[ previous ] [ next ] [ threads ]
 
 From:  "Quark IT - Hilton Travis" <Hilton at quarkit dot com dot au>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] 2nd management login
 Date:  Thu, 15 Jun 2006 15:05:41 +1000
Hi Dave,

> -----Original Message-----
> From: David Kitchens [mailto:spider at webweaver dot com]
> Sent: Thursday, 15 June 2006 5:56 AM
> 
> > question 2 - much more technical.
> > is there or will there ever be uPnP support - like in
> > smoothwall and the previously mentioned $$$$ systems (ie.
> > 192.168.xx IP will still work behind  m0n0 if it has a
> > default GW even if the LAN of m0n0 is 10.71.x.x - can m0n0
> > inject its MAC address to unanswered GW ARP requests?)
> 
> Doubtful in this lifetime, uPnP has been discussed many times 
> on this list and is generally considered evil.

UPnP is about as evil as you can get.  Take Celene Dion, breed her with
any of the members of Lordi, add some Dr Peppers and leave the result in
the Big Brother house for the next year.  Take the resultant creature
and put it on American Idol.  Now, look at *anyone* who's voting to keep
that creature in American Idol.  UPnP is even more evil than that.

Any security company or device that supports UPnP is a complete and
utter joke.  UPnP is a massive vulnerability waiting to happen.  I'm
still surprised to this day that it hasn't been exploited due to its
inherent and mind numbingly stupid weaknesses.

> > question 3
> > Will the the m0n0wall route traffic to public IPs behind the
> > server...
> > for example  let say I have an public subnet of 10.0.0.2 -
> > 10.0.0.24 (lets assume this is a public routable subnet)and I
> > want to have the ability of users behind m0n0 (10.0.0.2) that
> > may perhaps need a public IP, if I give them a public IP of
> > 10.0.0.4 with the default GW of
> > 10.0.0.1 (ISP device) and the public subnet mask, will m0n0
> > auto route traffic to them??  Is this possible, If so, how do
> > I make these routables work??
> 
> That depends on how you set it up, you can bridge an opt 
> interface to the WAN and put static machines there, or use 
> NAT and proxy arp to let a LAN machine answer to a live IP.
> 
> Dave 

Totally - configure things properly and it works a treat.

--

Regards,

Hilton Travis                          Phone: +61 (0)7 3344 3889
(Brisbane, Australia)                  Phone: +61 (0)419 792 394
Manager, Quark IT                      http://www.quarkit.com.au
         Quark AudioVisual             http://www.quarkav.net

http://www.threatcode.com/ <-- its now time to shame poor coders 
into writing code that is acceptable for use on today's networks

War doesn't determine who is right.  War determines who is left.

This document and any attachments are for the intended recipient 
  only.  It may contain confidential, privileged or copyright 
     material which must not be disclosed or distributed.

                    Quark Group Pty. Ltd.
      T/A Quark Automation, Quark AudioVisual, Quark IT