[ previous ] [ next ] [ threads ]
 From:  Jim Gifford <jim at giffords dot net>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] some problems with m0n0wall; turn ping on, realtime traffic monitor
 Date:  Fri, 16 Apr 2004 09:54:52 -0400
On Fri, Apr 16, 2004 at 01:18:02AM -0400, Stefan wrote:
> HI:
> So I have replaced my carefully configured Linux Router of 5+ years with 
> m0n0wall, mostly just to get the traffic shaping.  And that has worked 
> very well.  
> However, a few things I cannot figure out how to replicate on m0n0wall 
> that I had on Linux-NAT. 
> 1st: Ping.  You cannot ping my external IP from the real world.  How can I
> turn this on?  Other than liking to see what my ping/latency times are
> from remote hosts, I also use broadbandreports.com line-monitor services,
> and it uses ping to give me results.  I either need to turn it on on m0n0,
> or need to figure out how to NAT it to a internal host.

I think adding a firewall rule to permit icmp on the WAN interface will
accomplish this.

> 2nd:  etherreal.  I loved having etherreal to watch traffic on my router.  
> Espically now, I need to figure out what IP and ports my VoIP box is 
> using, to try to setup up high-priority queueing for those IP-ports.  How 
> can I watch the traffic flowing across my router in realtime?  ( I dont 
> think SNMP will work for this.. )  

By using something like this:
http://www.snort.org/docs/tap/ you can monitor traffic on any link in
both directions (it sits between two devices so you can monitor all the
traffic between those 2 devices without anything seeing the monitoring
host).  You could then use ethereal on a box inside your network to look
at that traffic.

> Also, any plans in the works to make the read-write aspect of m0n0wall
> write to something a bit faster and less shaky than a 1.44 fdd?  I would
> love to see the addition of a USB flash-thumb drive as a read/write 
> device.

Sounds like you should consider switching to the generic-pc version
running from IDE disk or compact flash card via IDE-CF interface.

> I think the short answer here might be just to setup a full-on Open BSD
> box.  I am definitely pushing the boundries of what the designer had in 
> mind for a simple SOHO-router replacement. 

That is certainly an option.  I'm the last person to discourage someone
from manually building their own firewall exactly as they want it.
However, if you do indeed like m0n0wall and prefer to use it, then there
are workarounds for the things you've mentioned that aren't that painful
to create.  Certainly *I* would keep using m0n0wall rather than risk
overlooking something in a roll-my-own environment.  Also, I've rolled
my own firewall too many times in the past to really want to do it again.

>  Thanks,
> -- ChEx in Boston

Hope this helps,
jim gifford