From: "Bob Young" <bob at lavamail dot net>
> I see you are a WISP provider also. I have done some WiFi in hotels. But
> I'm just starting a WISP operation. Learning Monowall is the last hurdle
> before I start handing out my WISP door hangers.
I use m0n0 in my hotels, and my WISP properties. Same things, and same
problems with only authentication and billing being different.
> I'm working on learning the firewall now and getting to where I feel ok
> about it. After that I will work on learning the traffic shaper. I hope
> get through the traffic shaper this week.
I only have traffic shaping enabled in 2 locations right now. Generally, it
just isn't a problem.
> Gee, I hope I don't get a lot of people looking at porn. In my Terms of
> Service, I have spelled out that I don't want my WISP system used for
> porn.p2p also. I'll use the info you mentioned to see who the BW hogs
> If they use too much BW, I'll lower their speed, in the Traffic Shaper
> hoping to get that figured out this week).
Keep in mind that BattleNet (World of Warcraft) uses P2P for all patches and
updates. Most linux distributions are torrents. And porn is a major part
of the internet. Your TOS may be ignored, or drive people away. For
example, I would not be your customer. (Assuming I actually read the TOS)
> From what I see of Monowall, I think it will be a real good device to use
> a WISP system.
It is the best thing I have seen. And it has replaced many "commercial"
WISPr solutions for me.
> Do you also agree that I should block only certain bad data, but allow the
> rest?...at least for a WISP site? I assume that is the way you do it for
> your WISP network?
Generally, I block almost nothing. Occasionally, I will block specific
problems, or infected users. But as a rule, I let the users use what they
want, after they click [I Agree] on the CP page. And that CP page includes
links to free.grisoft.com, and
that are allowed outbound without authentication.
In house, however, I am a lot more secure. I have a default allow rule that
logs everything. I turn it off most of the time, and on for testing a new
app. Works for me.