[ previous ] [ next ] [ threads ]
 
 From:  "Mas Libman" <mas at masandwendy dot com>
 To:  "'Xavier Beaudouin'" <kiwi at oav dot net>
 Cc:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] Re: UPnP as a possible future option?
 Date:  Thu, 1 Dec 2005 01:27:43 -0800
As I posted in the past: how do I enable audio & video conferencing and file
sharing via MSN Messenger through m0n0wall w/out UPNP? No amount of static
port maps will make this work with the number of clients I have behind the
firewall. Is anyone aware of an incarnation of M0n0wall with a SOCKS proxy
perhaps? (if not perhaps I'll give it a go myself, but it'd be nice not to
duplicate efforts.)

So are you saying that M0n0wall isn't intended for use in your home (where
there are lots of "lame" sys admins)? That sounds like a shame to me -
M0n0wall was a snap to set up and get going - about as easy as any
"commercial" solution. 

-Mas

P.S. the ironic part here is that, for the most part, I agree with everyone
that UPnP is a scary technology and that you most certainly don't want any
signs of it in the corpnet scenario. I am, however, willing to live with
this risk in my home due to the high level of protection and control I have
over all of my client machines.


-----Original Message-----
From: Xavier Beaudouin [mailto:kiwi at oav dot net] 
Sent: Thursday, December 01, 2005 12:56 AM
To: Mas Libman
Cc: m0n0wall at lists dot m0n0 dot ch
Subject: Re: [m0n0wall] Re: UPnP as a possible future option?

IMHO I think UPnP is dangerous beast... Because of the way on how is made
some M$ thingies uPnP can whole open a firewall and make it useless...

uPnP has been done for lame users that don't know what firewall / nat is,
m0n0 is for people that want to rely on efficient system (same as pfsense
tooo...).

But this is my point of vue, but I dunno if m0n0 or pfSence developpers
wants to add or not this dangerous thing.... :p

/Xavier

Mas Libman wrote:
> No UPNP support in pfsense either :(
> http://forum.pfsense.org/index.php?PHPSESSID=0434dc072b1fa4a262c85f23d
> 7651eb
> 7&topic=219.0
> 
> 
> -----Original Message-----
> From: Mas Libman [mailto:mas at masandwendy dot com]
> Sent: Wednesday, November 30, 2005 8:54 PM
> To: 'Alex Neuman van der Hans'; 'Chris Buechler'
> Cc: m0n0wall at lists dot m0n0 dot ch
> Subject: RE: [m0n0wall] Re: UPnP as a possible future option?
> 
> Perhaps I'm not privy to the past conversations on UPNP where folks 
> were rude (apparently?), but this discussion (thus far ;) is far from 
> "moaning or complaining". If it were not for this thread, I would not 
> have learned about pfSense, or anything else that folks might 
> recommend to solve this issue. Or perhaps this thread is how I find 
> others that are want this feature bad enough that they too are willing to
contribute. But, contrary to Chris'
> sentiment, the general response has been "I don't want UPNP so shut up 
> and go away". That is hardly the open source spirit of which he speaks.
> 
> I'll look into pfsense this evening and report back. Thanks Alex!
> 
> /Mas
> 
> -----Original Message-----
> From: Alex Neuman van der Hans [mailto:alex at nkpanama dot com]
> Sent: Wednesday, November 30, 2005 5:23 PM
> Cc: m0n0wall at lists dot m0n0 dot ch
> Subject: Re: [m0n0wall] Re: UPnP as a possible future option?
> 
> Doesn't pfSense (based on m0n0) support uPNP?
> 
> Chris Buechler wrote:
> 
> 
>>On 11/30/05, Giobbi, Ryan <rgiobbi at agoc dot com> wrote:
>> 
>>
>>
>>>I saw the above challenge in the list archives and found two real 
>>>firewall configuration tools (both use IPTables on the backend) that 
>>>support UPnP.
>>>
>>>   
>>>
>>
>>Neither of which are real firewall packages, they're configuration 
>>interfaces for iptables.  By "real firewall package", I meant a 
>>respectable commercial offering.
>>
>>
>> 
>>
>>
>>>It's kind of sad when most $50 cheap-o home routers support UPnP, but 
>>>it isn't even offered as an *option* in m0n0, which is supposed to be 
>>>a superior solution.
>>>   
>>>
>>
>>My $10,000 Cisco PIX doesn't, and you don't hear me complaining.
>>Wait, that must mean the $50 Linksys is superior!!  *gasp*  </sarcasm>
>>
>>
>>In all seriousness, let me explain something.  Open source works when 
>>people contribute what they want to see in a project.  It *DOES NOT* 
>>work when people do nothing but bitch, moan and complain about what 
>>they want and don't do anything about it.  Want uPNP?  Make an image 
>>with support that works, and submit the code to Manuel and/or the dev 
>>list. Obviously from past threads, those of us that contribute 
>>couldn't give a shit less if uPNP is supported or not.  The other 
>>alternative is to offer up $X for whoever can implement uPNP.  If X is 
>>sufficiently large, someone will do it.  This isn't a whining 
>>competition with the winner getting whatever feature they want.
>>
>>If it doesn't make it into the base system, I would gladly host the 
>>uPNP-enabled images on my site, and link to them from the 
>>documentation, so the effort wouldn't be for naught.
>>
>>sorry, tired as hell of this and similar crap that people want to moan 
>>about but do nothing to resolve.
>>
>>-Chris
>>
>>---------------------------------------------------------------------
>>To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>>For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>>
>> 
>>
> 
> 
> 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> 

---------------------------------------------------------------------
To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch