This is the oldest section of the hacking guide. It is also the only way to fully access the filesystem of a running firewall. This is because the filesystem is on another computer that the firewall pxe boots from. Setting up a firewall for pxe boot, and setting up the tftp server is outside the scope of this document, and let to the reader.
In order to get m0n0wall to build we have to compile the kernel for m0n0wall using the kernel config file as found on http://m0n0.ch/wall/downloads. Place this config file (M0N0WALL_NET45XX) in /usr/src/sys/i386/conf. Now build the kernel:
cd /usr/src/sys/i386/conf; config M0N0WALL_NET45XX cd /usr/src/sys/compile/M0N0WALL_NET45XX; make depend all strip kernel strip --remove-section=.note --remove-section=.comment kernel gzip -9v kernel
Copy the kernel to /tftpboot:
cp kernel.gz /tftpboot
cd /usr/src/sys/compile/M0N0WALL_NET45XX; make modules
Then, move the needed modules to the modules directory in the m0n0wall root filesystem. In the pb8 version of m0n0wall the following modules are needed:
dummynet.ko ipfw.ko
These newly-built modules can be found in /usr/src/sys/compile/M0N0WALL_NET45XX/modules/usr/src/sys/modules. modules directory).
Fetch the root filesystem tar file from the m0n0wall web site to a directory, uncompress and untar. The contents of this directory will be in the root of the target system later on. In this just created directory you will be making the changes you like. As we will not not have mounted compact flash card on-line (under /cf), (you could, just put it in, but make sure it boots from the net instead of the flash) we will have to relocate the (default) config file in the root directory:
mkdir cf/conf ; cp conf.default/config.xml cf/conf
Now make a tarfile again to be put onto the to imagefile:
tar cfz ./rootfs.tgz <path to your rootfs-dir>
Now, you can create an imagefile (mfsroot) from this rootfilesystem. This imagefile has to be put into /tftpboot to be downloaded during boot.
dd if=/dev/zero of=./mfsroot.bin bs=1k count=10240 vnconfig -s labels -c vn0 ./mfsroot.bin disklabel -rw vn0 auto newfs -b 8192 -f 1024 /dev/vn0c
Now mount this file as device and copy the m0n0wall root filesystem in:
mount /dev/vn0c /mnt cd /mnt tar xfzP rootfs.tgz cd / umount /mnt vnconfig -u vn0
Now your file mfsroot.bin file is the rootfilesystem image. When this image is put into /tftpboot it will be loaded and unpacked in memory once the kernel boots.
mv mfsroot.bin /tftpboot
Another way to get the kernel.gz file without compiling is extracting it from the net45xx-pbxrxxx.bin.gz image. To do just that, uncompress the image file and mount it as device under /mnt.
The net45xx-pbxrxxx.img files have also to be uncompressed first (check with file < filename >) . Just append a .gz at the filename and gzip -d the resulting file.
gzip -d net45xx-pbxrxxx.bin.gz vnconfig -s labels -c vn0 ./net45xx-pbxrxxx.bin mount /dev/vn0a /mnt cp /mnt/kernel.gz /tftpboot umount /mnt vnconfig -u vn0
The root file system is also in the abovementioned image as the file mfsroot.gz. You can use this file to reconstruct the root file system by uncompressing and mounting it as device /dev/vx0c under /mnt.
gzip -d mvfsroot.gz vnconfig -s labels -c vn0 ./mfsroot mount /dev/vn0c /mnt cd /mnt tar cvf /tmp/mfs.tgz . umount /mnt vnconfig -u vn0 cd tar xvfzP /tmp/mfs.tgz
The bootloader has to be available in the /tftpboot directory and has to be configured to load kernel.gz and the mfsroot.bin file. To do that make the following changes to the loader and configure pxeboot: create the following files: loader.conf:
rootfs_load="YES" rootfs_name="mfsroot.bin" rootfs_type="mfs_root" autoboot_delay=1
loader.rc:
include /boot/loader.4th start
and populate the /tftpboot directory:
mkdir -m 0755 -p /tftpboot/boot/defaults cp -p /boot/loader /tftpboot/boot/ cp -p /boot/*.4th /tftpboot/boot/ cp -p /boot/defaults/loader.conf /tftpboot/boot/defaults/ cp -p loader.conf loader.rc /tftpboot/boot/ chown -R root:wheel /tftpboot
Now boot the stuff....
Remember to turn on dhcp (if needed):
/usr/local/sbin/dhcpd
Now you can test you m0n0wall system. If you edit / cange something in the root filesystem, or build a new kernel, do not forget to update your mfsroot.bin or kernel.gz file in the /tftpboot directory. Also remember that you have a virtual read-only memory filesystem, (nothing will be written back to the mfsroot.bin file on the host) and no flash, so changes in configuration will not be stored.