[ previous ] [ next ] [ threads ]
 
 From:  "Neil A. Hillard" <m0n0 at dana dot org dot uk>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] RE: can't get m0n0wall to open port 80 other than to webGUI
 Date:  Sun, 18 Feb 2007 17:47:24 +0000
Hi,

>Chris you can add Microsoft ISA server to the list of firewalls that do not
>let out/in traffic I spoke to a Microsoft ISA engineer about this type of
>behavior of a firewall and I was told it is not secure for a firewall to let
>connections from an internal interface to access services published on a
>external interface. So m0n0 behaving this way makes me feel good about this
>product that it is secure and industry standard.

That's a bit of an oxymoron, isn't it - Microsoft firewall :-)

I can't really see what security has to do with it, though.  If the
firewall has the ability to allow it and it is controllable then it is
up to the admin to enable or disable the option.  m0n0wall doesn't have
the option so it's a bit of a moot point, though.

I run a filtered bridge as I have multiple IP addresses so I can use the
same IP address from inside and out.  That way I get to make sure that
my external DNS is still working!

As others have mentioned - Manuel, you're doing a great job - m0n0wall
is a really great firewall and I certainly wouldn't have the same level
of configuration / features with other Open Source firewalls I've tried.

ATB,


                                Neil.

-- 
Neil A. Hillard                E-Mail:   m0n0 at dana dot org dot uk