[ previous ] [ next ] [ threads ]
 
 From:  "Steve Thomas" <sthomas at consultant dot com>
 To:  rmullins at ciscomonkey dot net, "David Kitchens" <spider at webweaver dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Feature Request
 Date:  Fri, 05 Jan 2007 10:09:04 -0500 
I generally don't like opening 3389 to the world.

If I have a need to RDP, I setup a PPTP VPN.

  ----- Original Message -----
  From: "Ryan Mullins"
  To: "David Kitchens"
  Subject: Re: [m0n0wall] Feature Request
  Date: Thu, 4 Jan 2007 17:36:43 -0600


  I do this same situation a lot. What I've done is just change the
  firewall rule to allow
  3389 to my network (eg. 192.168.1.0/24) instead of just the host.
  That way I only have to
  change the NAT rule to point to the other server address.

  -Ryan

  * David Kitchens [2007-01-04 18:32:12]:

  > Point taken, I hadn't thought of tweaking just the firewall rule
  but in most
  > cases I have ran into, the two rules are meant to be together. All
  I was
  > hoping for was a checkbox option like we have on the NAT page that
  would
  > update the other rule if the user wanted to. It doesn't have to be
  a
  > mandatory thing, but most of the time I have needed to edit both.
  Example
  > for my situation is port 3389, 99% of the time, I have it set to my
  > workstation so I can get to it remotely, here and there I need to
  let
  > someone use Terminal Services to get to my W2K3 server and I have
  to change
  > the rules. I am not a programmer so I didn't know if this could be
  done but
  > figured I would throw it out to the list and see. Having a drop
  menu for
  > aliases seems like it should be fairly simple, that's more cosmetic
  than
  > anything else.
  >
  > Dave > -----Original Message-----
  > > From: Neil A. Hillard [mailto:m0n0 at dana dot org dot uk] > Sent:
  > Thursday, January 04, 2007 3:41 PM
  > > To: m0n0wall at lists dot m0n0 dot ch
  > > Subject: Re: [m0n0wall] Feature Request
  > > > Hi,
  > > > In message <459D622B dot 6090906 at gmx dot de>, Carsten Holbach >
  > writes
  > > >I support this feature request!
  > > >
  > > >David Kitchens schrieb:
  > > >> While I love the "Auto-add a firewall rule" option in NAT, >
  > I find it > >>odd that when I want to edit a NAT rule, this
  > feature is > not there. > >>It seems like it should be able to
  > change to "Update the firewall > >>rule" when you Edit a NAT
  > setting. Currently, if I want to > edit a NAT > >>rule, I also
  > have to edit the firewall rule. Would this be > possible to do?
  > > >> Second thought, since we have the blue fields for Aliases,
  > could > >>the fields be drop down lists of available aliases?
  > Not a > major issue > >>but a thought since I am editing rules
  > right at the moment.
  > > >> Also, a quick report on a production Net 4511 upgrade to
  1.3b2:
  > > >> Upgrade was painless, everything worked that I use. Web
  > and mail > >>services working to two servers, VLANs working,
  > VPN's to several > >>clients work fine, (all connected to
  > M0n0wall 1.22). My mini-pci > >>wireless B is more stable now
  > than it was under 4.11, it > used to stop > >>working now and
  > then.. The webgui is slightly slower than > it was but > >>a
  > 4511 is only a 133mhz so I expected that and can deal with it. >
  > >>Overall, a fine piece of work and a painless upgrade as usual
  > with > >>M0n0wall!
  > > > I can see how it could be useful but I don't think it is that
  > > easy to implement. The two tables are completely separate so >
  > some form of link between the two would need to be maintained.
  > > > What happens when you've 'tweaked' the firewall rule? Would
  > > the link be severed or would the NAT rule update overwrite >
  > the firewall rule changes?
  > > > When adding a rule it's a bit of a no-brainer but maintaining
  > > from then on wouldn't be particularly easy... unless I've >
  > missed something obvious!
  > > > My 2p worth!
  > > > ATB,
  > > > > Neil.
  > > > -- > Neil A. Hillard E-Mail: m0n0 at dana dot org dot uk
  > > >
  ---------------------------------------------------------------------
  > > To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
  > > For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
  > > >
  ---------------------------------------------------------------------
  > To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
  > For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch

  ---------------------------------------------------------------------
  To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
  For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch