[ previous ] [ next ] [ threads ]
 From:  "Chet Harvey" <chet at pittech dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Rv: Re: [m0n0wall] some problems with m0n0wall; turn ping on, realtime traffic monitor
 Date:  Fri, 16 Apr 2004 15:42:03 -0100
I agree that if you want to monitor traffic, put a box in front of your
firewall. As a rule, I would never run anything more than a firewall on my
firewall. Just think if someone hacks your box with ethereal....they could
simply grab your cleartext passwords....not good.....

--------- Mensagem Original --------
From: Jim Gifford <jim at giffords dot net>
To: m0n0wall at lists dot m0n0 dot ch <m0n0wall at lists dot m0n0 dot ch>
Subject: Re: [m0n0wall] some problems with m0n0wall; turn ping on, realtime
traffic monitor
Date: 16/04/04 12:56

> On Fri, Apr 16, 2004 at 01:18:02AM -0400, Stefan wrote:
> &gt; HI:
> &gt;
> &gt; So I have replaced my carefully configured Linux Router of 5+ years
> &gt; m0n0wall, mostly just to get the traffic shaping.  And that has
> &gt; very well.
> &gt;
> &gt; However, a few things I cannot figure out how to replicate on
> &gt; that I had on Linux-NAT.
> &gt;
> &gt; 1st: Ping.  You cannot ping my external IP from the real world.  How
can I
> &gt; turn this on?  Other than liking to see what my ping/latency times
> &gt; from remote hosts, I also use broadbandreports.com line-monitor
> &gt; and it uses ping to give me results.  I either need to turn it on on
> &gt; or need to figure out how to NAT it to a internal host.
> I think adding a firewall rule to permit icmp on the WAN interface will
> accomplish this.
> &gt; 2nd:  etherreal.  I loved having etherreal to watch traffic on my
> &gt; Espically now, I need to figure out what IP and ports my VoIP box is
> &gt; using, to try to setup up high-priority queueing for those IP-ports. 
> &gt; can I watch the traffic flowing across my router in realtime?  ( I
> &gt; think SNMP will work for this.. )
> By using something like this:
> http://www.snort.org/docs/tap/ you can monitor traffic on any link in
> both directions (it sits between two devices so you can monitor all the
> traffic between those 2 devices without anything seeing the monitoring
> host).  You could then use ethereal on a box inside your network to look
> at that traffic.
> &gt; Also, any plans in the works to make the read-write aspect of
> &gt; write to something a bit faster and less shaky than a 1.44 fdd?  I
> &gt; love to see the addition of a USB flash-thumb drive as a read/write
> &gt; device.
> Sounds like you should consider switching to the generic-pc version
> running from IDE disk or compact flash card via IDE-CF interface.
> &gt; I think the short answer here might be just to setup a full-on Open
> &gt; box.  I am definitely pushing the boundries of what the designer had
> &gt; mind for a simple SOHO-router replacement.
> That is certainly an option.  I'm the last person to discourage someone
> from manually building their own firewall exactly as they want it.
> However, if you do indeed like m0n0wall and prefer to use it, then there
> are workarounds for the things you've mentioned that aren't that painful
> to create.  Certainly *I* would keep using m0n0wall rather than risk
> overlooking something in a roll-my-own environment.  Also, I've rolled
> my own firewall too many times in the past to really want to do it again.
> &gt;  Thanks,
> &gt;
> &gt; -- ChEx in Boston
> Hope this helps,
> jim gifford
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch