[ previous ] [ next ] [ threads ]
 
 From:  Jim Thompson <jim at netgate dot com>
 To:  Peter Allgeyer <allgeyer at web dot de>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Status report and outlook
 Date:  Mon, 2 May 2005 08:14:01 -1000
On May 2, 2005, at 7:48 AM, Peter Allgeyer wrote:

> Hi Jim,
>
> you might be right, but m0n0 has none of the described features yet and
> probably won't have them in future. IMHO any AP does it better then 
> m0n0
> ever could do it.

You are perhaps unaware of the large majority of "enterprise class" APs 
that run linux, or the recent work
in -current on the 802.11 stack and drivers.

The features I wrote about aren't difficult to write.  -current already 
has a wireless-aware DHCP client, (knows
about events at the 802.11 layer), so that signaling path is there, as 
well as a potential ability for hostapd to
drive the same firewall rules in and out of the kernel upon 
association/authentication.

> Authentication via EAP or 802.x is a job for RADIUS not the firewall.

Indeed.  I was speaking of being able to leverage same for some 
additional network protection.   "Did you get
on the network via WPA?  Great... let us pop you into the appropriate 
VLAN and poke a tiny hole in the firewall."

BTW, its EAP (methods).  802.1x doesn't provide any AAA mechanisms 
per-se.  Its a protocol over which one or
more EAP methods can run.  (Not all  of these are appropriate for 
wireless.)


> Maybe there is a way to share the authentication data
> between both to have dynamic filter rules other than captive portal.

I'm sure there are many 'other ways', but none are as clean, reliable 
and straight-forward
as integrating both functions on the same device.

>
> Am Montag, den 02.05.2005, 07:21 -1000 schrieb Jim Thompson:
>> Manuel's reasoning for the move back to 4.11 for the mono-1.2 series 
>> is
>> just.  I, for one, will continue to forge ahead with 5.4 and 6.0.
>
> Manuels reason is just "what"? There are a lot of reasons for it.

"just" as in "fair".

> Among it performance problems with 5.3. I'm not really sure, if 5.4 or 
> even
> 6.0 is the right way for the future, but this is another story.

I have no idea if Manuel will eventually move to 5.4, 6.0 or anything 
else.  I would think,
if nothing else, technologies like CARP would either need to be 
backported to 4.11 or
picked up as m0n0 moves forward along the freebsd release train.

But thats all up to Manuel.

Jim