[ previous ] [ next ] [ threads ]
 
 From:  Daniele Guazzoni <daniele dot guazzoni at gcomm dot ch>
 To:  Mono Dev List <m0n0wall dash dev at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall-dev] Redesigning m0n0wall filter rules
 Date:  Fri, 08 Feb 2008 03:20:51 +0100
Uhm, ok I see what you want to do.
Don't get me wrong, it is a useful function but it belongs in my opinion like ICMP-redirects to the
bad habits.
Actually I have the same problem but as I have an internal and an external DNS it doesn't hurt.

Well anyway, I hope you get it fixed soon.

Daniele

Chris Dickens wrote:
> Daniele:
> 
> Here's the link to FAQ #3 in the m0n0wall FAQ which references the
> topic:
> http://doc.m0n0.ch/handbook/faq-lannat.html
> 
> It's listed under the ToDo here:
> http://m0n0.ch/wall/todo.php 
> "allow bouncing with inbound NAT mappings (see this)"
> 
> It's been there on the ToDo ever since about April 5, 2004:
> http://web.archive.org/web/*/http://m0n0.ch/wall/todo.php
> 
> My bounty request to the mailing list, from the archives - 27 Oct 2004:
> http://m0n0.ch/wall/list-dev/showmsg.php?id=5/08
> 
> Going on our 4th anniversary without a fix for that one.  And I can tell
> you, if something is listed on the To-Do for the same amount of time,
> wouldn't you believe that it was asked for by the "masses"?  Or that it
> is a function that the software SHOULD support?
> 
> I realize that m0n0wall is targetting the embedded domain.  Sonicwall is
> doing embedded just fine with NAT port bouncing.  Sorry, I don't have
> the time to research when that one was introduced, but whilst my
> m0n0wall is blocking packets from one dedicated server trying to deliver
> an e-mail message to another customer's dedicated server on their
> external address, Sonicwall, Cisco, and virtually every other vendor you
> can name is doing just fine allowing internal clients to reach other
> internal clients via their external IP.  If I needed an embedded Proxy,
> then I would consider pfSense.  m0n0wall is where I want to be, with
> functionality it should have.
> 
> Thanks,
> --Chris
> 


-- 
This message has been scanned for viruses and
dangerous content by MailGate, and is
believed to be clean.