Howard Durdle

M0n0wall and MS Virtual Server

We recently had the need to simulate a routed environment with low bandwidth/high latency links between remote sites.  To achieve this I used m0n0wall — a free software router — running inside Microsoft Virtual Server on multiple virtual NICs.  Here’s how to get it up and running…

You will need:

Create a Virtual Machine

Using the Virtual Server interface, create a virtual machine called “router” (or some other meaningfull name).  It only needs about 64Mb of memory, and it doesn’t need a hard disk.  (Click “Attach a virtual hard disk later”).  Attach the first virtual network adapter to the Internal Network for now.  We’ll add more NICs and change the network configuration later.

Once the VM is created, you’ll have a “router” folder under your Virtual Server default path.  Copy the cdrom.iso you downloaded earlier to this directory.

In the Virtual Disks menu click Create->Virtual Floppy Disk.  Select the location of your router folder in the drop down, and give it a sensible name.  RouterFloppy.vfd would be fine.

You’ve now got all the files you need created:Files in your router folder

Now go into the config for your router’s VM.  Virtual Machines->Configure->Router.

Select the CD/DVD drive.  Hit the known image files drop down and select the cdrom.iso you downloaded and copied across.  Click OK.

Select the cdrom iso

Now select the Floppy drive. Again, hit the known floppy disks drop down and select the floppy you created earlier.  Click OK.

Select the floppy image

Now add two more NICs.  I add two because m0n0wall always expects the second NIC to be used for sharing a WAN connection (broadband internet) and it’s easier to ignore this interface and route between the LAN and OPT interfaces.  (This will make sense once you see the web interface.)

You should now have a 64Mb virtual machine with three NICs, a CDROM attached to the ISO and a floppy attached to our routerfloppy.

Virtual Router Setup

Starting the Router

Starting the router for the first time is a bit fiddly as the VM will attempt to boot off a non-existent hard disk — failing to use the CDROM.  When this happens you’ll see:

Non-System disk or disk error

To get round this you’ll need to turn off the virtual machine and then as soon as you’ve turned it on, hit DEL to get into the BIOS:

BIOS

Once in the BIOS, select the Boot menu, and then Boot Device Priority.  Change the 1st Boot Device to CDROM, then hit F10 to Save and Exit.

The Virtual Machine will restart, and start loading m0n0wall from the CDROM.  The floppy is there to save our router configuration.

After a bit of virtual thrashing about, the router will present it’s default startup screen:

m0n0wall defaults

(The “microuptime went backwards” seems to be an artifact of running in the virtual environment.  It doesn’t affect the running of the router.)

You’ll need to configure which router interfaces are connected to which physical (or in our case, virtual) NICs.  Hit 1, and follow the instructions — I usually say “no” to VLANs, and then assign de0 to LAN, de1 to WAN and de2 to OPT.  Allow the router to reboot once configured.

Now set the IP and subnet of the LAN interface — this will be your management IP.  Press 2.

In this example we’ll set it to 192.168.0.2 in a /24 with no DHCP:

m0n0wall IP and subnet

That microuptime() thing gets really annoying.  Thankfull that’s the last time we’ll need to look at the console for a while.

The Web Interface

Remember that when we created it we put the router’s NICs on Virtual Server’s “Internal Network”.  If you have a virtual OS (Windows, Linux, whatever) running on your Internal Network you can connect to the router from that.  If not, you’ll need to move at least the LAN IP onto another network.

For our purposes I’m connecting it to my external network card — this way my real machine will be able to access the virtual router’s management interface.  Go into the configuration for the virtual machine, then select the Network Adapters link:

Change Virtual NIC

Once that’s done, you’ll be able to connect to http://192.168.0.2/ from your real machine.  Try it.  Your username is “admin” and the password is “mono”.

We used m0n0wall to route between three different sites using its traffic shaping features to simulate lossy and high latency links.  I may go into the details of how to set that up, although the manuals on their site are pretty clear.

m0n0wall combined with Virtual Server mean you can do some pretty smart infrastructure simulation.  I’ve successfully routed between virtual machines across multiple host machines and real machines on the same networks.  Neat.