[ previous ] [ next ] [ threads ]
 From:  "Stephan A. Rickauer" <stephan at rickauer dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] *Really" strange WAN pinhole behaviour
 Date:  Mon, 9 May 2005 17:30:16 +0200
> So you think for the typical installation you should have to *enable*
> outbound NAT?  When 99.99% of m0n0wall installs use it?  No, you
> destroy usability when you don't enable something by default that
> 99.99% of your user base needs.  m0n0wall isn't a router, it's a
> firewall, and hence should NAT by default given the needs of the user
> base.  The commercial products it compares to enable NAT by default.

I think the problem here is not whether NAT is turned on or off by default. 
That is a strategical decision (that has already been done, obviously). The 
disturbing fact is, that the user interface does not imply NAT is switched on 
by default. Furthermore, a user needs to enable 'advanced NAT' (a term that 
can be discussed) in order to be able to turn NAT off. Sorry, but I can't 
find that very logical ...

> > Again, I think m0nowall is a cool project, so take this as a constructive
> > input, please.
> So taken, but when you're doing something that's completely out of the
> ordinary with a given package, you'll find that the default settings
> won't meet your needs - 

Sure, but that's fine - as long as the GUI represents that.

> in general, if they did, they wouldn't meet 
> the needs of the vast majority of the users.

Absolutely, but as I say: A (good) GUI should show what is enabled and what 
not. It should not hide things that are enabled... 

Well, just my personal opinion.

Stephan A. Rickauer