[ previous ] [ next ] [ threads ]
 From:  "Chris Buechler" <cbuechler at gmail dot com>
 Cc:  "Mono Dev List" <m0n0wall dash dev at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall-dev] Redesigning m0n0wall filter rules
 Date:  Fri, 8 Feb 2008 01:03:47 -0500
On Feb 7, 2008 10:37 PM, Chris Dickens <chris at object dash zone dot net> wrote:
> It's impossible to fix if you're using m0n0 at a datacenter level.

m0n0wall is used in a ton of data centers, I have it in multiple ones
myself. You don't NAT in a hosted environment like that. Any serious
hosting environment should never NAT customers, whether or not your
firewall supports NAT reflection. Nor should you have multiple
customers' servers on the same subnet where you can't control traffic
between customers. To do things right, each customer needs a routed
public IP subnet even if it's just a /30.

You can still work around it if you force customers to use your DNS servers.

This isn't an easy problem to properly solve. If you want it so badly,
you need to either up your bounty until somebody is interested,
implement it yourself, or stop griping because nobody here wants or
deserves to hear it. It's certainly not going to motivate anyone to do
this, more likely the opposite.