this shabby readme and it's mentioned files can be found at: http://www.spic.net/m0n0/ m0n0wall is a small firewall distribution based off freebsd packed with features and a very smooth web interface. while the soekris boards are one of the primary targets, manuel kasper releases flavors for other platforms as well, including 2 for the generic pc (cdrom and hard drive based). nokia makes a line of firewall products running ipso (which is itself a freebsd derivative) on what is mostly a generic x86 pc. specifically, my ip630 is a 700mhz pentium iii with 256 megs of ram. owning only 1 of these machines, i can't say how these specifications vary between revisions and models. i would love to hear what others have under their nokia ip hoods. the ip630 has a standard motherboard with built in vga, ethernet, usb, 2 serial ports, and sound. of course, none of this is externally accessible which makes the beast so much more mysterious. the motherboard does have three unique connectors along the edges, two for the redundant swappable power supply system and one for the compact pci (cpci) backplane. the cpci is where all the real action lies. there are 6 3u externally accessable cpci slots, which standardly ship with a hard drive sled and a multiport ethernet card (2-4 ports). the hard drive sled houses a standard 2.5" laptop hdd which you can safely and easily upgrade. the network cards (at least on the compactpci models) are made by znyx and are based on the dec tulip chipset. between the two columns of cpci slots is another card with the external serial port, some leds, a reset button, and a standard compact flash card in an adapter. under normal operations, the system boots and recognizes the compact flash card as the primary harddrive. the bootloader on the flash is configured to use the external serial port as a console and boots the harddrive. either the bootloader or ipso itself (it's been a while since i paid attention) ignores the ide channel with the compact flash drive and by the time you get to a prompt, the harddrive is recognized as the primary drive. getting at all these bits is easy too. unscrew the 2 outermost thumbscrews on the front panel and pull. lay the motherboard and cpci backplane on your work area and now go arounf the back, unscrew the 2 thumbscrews on one of the power supplies, and pull that out. you really only need one ps. now, nokia was kind enough to make the power supply connect directly to the motherboard chassis, so go over to your work area and mate slot a into socket b. apply a vga monitor, keyboard, and a power cable, throw the switch, and enjoy your new pc. what this all means to us is that we can go in there and run a real operating system with an actually useful firewall system without fuss. i won't get into a religious debate over what's better. if you want to run linux, you will be in for an unexpected surprise of having everything just work. when i ran debian on the nokia ip630, i used the compact flash as a boot partition and the harddrive for the root and other filesystems. i also had everything running off the compact flash for a time. the network cards work greay with the tulip drivers and just remember to ignore the ether express pro built into the motherboard. now, if you ever plan on going back to ipso, you may just want to remove the flash and drive and put them away for safe keeping. both are cheap enough these days to just get new ones to play with. if you intend on running freebsd and specifically m0n0wall, you'll encounter the biggest problem of the tulip drivers not playing nicely with the znyx cards. usually you'll boot and they will show up, but they may not always get link. while there may be a solution to fix the kernel drivers for these cards, it's easier to just compile a new kernel with the binary znyx drivers. these require a kernel rebuild with support for the tulips disabled. in the these directories you'll find a few files: M0N0WALL_GENERIC_ZNYX - 4.8 kernel configuration if_zxe.o - the binary module code used in the kernel dummynet.ko - loadable module compiled with kernel ipfw.ko - loadable module compiled with kernel kernel.gz - precompiled gzip'd kernel mfsroot.gz - mfsroot image znyx-pc-1.0.img - ready to go harddrive image readme.txt - this file The differences between this version and manuel kasper's official generic-pc image (used as a base) for 1.0 are the following: - removed dc & de drivers - added znyx's znb driver - patched sys/netgraph/ng_ppp.c (see below) - made znb0 and znb1 the default interfaces in the config the patch for ng_ppp.c was changing two instances of "proto, 1" to "proto, 0" which was done because i found a single 2 year old reference to a problem i was having between fbsd's pptp server and the pptp-linux client. the problem manifested itself in the there being a 0x2145 protocol reject error in the server side logs. the problem seems to do with freebsd compressing the protocol header and pptp-linux not knowing what to do with it. i tested briefly with windows and macosx clients and it seems to still work with them, but if you have pptp problems, blame this change first. the znyx drivers work fairly well, and in the time i've been running this setup, there have only been a few problems: - sometimes after a warm boot, some or all of the interfaces wont initialize properly. a cold boot has always fixed it, but it doesn't always happen - bridging the interfaces doesn't seem to work. this could be user error on my part, or an incompatibility with the driver. i just don't know right now - the "ps" command reports a mismatch error. the external serial console still isn't activated. it's on my todo list. in the meantime you can wither use a keyboard and monitor or do the initial configuration and assignment over the lan port. by new default, znb0 is assigned the lan port and address of 192.168.1.1 and znb1 is assigned the wan port. i think that about covers it all --francois