[ previous ] [ next ] [ threads ]
 
 From:  "Xavier Beaudouin" <kiwi at oav dot net>
 To:  "Mas Libman" <mas at masandwendy dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  RE: [m0n0wall] Re: UPnP as a possible future option?
 Date:  Thu, 1 Dec 2005 11:09:05 +0100 (CET)
> As I posted in the past: how do I enable audio & video conferencing and
> file
> sharing via MSN Messenger through m0n0wall w/out UPNP? No amount of static
> port maps will make this work with the number of clients I have behind the
> firewall. Is anyone aware of an incarnation of M0n0wall with a SOCKS proxy
> perhaps? (if not perhaps I'll give it a go myself, but it'd be nice not to
> duplicate efforts.)

Humm... It works for me(tm) without any uPnP what ever MSN Messenger
client you are using...

> So are you saying that M0n0wall isn't intended for use in your home (where
> there are lots of "lame" sys admins)? That sounds like a shame to me -
> M0n0wall was a snap to set up and get going - about as easy as any
> "commercial" solution.

I use it at home, but audio / video conferencing with msn messenger / aim
/ ichat works without upnp. Maybe this is something else on your system
that avoid you to do such work.

> -Mas
>
> P.S. the ironic part here is that, for the most part, I agree with
> everyone
> that UPnP is a scary technology and that you most certainly don't want any
> signs of it in the corpnet scenario. I am, however, willing to live with
> this risk in my home due to the high level of protection and control I
> have
> over all of my client machines.
>
>
> -----Original Message-----
> From: Xavier Beaudouin [mailto:kiwi at oav dot net]
> Sent: Thursday, December 01, 2005 12:56 AM
> To: Mas Libman
> Cc: m0n0wall at lists dot m0n0 dot ch
> Subject: Re: [m0n0wall] Re: UPnP as a possible future option?
>
> IMHO I think UPnP is dangerous beast... Because of the way on how is made
> some M$ thingies uPnP can whole open a firewall and make it useless...
>
> uPnP has been done for lame users that don't know what firewall / nat is,
> m0n0 is for people that want to rely on efficient system (same as pfsense
> tooo...).
>
> But this is my point of vue, but I dunno if m0n0 or pfSence developpers
> wants to add or not this dangerous thing.... :p
>
> /Xavier
>
> Mas Libman wrote:
>> No UPNP support in pfsense either :(
>> http://forum.pfsense.org/index.php?PHPSESSID=0434dc072b1fa4a262c85f23d
>> 7651eb
>> 7&topic=219.0
>>
>>
>> -----Original Message-----
>> From: Mas Libman [mailto:mas at masandwendy dot com]
>> Sent: Wednesday, November 30, 2005 8:54 PM
>> To: 'Alex Neuman van der Hans'; 'Chris Buechler'
>> Cc: m0n0wall at lists dot m0n0 dot ch
>> Subject: RE: [m0n0wall] Re: UPnP as a possible future option?
>>
>> Perhaps I'm not privy to the past conversations on UPNP where folks
>> were rude (apparently?), but this discussion (thus far ;) is far from
>> "moaning or complaining". If it were not for this thread, I would not
>> have learned about pfSense, or anything else that folks might
>> recommend to solve this issue. Or perhaps this thread is how I find
>> others that are want this feature bad enough that they too are willing
>> to
> contribute. But, contrary to Chris'
>> sentiment, the general response has been "I don't want UPNP so shut up
>> and go away". That is hardly the open source spirit of which he speaks.
>>
>> I'll look into pfsense this evening and report back. Thanks Alex!
>>
>> /Mas
>>
>> -----Original Message-----
>> From: Alex Neuman van der Hans [mailto:alex at nkpanama dot com]
>> Sent: Wednesday, November 30, 2005 5:23 PM
>> Cc: m0n0wall at lists dot m0n0 dot ch
>> Subject: Re: [m0n0wall] Re: UPnP as a possible future option?
>>
>> Doesn't pfSense (based on m0n0) support uPNP?
>>
>> Chris Buechler wrote:
>>
>>
>>>On 11/30/05, Giobbi, Ryan <rgiobbi at agoc dot com> wrote:
>>>
>>>
>>>
>>>>I saw the above challenge in the list archives and found two real
>>>>firewall configuration tools (both use IPTables on the backend) that
>>>>support UPnP.
>>>>
>>>>
>>>>
>>>
>>>Neither of which are real firewall packages, they're configuration
>>>interfaces for iptables.  By "real firewall package", I meant a
>>>respectable commercial offering.
>>>
>>>
>>>
>>>
>>>
>>>>It's kind of sad when most $50 cheap-o home routers support UPnP, but
>>>>it isn't even offered as an *option* in m0n0, which is supposed to be
>>>>a superior solution.
>>>>
>>>>
>>>
>>>My $10,000 Cisco PIX doesn't, and you don't hear me complaining.
>>>Wait, that must mean the $50 Linksys is superior!!  *gasp*  </sarcasm>
>>>
>>>
>>>In all seriousness, let me explain something.  Open source works when
>>>people contribute what they want to see in a project.  It *DOES NOT*
>>>work when people do nothing but bitch, moan and complain about what
>>>they want and don't do anything about it.  Want uPNP?  Make an image
>>>with support that works, and submit the code to Manuel and/or the dev
>>>list. Obviously from past threads, those of us that contribute
>>>couldn't give a shit less if uPNP is supported or not.  The other
>>>alternative is to offer up $X for whoever can implement uPNP.  If X is
>>>sufficiently large, someone will do it.  This isn't a whining
>>>competition with the winner getting whatever feature they want.
>>>
>>>If it doesn't make it into the base system, I would gladly host the
>>>uPNP-enabled images on my site, and link to them from the
>>>documentation, so the effort wouldn't be for naught.
>>>
>>>sorry, tired as hell of this and similar crap that people want to moan
>>>about but do nothing to resolve.
>>>
>>>-Chris
>>>
>>>---------------------------------------------------------------------
>>>To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>>>For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>>>
>>>
>>>
>>
>>
>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>
>


-- 
Quand on essaye continuellement, on finit par y arriver. Donc, plus ca
rate, plus on a de chance que ca marche...
(Proverbe Shadok)