|
||||||||
I have been testing the 1.21 version of m0n0wall. I like it, but I have two problems which keep me from using it in a production environment. First, my m0n0wall is setup with the WAN and OPT1 bridged and I have set the advanced setting to enable the bridge. 1) Outgoing FTP is blocked because the creation of DATA TCP ports is denied. I have an iptable implementation which allows for stateful creation of TCP ports as needed for FTP. I have heard a lot of discussions about not allowing FTP at all, but the reality is that my customers demand it. So I am stuck. Is there any ruleset hack or plans in the future to add stateful creation of TCP ports. 2) We use the Cisco VPN client 4.6.x to reach inside some of our clients networks. It seems that some of the UDP port activity is blocked. I see the login screen and then it hangs. I have sene some discussion about the Cisco VPN client 4.7.x fixing the problem. Most of my clients have not renewed their Cisco support contracts so they are not getting updated client software. Is there any way to modify the ruleset to make this work? Thanks, Jeffrey Monroe --------------------------------------------------------------------- Jeffrey, If you are talking about the FTP server being on the Option1 interface and FTP clients on the LAN interface, you need to create a "pass" rule to allow TCP port 20 to pass from the FTP server's IP address to the LAN subnet (or some variation of that). As for your second question, I try my hardest to stay away from anything that has the Cisco name on it. :o) Roy... |