run on Sparc or MIPS (SGI O2 for example) would be cool to have, but also way too power hungry and noisy. But cool :-)
|
|
|
Post by Lee Sharp on Feb 20, 2015 15:12:48 GMT
There is a m0n0wall build with ESXi vmx3 nics, and another build with KVM Virtuo nics. You do not need FreeBSD 10 to run well in a VM.
|
|