I have been testing the 1.21 version of m0n0wall. I like it, but I have two problems which keep me
from using it in a production environment.
First, my m0n0wall is setup with the WAN and OPT1 bridged and I have set the advanced setting to
enable the bridge.
1) Outgoing FTP is blocked because the creation of DATA TCP ports is denied. I have an iptable
implementation which allows for stateful creation of TCP ports as needed for FTP. I have heard a lot
of discussions about not allowing FTP at all, but the reality is that my customers demand it. So I
am stuck. Is there any ruleset hack or plans in the future to add stateful creation of TCP ports.
2) We use the Cisco VPN client 4.6.x to reach inside some of our clients networks. It seems that
some of the UDP port activity is blocked. I see the login screen and then it hangs. I have sene some
discussion about the Cisco VPN client 4.7.x fixing the problem. Most of my clients have not renewed
their Cisco support contracts so they are not getting updated client software. Is there any way to
modify the ruleset to make this work?