[ previous ] [ next ] [ threads ]
 
 From:  "Chris Sandy" <sandyc at corp dot netcarrier dot com>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] Quick Question and Poll
 Date:  Tue, 20 Jan 2004 08:32:30 -0500
He's being honest and open. If you want cheap solution, m0n0 is the way
to go. Just like any other router, lets say linksys you have the same
issues. Linksys just run a linux kernel with iptables. M0n0 is pretty
much as secure as your going to get unless you willing to pay a lot for
a PIX. As you can tell from m0n0's changelog, the developer keeps up
with security and fixes unlike bigger companies where you have to wait
awhile for patches. 

Why not setup a development network and try m0n0wall, I think you will
be very happy with it.

Net4501 + m0n0wall and a 32meg flash card.

-----Original Message-----
From: [mailto:brad dot gibson at naponline dot net] 
Sent: Tuesday, January 20, 2004 8:24 AM
To: m0n0wall at lists dot m0n0 dot ch
Subject: [m0n0wall] Quick Question and Poll

A few days ago here at work, a remote T1 site was having some
performance issues. I offered up some troubleshooting suggestions and
while I was doing that, I threw out the idea of switching to m0n0wall. A
little desktop setup with Windows 2000 Server running Routing and Remote
Access with no other firewall applications is currently being used. This
box performs simple nating and routing out to the T1 line and nothing
more.

However, a co-worker replied to my suggestion of m0n0wall after looking
at m0n0wall's website. He stated that "[he'd] be leery of firewall
software who's entire security page is this:"
-----------------------------------
Although I have tried my best to make m0n0wall as secure as possible,
there is still the possibility of security holes (hell, no software
programmer can say for sure that his product is absolutely bug-free!).
The rule generator currently has to generate rules that open up the
filter a bit more than I'd like, mainly because ipfilter 3.x.x lacks the
ability of specifying placeholders for a given interface's IP address.
We'll have to wait until ipfilter 4.0 is released to get that
functionality.
You can have a look at the ipfilter ruleset that is currently active by
going to http://<m0n0wall-ip>/status.php.
If you're familiar with ipfilter, please take the time to read through
the ruleset and inform me of any possible improvements or holes (along
with a description of which settings you changed in the webGUI). Thank
you!
-----------------------------------

I have to admit, that does sound a little scary. I personally think that
Manuel just isn't giving enough credit to his work and ipFilter (that's
me though). Hell, it's probably more secure than Windows 2000 Routing
and Remote Access, especially without any additional firewall
application.

Through out my time on the mailing lists, I've gotten the impression
that numerous people run this at the work. This is why I'd like to take
a poll.

If everyone could reply and answer the following questions, I'd
appreciate it!

1. What is the name of your company? (Not needed, just curious)
2. How many servers do you have behind m0n0wall?
3. How many workstations do you have behind m0n0wall?
4. If you have a DMZ, how many servers are in it?
5. If you have a Wireless interface, how many clients do you have
connecting and do they have to VPN in or are they directly connected?
6. Do you support VPN? If so, Do you have a local user db, radius, or
pass thru to another server?
7. Do you redirect any external ports to internal devices?
8. Any additional information that will just make m0n0wall look sweet!

Again, any and all replys would be greatly appreciated!

Thanks
===================================
Brad Gibson, CCNA, MCP, Net+, A+
Network Engineer
City of Baltimore
===================================


---------------------------------------------------------------------
To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch