[ previous ] [ next ] [ threads ]
 
 From:  "Quark AV - Hilton Travis" <Hilton at QuarkAV dot com>
 To:  <m0n0wall dash dev at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall-dev] Patches for Bounce
 Date:  Sat, 5 Jun 2004 16:48:48 +1000 
Hi Steven,

Yup, I was looking back over some list mail that I hadn't had a chance to
read through and saw your post.  It looks like something that Manuel has
been looking into after quite a few requests by people for this kind of
functionality.  This would be hella useful especially considering m0n0wall
contains no webcache - nor should it (IMHO).  I recommend that my clients
run a separate caching appliance (normally a dedicated Linux box) and that
they don't cache on their firewall.  Right now, I have this box, in a number
of situations, directly between the firewall (m0n0wall) and their network
proper.  This functionality would allow me to take this box out of the
direct path, and re-route all required traffic through it instead.

I can see this being used for more than web caching...  I'm mainly thinking
of redirecting all outbound :25/TCP traffic to a smtp proxy that can scan
all outbound email, and only allow access to an external :25/TCP connection
from this mail proxy.

--
 
Regards,
 
Hilton Travis                        Phone: +61-(0)7-3343-3889
Manager,                             Mobile: +61 (0)419 792 394
Quark IT                             http://www.QuarkIT.com.au/
Quark AudioVisual                    http://www.QuarkAV.net/
(Brisbane, Australia)
 
Network Administration, SmoothWall Firewalls, NOD32 AntiVirus
Non Linear Video Editing Solutions & Digital Audio Workstations
Conference and Seminar AudioVisual Production and Recording
 
 War doesn't determine who is right. War determines who is left.
 

> -----Original Message-----
> From: Steven Ball [mailto:hamster at snurkle dot net] 
> Sent: Saturday, 5 June 2004 15:25
> To: Quark IT - Hilton Travis
> Cc: m0n0wall dash dev at lists dot m0n0 dot ch
> Subject: Re: [m0n0wall-dev] Patches for Bounce
> 
> 
> I submitted it awaiting for someone else to look it over and 
> let me know if I should make any changes.  Internally, I have 
> a request for redirecting an entire IP address, but that 
> looks far more difficult, as this patch only bounces on a 
> port by port basis.
> 
> If anyone that has tried it has any feedback, let me know, 
> and I will attempt to add any requests.  I would love to see 
> this in the base monowall image, but if need be I can turn it 
> into a 'module'.
> 
> Thanks!
> 
> Steven Ball
> Snurkle Engineering
> 
> On Jun 4, 2004, at 8:50 PM, Quark IT - Hilton Travis wrote:
> 
> > Hi All,
> >
> > Has there been any more movement on this enhancement/patch?  If it 
> > works well, then it looks to be a likely candidate for inclusion in 
> > the base image
> > - as it is functionality that a lot of people are asking 
> for, and all 
> > it does is *enhance* the firewall's security.
> >
> > Hilton Travis
> > http://www.quarkit.com.au
> >
> >
> >> -----Original Message-----
> >> From: Steven Ball [mailto:hamster at snurkle dot net]
> >> Sent: Sunday, 23 May 2004 16:41
> >> To: Dinesh Nair
> >> Cc: m0n0wall dash dev at lists dot m0n0 dot ch
> >> Subject: Re: [m0n0wall-dev] Patches for Bounce
> >>
> >>
> >> Sure thing.  The patch is at
> >> http://snurkle.net/m0n0/bounce-1.0.patch
> >> Apply it in the rootfs directory with a -p1, and you 
> should be good 
> >> to go (I hope, I hadn't made up multi-file patches in a 
> long while :)
> >>
> >> Steven Ball
> >> Snurkle Engineering
> >>
> >>
> >> On May 23, 2004, at 12:05 AM, Dinesh Nair wrote:
> >>
> >>>
> >>> On Sat, 22 May 2004, Steven Ball wrote:
> >>>
> >>>> As per I posted earlier I would do, I have developed 
> some patches 
> >>>> that add support for bouncing connections.  I have 
> posted all the 
> >>>> changed files (against the beta 1.1b8) here:
> >>>> http://snurkle.net/m0n0/ (the tarball, if extracted in 
> the root of 
> >>>> the rootfs, replaces all the proper files).
> >>>
> >>> could you post this as a set of patches against the 1.1b8
> >> code base ?
> >>> it
> >>> would make it easier to see the changes you've made.
> >>>
> >>> Regards,                           /\_/\   "All dogs go 
> to heaven."
> >>> dinesh at alphaque dot com                (0 0)    
> http://www.alphaque.com/
> >>> +==========================----oOO--(_)--OOo----
> >>> ==========================+
> >>> | for a in past present future; do
> >>
> >>>    |
> >>> |   for b in clients employers associates relatives 
> neighbours pets;
> >>> do   |
> >>> |   echo "The opinions here in no way reflect the 
> opinions of my $a
> >>> $b."  |
> >>> | done; done
> >>
> >>>    |
> >>>
> >> 
> +====================================================================
> >> +=
> >>> +=
> >>> ===+
> >>>
> >>>
> >>>
> >> 
> ---------------------------------------------------------------------
> >>> To unsubscribe, e-mail: m0n0wall dash dev dash unsubscribe at lists dot m0n0 dot ch
> >>> For additional commands, e-mail: m0n0wall dash dev dash help at lists dot m0n0 dot ch
> >>>
> >>
> >>
> >> 
> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: m0n0wall dash dev dash unsubscribe at lists dot m0n0 dot ch
> >> For additional commands, e-mail: m0n0wall dash dev dash help at lists dot m0n0 dot ch
> >>
> >>
> >
> >
> > 
> ---------------------------------------------------------------------
> > To unsubscribe, e-mail: m0n0wall dash dev dash unsubscribe at lists dot m0n0 dot ch
> > For additional commands, e-mail: m0n0wall dash dev dash help at lists dot m0n0 dot ch
> >
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash dev dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash dev dash help at lists dot m0n0 dot ch
>