[ previous ] [ next ] [ threads ]
 
 From:  "Quark AV - Hilton Travis" <Hilton at QuarkAV dot com>
 To:  <m0n0wall dash dev at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall-dev] Re: [m0n0wall] Automagically generated hostnames
 Date:  Wed, 9 Jun 2004 09:31:49 +1000
Its poor form replying to your own post, I know...

> -----Original Message-----
> From: Quark AV - Hilton Travis [mailto:Hilton at QuarkAV dot com] 
> Sent: Wednesday, 9 June 2004 09:07
> 
> Hi Justin,
> 
> > -----Original Message-----
> > From: Justin Ellison [mailto:justin at techadvise dot com]
> > Sent: Wednesday, 9 June 2004 06:50
> > 
> > On Tue, 2004-06-08 at 15:17, Thomas Hertz wrote:
> > > Also, something useful when speaking of DHCP would also 
> > > be a "hostname" field for the static DHCP mappings, 
> > > that would also be added to /etc/hosts (and maybe even 
> > > passed on to the client!).

I can see the benefit from this, and also other fields in an "Advanced DHCP"
tab.

> > Looking at http://thekelleys.org.uk/dnsmasq/doc.html, it 
> > looks like a lot of work has been done on dnsmasq as of 
> > late.  The current version on m0n0 is 1.18, the 
> > distribution is at 2.8 now.  Of note:
> > 
> > Dnsmasq version 2 now offers an integrated DHCP server 
> > instead of the lease file reader. This gives better 
> > control of the interaction with new functions (for 
> > example fixed IP leasess and attaching names to ethernet 
> > addresses centrally) it's also much smaller than 
> > dnsmasq and ISC dhcpd which is important for router 
> > distros.

Aahhh, m0n0wall is a firewall distro, not a router distro.

> > By updating dnsmasq, ISC DHCPd could be altogether 
> > eliminated, and dhcp and dns would be automagically 
> > integrated.
> > 
> > The only drawback I see is that there is no dhcp relay in 
> > dnsmasq, but I'm guessing that could be compiled from ISC 
> > source down the road.
> > 
> > I'm chalk full of things to do with m0n0, finish the 
> > magic shaper, get x.509 certs with ipsec, and setting up 
> > dhcp relay.  Does anyone with some time and desire feel 
> > like tinkering?
> 
> Speaking of "magic shaper", did you have a read of my 
> recent "Traffic Shaper" post and have any thoughts on the 
> points mentioned therein?
> 
> As Manuel mentioned, dnsmasq had some drawbacks, hence why 
> it isn't used in here - and if it was used in m0n0wall, 
> you'd then need a second package for "dhcp relay" - meaning 
> that ISC DHCPD would need to stay anyway, or at least be 
> replaced by another package.
> 
> As for x.509 certs, I think this would be a great feature 
> for m0n0wall - a certificate generation interface would 
> also be really nice, but at least the ability to utilise 
> externally generated certs would be a start.

Another thing that would be great is to be able to point the VPN
authentication to a different authentication server, so that server could
maintain the list of valid users.  An example of this would be having an
internal Windows 2003 Server or Windows 2003 SBS box with Microsoft's IAS
installed, and then having the m0n0wall VPN use that RADIUS server for
authentication - this would allow users to keep the authentication on one
server, needing only one place that has authentication data, and making the
"single sign on" holy grail a little easier to achieve.  You could replace
IAS with a Novell, Linux or BSD RADIUS server, of course.  This was just an
example based on our main client base - Windows/SBS servers, WinXP desktops,
and a bloody decent firewall.  :)

--
 
Regards,
 
Hilton Travis                        Phone: +61-(0)7-3343-3889
Manager,                             Mobile: +61 (0)419 792 394
Quark IT                             http://www.QuarkIT.com.au/
Quark AudioVisual                    http://www.QuarkAV.net/
(Brisbane, Australia)
 
 Network Administration, SmoothWall Firewalls, NOD32 AntiVirus
Non Linear Video Editing Solutions & Digital Audio Workstations
  Conference and Seminar AudioVisual Production and Recording
 
War doesn't determine who is right. War determines who is left.