[ previous ] [ next ] [ threads ]
 
 From:  Rolf Kutz <kutz at netcologne dot de>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Configuracion wireless en monowall
 Date:  Wed, 24 May 2006 00:51:54 +0200
* Quoting Alex Neuman van der Hans (alex at nkpanama dot com):

> Rolf Kutz wrote:
> >* Quoting Alex Neuman van der Hans (alex at nkpanama dot com):
> >
> >  
> >>I've set up a few. Definitely your best shot would be to use m0n0 for 
> >>your firewall/routing needs, along with a bit of traffic shaping. I'd 
> >>block outgoing port 25 to prevent abuse (and let your clients know that 
> >>    
> >
> >This helps preventing abuse like castration
> >prevents rape. How shall people contact their
> >providers smtpd if 25 is blocked?
> >
> >  
> Two ways. One would be to set up an internal mailserver running 
> MailScanner (http://mailscanner.info) that works as an internal relay 
> and set up a forwarding rule just like some people do for squid caching.
> 
> The other would be to have a notice in the captive portal page that says 
> that you should use your company's (or your ISP's) webmail instead, or 
> services like mail2web.com, or use SSL (smtps), or port 587, or a VPN. 
> It *would* require having knowledgeable staff, which in some hotels 
> isn't the case.

How does using smtps or vpn reduce abuse, if I
would be sending mail over my ISPs smtpd anyway?
And pointing to webmail doesn't really help
either.  The question is whether you want to
offer _Internet_access or _web_access? Why not block
everything but Port 80? Abuse can be done with
ftp, ssh or netcat.

> This isn't as crazy as it sounds. I've set up several 
> hotels/resorts/golf clubs like this, and I've been to quite a few here 
> and all over the world that do the same thing.

A million flies can't be wrong? I really hate

they even block ssh and I can't log into my
servers. If they offer Internet they should
deliver unfiltered IP. Next thing you know is they
block you from "harmful" websites, too.

- Rolf