[ previous ] [ next ] [ threads ]
 From:  David Cook <david dot cook at jetpress dot com>
 To:  'Stefan' <chex at localtel dot com>, m0n0wall at lists dot m0n0 dot ch
 Subject:  RE: [m0n0wall] some problems with m0n0wall; turn ping on, realtim e traffic monitor
 Date:  Fri, 16 Apr 2004 08:24:55 +0100
>-----Original Message-----
>From: Stefan [mailto:chex at localtel dot com]
>Sent: 16 April 2004 06:18
>To: m0n0wall at lists dot m0n0 dot ch
>Cc: Stefan
>Subject: [m0n0wall] some problems with m0n0wall; turn ping on, realtime
>traffic monitor
>So I have replaced my carefully configured Linux Router of 5+ 
>years with 
>m0n0wall, mostly just to get the traffic shaping.  And that has worked 
>very well.  
>However, a few things I cannot figure out how to replicate on m0n0wall 
>that I had on Linux-NAT. 
>1st: Ping.  You cannot ping my external IP from the real 
>world.  How can I
>turn this on?  Other than liking to see what my ping/latency times are
>from remote hosts, I also use broadbandreports.com 
>line-monitor services,
>and it uses ping to give me results.  I either need to turn it 
>on on m0n0,
>or need to figure out how to NAT it to a internal host.

As Instigator suggested, create a rule to allow ICMP traffic to your WAN

>2nd:  etherreal.  I loved having etherreal to watch traffic on 
>my router.  
>Espically now, I need to figure out what IP and ports my VoIP box is 
>using, to try to setup up high-priority queueing for those 
>IP-ports.  How 
>can I watch the traffic flowing across my router in realtime?  
>( I dont 
>think SNMP will work for this.. )

Don't know your setup, but if you have the m0n0wall WAN interface connected
to a router you could put a simple HUB in between and then watch traffic.
This would limit you to just seeing traffic on the WAN interface, but for
your requirement that ought to be enough.

>Also, any plans in the works to make the read-write aspect of m0n0wall
>write to something a bit faster and less shaky than a 1.44 
>fdd?  I would
>love to see the addition of a USB flash-thumb drive as a read/write 

The CD-Rom image is great, but it's limitation is the reliance on a FDD for
storing the config. This makes for slow writes (with a perceptible slowing
of the interface when config changes are being made) and all the other
problems such as unreliability of FD media.

Have you considered using the standard HDD image either on a HDD, or even
better on a CF card in place of a HDD? CF is what m0n0wall was designed for,
hence its RAMDISK fs and only writing config changes to permanent storage.
We have deployed a number of Soekris boxes and a standard PC in this way. It
is relatively cheap, doesn't have the problems of mechanical failure
associated with a FDD or HDD, draws much less power and is silent.

CF to IDE adaptors are readily available. If you want an idea of options for
a standard PC have a look at
http://www.cfide.co.uk/compact_flash_ide_adapters.shtml. OK this is a UK
site but similar, if not the same, products should be available in North

For anybody in the UK reading this I can recommend getting CF to IDE
adaptors from here. We got a few different types to play around with,
http://www.cfide.co.uk/compact_flash_ide_adapter_cfide_fb.shtml is quite
nifty for a standard PC dedicated as a firewall.

>I think the short answer here might be just to setup a full-on Open BSD
>box.  I am definitely pushing the boundries of what the 
>designer had in 
>mind for a simple SOHO-router replacement. 
> Thanks,
>-- ChEx in Boston
>To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>This e-mail has been scanned for all viruses by Star Internet. The
>service is powered by MessageLabs. For more information on a proactive
>anti-virus service working around the clock, around the globe, visit:

Nunn Close
NG17 2HW

Web:	www.jetpress.com
Tel:	+44-1623-551 800
Fax: 	+44-1623-551 175

Confidentiality Notice 
This message and its contents are confidential.  The contents are solely for the attention of the
recipient(s) named above and any unauthorised disclosure, copying or distribution is forbidden.  If
you are not the recipient named above, please contact the sender immediately and destroy this
message.  The views expressed in this message are those of the sender and not necessarily those of