[ previous ] [ next ] [ threads ]
 
 From:  "John Voigt" <1geek at jvoigt dot com>
 To:  "David Rodgers" <david dot rodgers at kdsi dot net>
 Cc:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] Hotspot Access Pages
 Date:  Wed, 17 Mar 2004 15:30:06 -0500
----- Original Message ----- 
From: "David Rodgers" <david dot rodgers at kdsi dot net>


> THIS IS A FIREWALL NOT A HOTSPOT ACCESS DEVICE
>
Well, for you it's a firewall.  A lot of people are using it with the
Soekris box as a wireless router in their SOHO environment

> All of you people that want it to do samba and nfs and .....the list
> goes on and on need to just get another box to do this stuff OR YOU ARE
> CREATING A SECURITY PROBLEM FOR YOURSELVES

Running a hotspot is a far cry from samba or nfs.  No one will ever run
samba or nfs on an embedded PC.
>
> Is is really that hard to setup a second device to be your server in
> these instances????

Actually, yes.  It involves more power and physical space in locations where
they are at a premium.
>
> It's very handy but even the dhcp and vpn server running on the firewall
> makes me paranoid. Fortunately this amazing product was designed with
> people like me in mind and can be easily disabled.

If you trust disabling dhcp and vpn why wouldn't you trust disabling the
hotspot code?
>
> A FIREWALL SHOULD NEVER UNDER ANY CIRCUMSTANCES BE RUNNING A SERVICE
> THAT IS OPEN TO THE OUTSIDE WORLD IN GENERAL .... and even running a
> service like nfs or samba on the internal network on your firewall
> device isn't safe if you have ANY users other than yourself using the
> network.

Agreed - see above - not everyone sees this as only a firewall.

If you check the history of this project you'll find that it started out
life as a cool way to use a Soekris embedded PC.  Many of us continue to use
it that way and don't share your paranoia as our networks have very little
of value on them.  We don't need a $12,000.00 safe to protect our $300.00
worth of jewels.

All that being said, I bow to Manuel's vision as it's his project.  Just as
nothing stops the rest of us from adding hotspot code and samba and whatever
else people want to add, you are not prevented from removing code that you
do not trust.