|
||||||||
I agree that if you want to monitor traffic, put a box in front of your firewall. As a rule, I would never run anything more than a firewall on my firewall. Just think if someone hacks your box with ethereal....they could simply grab your cleartext passwords....not good..... --------- Mensagem Original -------- From: Jim Gifford <jim at giffords dot net> To: m0n0wall at lists dot m0n0 dot ch <m0n0wall at lists dot m0n0 dot ch> Subject: Re: [m0n0wall] some problems with m0n0wall; turn ping on, realtime traffic monitor Date: 16/04/04 12:56 > > On Fri, Apr 16, 2004 at 01:18:02AM -0400, Stefan wrote: > > HI: > > > > So I have replaced my carefully configured Linux Router of 5+ years with > > m0n0wall, mostly just to get the traffic shaping. And that has worked > > very well. > > > > However, a few things I cannot figure out how to replicate on m0n0wall > > that I had on Linux-NAT. > > > > 1st: Ping. You cannot ping my external IP from the real world. How can I > > turn this on? Other than liking to see what my ping/latency times are > > from remote hosts, I also use broadbandreports.com line-monitor services, > > and it uses ping to give me results. I either need to turn it on on m0n0, > > or need to figure out how to NAT it to a internal host. > > I think adding a firewall rule to permit icmp on the WAN interface will > accomplish this. > > > 2nd: etherreal. I loved having etherreal to watch traffic on my router. > > Espically now, I need to figure out what IP and ports my VoIP box is > > using, to try to setup up high-priority queueing for those IP-ports. How > > can I watch the traffic flowing across my router in realtime? ( I dont > > think SNMP will work for this.. ) > > By using something like this: > http://www.snort.org/docs/tap/ you can monitor traffic on any link in > both directions (it sits between two devices so you can monitor all the > traffic between those 2 devices without anything seeing the monitoring > host). You could then use ethereal on a box inside your network to look > at that traffic. > > > Also, any plans in the works to make the read-write aspect of m0n0wall > > write to something a bit faster and less shaky than a 1.44 fdd? I would > > love to see the addition of a USB flash-thumb drive as a read/write > > device. > > Sounds like you should consider switching to the generic-pc version > running from IDE disk or compact flash card via IDE-CF interface. > > > I think the short answer here might be just to setup a full-on Open BSD > > box. I am definitely pushing the boundries of what the designer had in > > mind for a simple SOHO-router replacement. > > That is certainly an option. I'm the last person to discourage someone > from manually building their own firewall exactly as they want it. > However, if you do indeed like m0n0wall and prefer to use it, then there > are workarounds for the things you've mentioned that aren't that painful > to create. Certainly *I* would keep using m0n0wall rather than risk > overlooking something in a roll-my-own environment. Also, I've rolled > my own firewall too many times in the past to really want to do it again. > > > Thanks, > > > > -- ChEx in Boston > > Hope this helps, > jim gifford > > --------------------------------------------------------------------- > To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch > For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch > > > > > > |