M0n0wall on IBM NetVista N2800 8364 Thin Client
Of course, this information is valid for any other OS too.
In one of the almost daily broadband router threads on the SA forums, M0n0wall was of course recommended over a built-from-the-cheapest-components consumer router. Not very surprising, because, well, M0n0 is the best as far as I'm concerned. However, I was still using a cheap router appliance because an old pc is failure prone, costs significantly more power, and is noisy as well. Of course, a Soekris or WRAP board could be a solution, but those are expensive and not very powerful.
What was interesting about this thread was that someone mentioned, in passing, that he had installed M0n0 on an IBM Netvista 8364 thin client. A thin client is meant to be used to connect to a terminal server, such as Citrix, and allow employees to work from there. Kinda like a revival of the old mainframe/terminal architecture. As far as I know, the thin client principle never really took off; that's why they're dirt cheap: mine cost 20 euros on eBay. It's perfect as a firewall box: it's small and doesn't need a hard disk. The only con is that it still has two fans, but those aren't very noisy, and worth the price and power. Note that the total cost was a bit higher: 14 euros for shipping, and another 12 for a 128MB Compact Flash card (smallest I could get).
- Intel Pentium-MMX 233 CPU (266MHz for some Ethernet models)
- 64 MB SDRAM (I upgraded mine to 96 MB)
- Built in token ring or Ethernet
- Two PCI slots
- IDE header
- Compact Flash header
After digging the unit out of a box full of shredded German newspapers, I was greeted by the PlayStation 2 like box with a typical (and in my opinion) beautiful and sturdy IBM design. I'm a sucker for IBM's design; it may be the complete opposite of Apple, but they both design with class and quality in mind. To open the NetVista, pull up the tab at the bottom rear, and pull backwards. The unit's innards will slide out. Trivia fact: I cut open my finger on the metal plate around the audio connectors. Nice!
Time for a first boot: first I checked the switch at the bottom of the case to verify the PSU was set to 220V. Plugged in power, and flipped the switch on the back. This switch starts the unit; the white button on the front can be used to set it to standby or reboot it. In standby mode network cards are still powered, and the PSU fan keeps spinning.
With the default settings, mine tried to boot from a network server but complained it couldn't get a Token Ring address (it has built-in TR). To solve this, you have to disable the built-in NIC.
Holding F1 to access the BIOS while booting didn't work, it asked for a password (in German, the BIOS text is unfortunately localized). To get past this, turn the unit off, bridge the 'pwd' jumper near the standby switch, turn the unit on for 20 seconds, and turn it off again. Then wait another 20 seconds. (thanks, guys at Free Geek Michiana).
In the BIOS, I disabled all onboard peripherals (including the aforementioned Token Ring NIC), and set the boot order to CompactFlash only. I turned on everything that could give a speed boost, such as faster storage device reading, CPU caching etc, which all gave no problems. There seem to be mayor differences between the BIOSes of different 8364 types. Mine, the 8364-S20, doesn't have the Workstation on Demand BIOS and doesn't seem to work with the IBM thin client tools. The settings in general should be similar though. UPDATE: To get an Ethernet model to boot a standard PC OS you have to switch from the "Network Station Manager" BIOS to the "Workstation on demand" BIOS, which acts like a standard PC BIOS. This can be done from the BIOS setup screen.
As my built-in NIC wasn't useful I used two Intel 10/100 cards for connectivity. The Ethernet model's onboard NIC works perfectly fine with M0n0wall, it's an Intel PRO/100 card too. I also replaced the standard Pentium-style heatsink/fan with a stock Athlon XP one and left the fan off. It runs perfectly stable passively cooled in this manner. It seems the 266MHz models already come with only a (small) heatsink installed.
Software would be nice too
I chose to put the software on a Compact Flash card instead of a harddisk because that's less noisy, consumes less power, and will last longer. M0n0wall isn't designed to be used that way without reason! Another good reason to use CF memory with the NetVista is you'd need (to make) a special cable to power a hard disk from a 2x2 pin socket on the logic board, and to mount it you'll need special brackets*. M0n0wall only takes about 6MB of space, but the smallest CF card I could find was 128 MB.
To install M0n0 I just downloaded the most recent Generic PC image, and wrote it to the CF card with PhysDiskWrite (get it from the M0n0wall site, the guide mentions it). I used a USB card reader to write the image, but a CF-IDE adapter will also work of course. When using Physdiskwrite, run it without the target media inserted and take a look at what drives it detects. Then press CTRL+C to exit the program. Insert the target media and run the program again. This way you can make sure you write to the correct disk: it wasn't in the list the last time.
After sticking the CF card in the Netvista's built-in slot, I booted it again. M0n0 started without any problems. I assigned the two network cards to WAN and LAN and set the LAN IP address. Reboot, went through the web interface setup, and done.
Tip: If you set your M0n0wall to use HTTPS for the web interface and then add a firewall rule which allows incoming traffic on the HTTPS port with the WAN address as destination (this is literally selectable from the "destination" listbox), you can access the web interface from over the internet. You can use this to turn on computers with the wake-on-lan feature remotely, which is great for remote desktopping/VNC.
Memory usage stays around 20-25%. CPU usage is very low, when maxing out my 10MBit ADSL line with a Usenet download, it never went past 15%. Of course, more simulaneous connections (such as extremely heavy torrenting) or VPN networks will increase the load, but this small black box is faster than most embedded systems, not to mention consumer routers. I've never seen mine break a sweat.
* My buddy's print/webserver is also one of these Netvista boxes and I used a 3.5" harddrive in that by splicing a molex connector to some old cd-rom to soundcard cables I removed the plastic connector from. For mounting I rested it on a piece of cardboard. It works, but is rather nasty and the unit can't be used vertically anymore.
- I don't get the option to boot from a CF card or harddisk.
- Switch the BIOS to "Workstation on Demand" mode, which can be done from the currently active BIOS' config menu.
- I get garbled text!
- This way too often appearing problem seems to have to do with the PCI bus on Ethernet models. Try enabling the built-in network card, and remove one of or put in another slot the extra card(s). Try playing with PCI related BIOS settings too. Note that people have managed to run the machine with three network interfaces, so this problem might be a model, setting or card specific problem.
- Can I update the Netvista's BIOS?
- In principle, yes. See this page. However, I've never gotten it to work, I think only a built-in Ethernet port will netboot the image. Backing up the BIOS to CF didn't work for me either. Again, chances are that only works with the Ethernet models.
- Can I add a wireless card and use M0n0wall as an access point?
- Yes, but M0n0 only supports a few wireless chipsets and is limited to 11Mbps speed. It's advised to hook an external access point (or router in AP mode) up to a switch (easiest) or an extra network card. This should still be more stable than a standard consumer router/switch/AP combo as the access point doesn't have to keep a routing table (however, crappy access points do exist, of course).
Update: since the more recent beta versions, M0n0wall does support wireless G. The new version is supposed to be more resource hungry but I doubt a Netvista will have trouble running it. I am not sure it supports USB wireless adapters. The FreeBSD core it's built on does, but I can't find any hard verdict.