AW: [m0n0wall] Beta 1.2b5 Firewall/Traffic Shaper problem

From:	"S. Klapprott" <sascha dot klapprott at freenet dot de>
To:	"'Matchstick'" <matchstick at oofg dot com>, "'Manuel Kasper'" <m0n0wall at lists dot m0n0 dot ch>
Subject:	AW: [m0n0wall] Beta 1.2b5 Firewall/Traffic Shaper problem
Date:	Wed, 23 Feb 2005 01:51:29 +0100
Hi,

i have the same Problem here. If I turn on Traffic shaping, the Ports that I
have opened are ignored... :(

Greetz,

sash

-----Ursprüngliche Nachricht-----
Von: Matchstick [mailto:matchstick at oofg dot com] 
Gesendet: Mittwoch, 23. Februar 2005 01:19
An: Manuel Kasper
Betreff: [m0n0wall] Beta 1.2b5 Firewall/Traffic Shaper problem

On Tuesday, February 22, 2005, 9:16:01 PM, Manuel Kasper <mk at neon1 dot net>
wrote:

I seem to have run into a bit of a problem in 1.2b5 (and it's not being
unable to upload the image ;) )

I'm running using filtered bridging on a WRAP board and it appears
that if I turn Traffic Shaping on (irrepective of whether any rules,
queues or pipes have been set up) then the inbound firewall rules
that I've set up on the WAN interface are ignored.

EG. I have a rule blocking TCP port 137-139 inbound from any IP
address to any IP local address

With the previous 1.2b3 release or with 1.2b5 with traffic shaping off
then when I test those ports with something like www.grc.com, the
firewall rule fires and the ports are reported as Stealthed.

But in 1.2b5 with traffic shaping M0n0 seems to ignore the rule and
allows the packets straight through, so the ports are either reported
as Closed or Open depending on the exact port and situation.

Can anyone else reproduce this problem or I have missed something
really fundamental/got a knackered WRAP board ?

Paul Browning
matchstick at oofg dot com

MK> Hi folks,

MK> I've finally found the time to make a new m0n0wall beta release:
MK> 1.2b5! I'm sorry that it took so long.

MK> Before anyone asks: 1.2b4 has been skipped since I made a non-public
MK> release with that version number and don't want to cause further
MK> confusion.

MK> I'm happy to report that m0n0wall 1.2b5 is the first release to be
MK> based on FreeBSD 5.3, rather than the old (and stable) 4.x series. So
MK> far, the transition has gone much better than I expected, and even
MK> though a lot of little nasty issues have shown up again (things like
MK> the dreaded ipf/ipfw processing order issue [fixed]) or are yet to
MK> show up, I'm confident that FreeBSD 5.3 provides a good base
MK> operating system for m0n0wall in the future. Each and every binary
MK> has been recompiled and all patches (kernel, userland and 3rd party
MK> programs) have been carefully reviewed and either thrown out (as was
MK> - luckily - the case for some kernel patches) or modified to make
MK> them work with 5.3.

MK> FreeBSD 5.3 finally gives us, among other things, support for
MK> Atheros-based 11a/b/g wireless cards. I've made the necessary
MK> adjustments to the webGUI and conducted a few basic tests.

MK> I still have several contributed patches lying around, waiting to be
MK> integrated. Also, Fred Wright's ipfilter window scaling and IPsec new
MK> SA preferral patches aren't in this release yet because they may need
MK> changes for 5.3 (especially the IPsec one). Furthermore, the OpenVPN
MK> support in this release may be broken, but it'll be replaced by a
MK> reworked version (that doesn't clobber the optional interfaces
MK> configuration anymore) as soon as Peter Curran gives me the go-ahead.
MK> All of these things will probably happen in the next release - for
MK> now, I wanted to focus on moving to 5.3.

MK> Note that 32 MBs of RAM are now definitely no longer enough to run
MK> 1.2b5 (it's been marginal even with earlier versions). Also, 1.2b5 is
MK> definitely *NOT* for use in production environments (unless you call
MK> your home network a production environment too ;). I've tested each
MK> image on the corresponding platform to make sure that it at least
MK> boots, but that's about it. You've been warned.

MK> Last but not least, make sure that your browser isn't using an old
MK> version of the webGUI CSS (clear the cache if needed), as there have
MK> been some changes (most notably on the firewall rule page).

MK> Please see the m0n0wall home page for the detailed change log and the
MK> downloads:

MK> http://m0n0.ch/wall/beta.php

MK> Enjoy!

MK> - Manuel

MK> ---------------------------------------------------------------------
MK> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
MK> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch



-- 
 Matchstick
 matchstick at oofg dot com


---------------------------------------------------------------------
To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch