[ previous ] [ next ] [ threads ]
 From:  "Quark IT - Hilton Travis" <hilton at quarkit dot com dot au>
 To:  <m0n0wall dash dev at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall-dev] Ok, I'm bummed no proxy support
 Date:  Sat, 19 Jun 2004 17:59:15 +1000
Hi Travis,

The mail was far from pointless, however it would have been more suited
to the "users" mailing list than the "dev" mailing list, I think.

As far as your request goes, m0n0wall was developed (I think) with two
things in mind (and Manuel is welcome to correct me if I am wrong): a
secure firewall; a small enough base to run on embedded systems.  It
achieves both of these goals extraodinarily well, and a few more to
boot.  Having a proxy server (caching or otherwise) is not a primary
objective of m0n0wall, and I can see exactly why.

Others are working on plugins to take advantage of the plugin
infrastructure that Manuel added to m0n0wall recently.  One of those is
a proxy plugin (as Justin mentioned).  There are others, such as OpenVPN
support (which I agree should remain as a module, because of its
non-widespread use, its userland VPN status, and the fact that adding a
million things to a firewall that's designed to work on an embedded
system is shooting yourself in the foot.  It is an *excellent* candidate
for the plugin system.  As is a proxy module - which I welcome as a
plugin/module, even if its only used for auth, not caching.

As with any mailing list, looking through the archives (when they are
available, as they are with m0n0wall) is appreciated by all list
members.  It saves us answering the same question ad infinitum.  Also,
directing user-related questions to the user list will likely get a less
"short" response than directing them to the developer list.

Hope this helps settle the waters.

BTW, I think that with some of the features of MS ISA Server 2000, and
especially of MS ISA Server 2004, m0n0wall makes an ideal border/primary
firewall with MS ISA Server sitting behind it.  ISA caches quite well,
and has excellent integration with AD.  You could also run IAS on the
ISA box, providing RADIUS authentication for any PPTP VPN users you want
to connect to the m0n0wall, or for Captive Portal authentication for the
m0n0wall.  Its also a good idea to have a "security in depth" for larger
networks (and I feel also for smaller networks), and 2 different
firewalls is a part of this.


> -----Original Message-----
> From: Zadikem, Travis-taz [mailto:tzadikem at picosecond dot com] 
> Sent: Friday, 18 June 2004 15:59
> To: Justin Ellison; m0n0wall dash dev at lists dot m0n0 dot ch
> Subject: RE: [m0n0wall-dev] Ok, I'm bummed no proxy support
> Gee wiz.  I apologize that I didn't see anything in the 
> archives.  I just started looking at this list on Monday and 
> did a download that day to try some testing with.  I work 
> with engineers and developers all day long here and we don't 
> seem to have such a communication problem.
> I guess I am more used to a family type approach.  I will 
> rethink before I post anything next. 
> Sorry for the pointless mail
> Travis
> -----Original Message-----
> From: Justin Ellison [mailto:justin at techadvise dot com]
> Sent: Wednesday, June 16, 2004 3:52 PM
> To: m0n0wall dash dev at lists dot m0n0 dot ch
> Subject: Re: [m0n0wall-dev] Ok, I'm bummed no proxy support
> By all means, go back to ISA.
> God forbid you search through the archives to find that some 
> people are already working on proxy support before you 
> verbalize how "bummed" you are to a list of devs who are too 
> busy to answer pointless emails not accompanied by any 
> practical information.
> http://m0n0.ch/wall/list-dev/?action=show_msg&actionargs[]=0&a
> ctionargs[]=88
> Next time, after you have googled for awhile and searched the 
> maillist archives, you could maybe say:
> "Hi all,  I'm new to the list.  I did some research and 
> couldn't find any material regarding whether or not it was a 
> goal to have proxy support built into m0n0wall.  Does anyone 
> have any ideas?"
> Your welcome,
> Justin
> On Wed, 2004-06-16 at 16:37, Zadikem, Travis-taz wrote:
> > Ok,  I am bummed.  I just learned that you don't currently have any 
> > proxy support build in.  I have 40 users already configured to use 
> > this from an old ISA setup.
> > 
> > Travis A. Zadikem