[ previous ] [ next ] [ threads ]
 
 From:  jjoshua at comcast dot net
 To:  Chris Buechler <cbuechler at gmail dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] port triggering
 Date:  Thu, 04 Aug 2005 14:39:02 +0000
I was going to ask about the same feature.  I don't think that this is quite uPNP as the rule would
have to be manually configured - it could not be dynamically requested by a host.

What we need is the ability to define an outbound trigger port which would automatically NAT
predefined inbound ports to the source host.

So, for example, if host A initiates an outbound connection to port X, then inbound port Y would be
NATted to host A.

When host A closes the connection to port X, then the inbound port Y would cease to NAT back to host
A.

Then, if host B initiates an outbound connection to port X, then inbound port Y would be NATted to
host B.


> On 8/4/05, Thomas Sprinzing <thomas at sprinzing dot org> wrote:
> > 
> > is there any interest, idea, plan to implement port triggering in m0n0wall?
> > 
> 
> the technical name for such a thing is uPNP.  I've explained why it's
> worthless and dangerous on the pfsense list in the following thread,
> so I won't repeat myself here.
> http://www.mail-archive.com/support%40pfsense.com/msg00125.html
> 
> One reply:
> http://www.mail-archive.com/support%40pfsense.com/msg00127.html
> 
> One comment on that reply, I'd say it's a huge risk in any
> environment, not just corporate.  Think worms, viruses, trojans, and
> other malware that could open a port in your firewall so outside
> attackers could talk directly to whatever junk is on your machine(s).
> 
> -Chris
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>