[ previous ] [ next ] [ threads ]
 
 From:  "Mas Libman" <mas at masandwendy dot com>
 To:  "'Xavier Beaudouin'" <kiwi at oav dot net>
 Cc:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] Re: UPnP as a possible future option?
 Date:  Thu, 1 Dec 2005 22:59:13 -0800
It is when both parties are behind NAT that UPNP becomes necessary, and
that's the problem I have. Without UPNP, file transfers go extremely slow
(10kb/s instead of 70kb/s+), video is choppy (if at all) and audio just
doesn't work. That's while both parties are on broadband (8mb/768kb)
connections.

If I switch monowall out for my old wireless G router w/ NAT & UPNP,
suddenly all these things work. According to the MSN folks, I need UPNP or a
SOCKS proxy to fix this. (The wireless router has crappy perf otherwise, and
I want to take advantage of the QoS capabilities in M0n0wall.)

Believe me, I'd be happy living w/out UPnP, but so far the solutions are
limited :(

I'm also looking into getting a SOCKS 4\5 module into a custom m0n0wall
image .. we'll see how much I can break ;)

Cheers,
/Mas

-----Original Message-----
From: Xavier Beaudouin [mailto:kiwi at oav dot net] 
Sent: Thursday, December 01, 2005 2:09 AM
To: Mas Libman
Cc: m0n0wall at lists dot m0n0 dot ch
Subject: RE: [m0n0wall] Re: UPnP as a possible future option?


> As I posted in the past: how do I enable audio & video conferencing 
> and file sharing via MSN Messenger through m0n0wall w/out UPNP? No 
> amount of static port maps will make this work with the number of 
> clients I have behind the firewall. Is anyone aware of an incarnation 
> of M0n0wall with a SOCKS proxy perhaps? (if not perhaps I'll give it a 
> go myself, but it'd be nice not to duplicate efforts.)

Humm... It works for me(tm) without any uPnP what ever MSN Messenger client
you are using...

> So are you saying that M0n0wall isn't intended for use in your home 
> (where there are lots of "lame" sys admins)? That sounds like a shame 
> to me - M0n0wall was a snap to set up and get going - about as easy as 
> any "commercial" solution.

I use it at home, but audio / video conferencing with msn messenger / aim /
ichat works without upnp. Maybe this is something else on your system that
avoid you to do such work.

> -Mas
>
> P.S. the ironic part here is that, for the most part, I agree with 
> everyone that UPnP is a scary technology and that you most certainly 
> don't want any signs of it in the corpnet scenario. I am, however, 
> willing to live with this risk in my home due to the high level of 
> protection and control I have over all of my client machines.
>
>
> -----Original Message-----
> From: Xavier Beaudouin [mailto:kiwi at oav dot net]
> Sent: Thursday, December 01, 2005 12:56 AM
> To: Mas Libman
> Cc: m0n0wall at lists dot m0n0 dot ch
> Subject: Re: [m0n0wall] Re: UPnP as a possible future option?
>
> IMHO I think UPnP is dangerous beast... Because of the way on how is 
> made some M$ thingies uPnP can whole open a firewall and make it
useless...
>
> uPnP has been done for lame users that don't know what firewall / nat 
> is, m0n0 is for people that want to rely on efficient system (same as 
> pfsense tooo...).
>
> But this is my point of vue, but I dunno if m0n0 or pfSence 
> developpers wants to add or not this dangerous thing.... :p
>
> /Xavier
>
> Mas Libman wrote:
>> No UPNP support in pfsense either :(
>> http://forum.pfsense.org/index.php?PHPSESSID=0434dc072b1fa4a262c85f23
>> d
>> 7651eb
>> 7&topic=219.0
>>
>>
>> -----Original Message-----
>> From: Mas Libman [mailto:mas at masandwendy dot com]
>> Sent: Wednesday, November 30, 2005 8:54 PM
>> To: 'Alex Neuman van der Hans'; 'Chris Buechler'
>> Cc: m0n0wall at lists dot m0n0 dot ch
>> Subject: RE: [m0n0wall] Re: UPnP as a possible future option?
>>
>> Perhaps I'm not privy to the past conversations on UPNP where folks 
>> were rude (apparently?), but this discussion (thus far ;) is far from 
>> "moaning or complaining". If it were not for this thread, I would not 
>> have learned about pfSense, or anything else that folks might 
>> recommend to solve this issue. Or perhaps this thread is how I find 
>> others that are want this feature bad enough that they too are 
>> willing to
> contribute. But, contrary to Chris'
>> sentiment, the general response has been "I don't want UPNP so shut 
>> up and go away". That is hardly the open source spirit of which he
speaks.
>>
>> I'll look into pfsense this evening and report back. Thanks Alex!
>>
>> /Mas
>>
>> -----Original Message-----
>> From: Alex Neuman van der Hans [mailto:alex at nkpanama dot com]
>> Sent: Wednesday, November 30, 2005 5:23 PM
>> Cc: m0n0wall at lists dot m0n0 dot ch
>> Subject: Re: [m0n0wall] Re: UPnP as a possible future option?
>>
>> Doesn't pfSense (based on m0n0) support uPNP?
>>
>> Chris Buechler wrote:
>>
>>
>>>On 11/30/05, Giobbi, Ryan <rgiobbi at agoc dot com> wrote:
>>>
>>>
>>>
>>>>I saw the above challenge in the list archives and found two real 
>>>>firewall configuration tools (both use IPTables on the backend) that 
>>>>support UPnP.
>>>>
>>>>
>>>>
>>>
>>>Neither of which are real firewall packages, they're configuration 
>>>interfaces for iptables.  By "real firewall package", I meant a 
>>>respectable commercial offering.
>>>
>>>
>>>
>>>
>>>
>>>>It's kind of sad when most $50 cheap-o home routers support UPnP, 
>>>>but it isn't even offered as an *option* in m0n0, which is supposed 
>>>>to be a superior solution.
>>>>
>>>>
>>>
>>>My $10,000 Cisco PIX doesn't, and you don't hear me complaining.
>>>Wait, that must mean the $50 Linksys is superior!!  *gasp*  
>>></sarcasm>
>>>
>>>
>>>In all seriousness, let me explain something.  Open source works when 
>>>people contribute what they want to see in a project.  It *DOES NOT* 
>>>work when people do nothing but bitch, moan and complain about what 
>>>they want and don't do anything about it.  Want uPNP?  Make an image 
>>>with support that works, and submit the code to Manuel and/or the dev 
>>>list. Obviously from past threads, those of us that contribute 
>>>couldn't give a shit less if uPNP is supported or not.  The other 
>>>alternative is to offer up $X for whoever can implement uPNP.  If X 
>>>is sufficiently large, someone will do it.  This isn't a whining 
>>>competition with the winner getting whatever feature they want.
>>>
>>>If it doesn't make it into the base system, I would gladly host the 
>>>uPNP-enabled images on my site, and link to them from the 
>>>documentation, so the effort wouldn't be for naught.
>>>
>>>sorry, tired as hell of this and similar crap that people want to 
>>>moan about but do nothing to resolve.
>>>
>>>-Chris
>>>
>>>---------------------------------------------------------------------
>>>To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>>>For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>>>
>>>
>>>
>>
>>
>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>
>


--
Quand on essaye continuellement, on finit par y arriver. Donc, plus ca rate,
plus on a de chance que ca marche...
(Proverbe Shadok)


---------------------------------------------------------------------
To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch