[ previous ] [ next ] [ threads ]
 From:  Manuel Kasper <mk at neon1 dot net>
 To:  Adam Nellemann <adam at nellemann dot nu>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Where is the SSID???
 Date:  Sat, 03 Apr 2004 11:22:25 +0200
On 03.04.2004 01:09 +0200, Adam Nellemann wrote:

> The fist issue is probably due to the assumption that if you have
> only two interfaces, you'd typically always want one to be WAN.
> Unless there is some very good reason why this should be enforced,
> I guess it would be nice if it were possible to assign a NIC to
> OPT1 instead of WAN, even when only two NICs are present. (Would be
> useful for LAN-LAN filtering bridges, using m0n0wall as an AP and
> so on.)

m0n0wall is a firewall, not an access point or a bridge. And IMHO,
hostap isn't reliable, featureful and fast enough to be a complete
replacement for a real commercial AP.

> An alternative (more flexible but also much more elaborate)
> solution could be: Instead of the built-in assumptions made for the
> first two interfaces (LAN and WAN), all NICs could be allowed to
> have arbitrary "friendly-names" (like currently allowed for OPTx
> interfaces only), and then having a drop-down on each interface

Nice idea, but too complicated. There are some special assumptions
about LAN and WAN that are just too difficult to change now. Not
having an IP address on the WAN interface because it's bridged with
LAN (or vice versa) would break lots of things.

Again, I don't like seeing what some people are trying to do with
m0n0wall. It's a solution for the *most common* firewall situations,
and filtered bridging definitely doesn't count for most common.
People should use something like m0n0BSD (which is hopelessly
outdated, I know) in such situations instead, as complicated
bridging/graphing/IDS/whatever stuff doesn't go well with web
interfaces anyway. Besides, I know of other open source firewall
projects that are much less flexible and where even the addition of a
single DMZ interface requires modding...

> The second issue (which I haven't confirmed) is that it would
> appear that the WAN interface page doesn't show the usual wireless
> options when a wireless NIC has been assigned to it. Like with the

Wrong. I just tried it again, assigning sis0 to LAN and wi0 to WAN
(no optional interfaces), et voilà - the wireless configuration
section appears at the bottom of the WAN interface setup page and
works like a charm (the "assign network ports" tool creates an empty
<wireless>...</wireless> section in the corresponding interface
section in config.xml for wireless interfaces).

> I gues this would be done by having m0n0wall behave the same way on
> the WAN page as it currently does on the OPTx page (and, I must
> assume, the LAN page), making it add the wireless options when it
> detects a wireless NIC has been selected for the interface in
> question.

It already does that.

> I hasten to say that I'm perfectly happy with the way things are
> now, for both these issues, as my setup is pretty straight forward
> (TP NICs for WAN and LAN, wireless on OPT1) and getting even
> "straighter", as my plan is to replace the wireless NIC with a TP
> one, and using a vanilla AP to provide the wireless link instead.

I can't see your problem then.

- Manuel