[ previous ] [ next ] [ threads ]
 From:  "John Voigt" <1geek at jvoigt dot com>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] Traffic Stats
 Date:  Thu, 18 Mar 2004 14:51:02 -0500
----- Original Message ----- 
From: "Jim Gifford" <jim at giffords dot net>

> > It's very simple to hack into mono.
> Is this the email you mean?
> http://m0n0.ch/wall/list/?action=show_msg&actionargs[]=24&actionargs[]=36

Yes - that's the e-mail.
> You said right in that email that you hadn't added it to m0n0wall.

That particular box is not monowall but monobsd.  I have looked at monowall
and it is very simple to hack it in.
> Having to manually set up ipfw rules for each and every IP address seems
> like a lot of work.  :(

I have to do this anyway for wireless clients because of something called
the "hidden node problem" a discussion of which is far outside the scope of
this group.  Also, all the firewall rules for individual IPs were only done
once and will only need changes (minor ones) if my IP block changes.  For
the size networks mono supports on small embedded computers, the IP blocks
are usually pretty small and ease to configure.

> I think I'd rather do the ethernet tap, and do it outside m0n0wall, where
> I can also run an IDS and other things as I choose.  I would rather *not*
> have to keep hacking the stock image every time there is a m0n0wall
> upgrade.

I'd rather not have to keep hacking mono either.  Unfortunately, this
particular system is in a location where space is at a premium and I have to
do everything inside the Soekris.  It's nice when you have the luxury of
using several boxes for the various functions - unfortunately in the real
world (mine at least) it's usually not feasible.

This was not intended to be the one and only answer to IP level tracking -
just a demonstration of a real world production system that is doing stats
in a fairly simple way.
> jim
John Voigt, President

Reston Wireless, LLC
High speed internet service
no smoke, no mirrors, no wires (tm)