[ previous ] [ next ] [ threads ]
 From:  "Chris Dickens" <chris at object dash zone dot net>
 To:  <daniele dot guazzoni at gcomm dot ch>, "Mono Dev List" <m0n0wall dash dev at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall-dev] Redesigning m0n0wall filter rules
 Date:  Thu, 7 Feb 2008 20:20:39 -0500

Here's the link to FAQ #3 in the m0n0wall FAQ which references the

It's listed under the ToDo here:
"allow bouncing with inbound NAT mappings (see this)"

It's been there on the ToDo ever since about April 5, 2004:

My bounty request to the mailing list, from the archives - 27 Oct 2004:

Going on our 4th anniversary without a fix for that one.  And I can tell
you, if something is listed on the To-Do for the same amount of time,
wouldn't you believe that it was asked for by the "masses"?  Or that it
is a function that the software SHOULD support?

I realize that m0n0wall is targetting the embedded domain.  Sonicwall is
doing embedded just fine with NAT port bouncing.  Sorry, I don't have
the time to research when that one was introduced, but whilst my
m0n0wall is blocking packets from one dedicated server trying to deliver
an e-mail message to another customer's dedicated server on their
external address, Sonicwall, Cisco, and virtually every other vendor you
can name is doing just fine allowing internal clients to reach other
internal clients via their external IP.  If I needed an embedded Proxy,
then I would consider pfSense.  m0n0wall is where I want to be, with
functionality it should have.


-----Original Message-----
From: Daniele Guazzoni [mailto:daniele dot guazzoni at gcomm dot ch] 
Sent: Thursday, February 07, 2008 7:41 PM
To: Mono Dev List
Subject: Re: [m0n0wall-dev] Redesigning m0n0wall filter rules


what do you mean by "NAT port bouncing" ?

Beside that, I cannot agree with the rest of your statement.
I know quite few guys running m0n0wall professionally and not only for
the captive-portal.
Ask Manuel, he can for sure give you some references.

Although I do not program for m0n0wall I can fully understand that not
every need/wish can be fulfilled.
On one hand it has been deliberately chosen not to fork between embedded
and PC, although the requirements are different.
On the other hand it is a community based development so believe me if a
feature is requested by the mass it will also probably be implemented.
Of course I'm talking about firewall features and not services like
print-server, anti-virus, proxy/cache which are not directly firewall


Chris Dickens wrote:
> I asked for NAT port bouncing years ago and m0n0wall still can't do
> that.  Heck, I offered money for someone to fix the problem - offer
> since withdrawn because there's apparently a lot of resistence in this
> crowd to making any change to Monowall.
> Lacking this ability which is available in virtually every other
> appliance I've ever seen pretty much makes it useless for a datacenter
> class firewall solution.  Thankfully I've managed to put in enough
> work-arounds that it's not causing me much trouble in my setup with
> multiple virtual servers.  You may find that if m0n0wall doesn't suite
> you as it is, Tonino, then you'd be better to move along.  From what I
> can tell, everyone here uses m0n0 for the captive portal with WiFi
> hotspots and is raking in money selling it to whoever will pay them to
> put them in.  Nobody doing anything really serious.
> I stay subscribed to the mailing list, hoping that one day someone
> find a real solution and I can be off of version 1.0.
> *Sigh* (Bracing for impact of flames coming in very soon)
> --Chris

This message has been scanned for viruses and
dangerous content by MailGate, and is
believed to be clean.

To unsubscribe, e-mail: m0n0wall dash dev dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash dev dash help at lists dot m0n0 dot ch