[ previous ] [ next ] [ threads ]
 From:  "Chris Dickens" <chris at object dash zone dot net>
 To:  <daniele dot guazzoni at gcomm dot ch>, "Mono Dev List" <m0n0wall dash dev at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall-dev] Redesigning m0n0wall filter rules
 Date:  Thu, 7 Feb 2008 22:37:14 -0500
It's impossible to fix if you're using m0n0 at a datacenter level.  Each
customer is free to run their own DNS server and therefore when their
requests for DNS get sent to root, they get the external IP addresses of
other DNS servers at your datacenter.  Bingo, no connection to the other
customer's DNS server.

I can't see how anyone uses m0n0wall for this type of situation.  It's
more likely that everyone moves along and plunks down the bucks for a
different firewall product rather than whining in a mailing list like
me. :-) (It's a really good whining, let me explain)  I whine because I
believe in m0n0's wonderful ability to make something so complex easy to
set up with it's intuitive web interface.  Such a shame that this one
little tiny thing would cause so much grief to implement.  And once
there, the product can be so much more than what it is now.  SO much


-----Original Message-----
From: Daniele Guazzoni [mailto:daniele dot guazzoni at gcomm dot ch] 
Sent: Thursday, February 07, 2008 9:21 PM
To: Mono Dev List
Subject: Re: [m0n0wall-dev] Redesigning m0n0wall filter rules

Uhm, ok I see what you want to do.
Don't get me wrong, it is a useful function but it belongs in my opinion
like ICMP-redirects to the bad habits.
Actually I have the same problem but as I have an internal and an
external DNS it doesn't hurt.

Well anyway, I hope you get it fixed soon.


Chris Dickens wrote:
> Daniele:
> Here's the link to FAQ #3 in the m0n0wall FAQ which references the
> topic:
> http://doc.m0n0.ch/handbook/faq-lannat.html
> It's listed under the ToDo here:
> http://m0n0.ch/wall/todo.php 
> "allow bouncing with inbound NAT mappings (see this)"
> It's been there on the ToDo ever since about April 5, 2004:
> http://web.archive.org/web/*/http://m0n0.ch/wall/todo.php
> My bounty request to the mailing list, from the archives - 27 Oct
> http://m0n0.ch/wall/list-dev/showmsg.php?id=5/08
> Going on our 4th anniversary without a fix for that one.  And I can
> you, if something is listed on the To-Do for the same amount of time,
> wouldn't you believe that it was asked for by the "masses"?  Or that
> is a function that the software SHOULD support?
> I realize that m0n0wall is targetting the embedded domain.  Sonicwall
> doing embedded just fine with NAT port bouncing.  Sorry, I don't have
> the time to research when that one was introduced, but whilst my
> m0n0wall is blocking packets from one dedicated server trying to
> an e-mail message to another customer's dedicated server on their
> external address, Sonicwall, Cisco, and virtually every other vendor
> can name is doing just fine allowing internal clients to reach other
> internal clients via their external IP.  If I needed an embedded
> then I would consider pfSense.  m0n0wall is where I want to be, with
> functionality it should have.
> Thanks,
> --Chris

This message has been scanned for viruses and
dangerous content by MailGate, and is
believed to be clean.

To unsubscribe, e-mail: m0n0wall dash dev dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash dev dash help at lists dot m0n0 dot ch