Uli Wachowitz wrote:
> 2004-06-02 18:45, Andrew Eglington wrote:
>>Network traffic logger that:
>>- given a start and end date will show the *total* amount of data
As Uli says, this can easily be acomplished through SNMP using a tool
such as MRTG or similar, providing that you have some always-on box on
which you can have such a tool running!
That being said, I can see the use of such a feature on m0n0wall
(albeit I'd suggest a more flexible tool be implemented, in order for
it to be useful for a wider range of people, not that I know exactly
what that would entail?)
> Please don't even think about adding such (doubtless nice) function. If
> you need something like that, use external tools. Same goes for the
> traffic graph (IMHO).
Well, that is always an easy opinion to have, IF you are lucky enough
to have access to one or more always-on box(en) and IF you happen to
know how to setup and use such tools!
Personally I find it a bit annoying that people who DO have such boxen
typically don't seem to recognize the fact that many people do NOT
have this option (or at least, would have to pay good money or
otherwise go to certain unwanted extents to do so).
This is especially true for a project like m0n0wall, which was hardly
meant to be a tool for hardcore coorporate server admins with 100+
hosts on their network, but rather a monolithic firewall solution for
use in small LAN environments (such as SOHO and private/home
networks!) The fact that it is ALSO useful for people with larger,
coorporate, networks, is a credo to Manuels work, not a reason to make
m0n0wall into something it wasn't meant to be (all this IMHO of course!)
> You can do countless things with mrtg/mrtgfe and similar tools.
Yes, IF you know how to set it up and use it, IF you have a box to run
it on, IF you don't mind using an extreme overkill solution, and so on
and so forth. Not quite the same as navigating to the m0n0wall webGUI
and accessing a certain page with a little WAN usage info on it.
> My mantra was, is and will always be: "A firewall is a firewall is a
Apparantly, and not only have we heard it often before, but it is also
quite a narrowminded way to look at things (IMHO, and no offence
intended), m0n0wall in particular, which was never meant to be JUST a
firewall, as there would then be only one page in the webGUI, namely
the one with the firewall rules!
> Nothing more, nothing less.
I'd suggest that you find such a product then, because m0n0wall
obviously isn't it, seeing as it has NAT, Traffic shaping, DNS
forwarder, DHCP server, DynDNS client, and... and... All of which
can't be said to be strictly firewall related.
I accept the fact that I can't expect m0n0wall to have all and every
feature I want or need, and more to the point: That it might have some
that I don't need or want. I don't understand why certain people have
such a hard time accepting this "fact of life"?
> And yes, I know, things like that have been discussed countless times
Oh yes, and I'd like to apologise for being instrumental in
perpetuating this discussion. Also, if any of the above come across as
"flaming", I'd like to apologise for that too, it's just that, as a
home user myself, I grow tired of seeing the "not on a firewall"
answer so much in relation to m0n0wall, which clearly hasn't been
"just a firewall" for quite some time.
Personally I do NOT have a 24/7 box on which I can run all the stuff
that many people seem to think shouldn't be on the m0n0wall box, so
I'm perfectly happy with any additional feature m0n0wall gets, as long
as the various security, storage, and other issues are taken into account.
Even if I could easily take some old PC from my attic, set it up to
run DHCP, DNS, MRTG and whatnot, why would I want to have yet another
complex box, full of moving, noisy parts, running in my diningroom
closet (aka. "my server room"), when I can have it all in a
no-moving-parts tin-box running m0n0wall?
That, IMHO, is an option suited for admins of large cooporate
networks, where uptime, stability and extreme and convoluted security
measures are apropriate concerns. Not for someone wanting something
better for their home network, than what is offered comercially (all
of which is of appaling quality, compared to m0n0wall).
Also, I still haven't heard any really good arguments against adding
these things? As long as they do not pose a potential security risk or
take up extreme ammounts of CF space or RAM, and can be disabled (or
come in the form of user installable modules), I really fail to see
ANY reason for NOT implementing a particular "feature" (aside, of
course, from the one relating to the developer(s) time and energy!)
I'm not saying that the suggested feature, or any other, should be
added without due consideration, just that there are very good
arguments for not making m0n0wall a "firewall is a firewall is a
There, I said it, it's out of my system ;)
(I just hope I didn't offend too many people in the process?)