[ previous ] [ next ] [ threads ]
 
 From:  Jean Everson Martina <everson at inf dot ufsc dot br>
 To:  sylikc <sylikc at gmail dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Full PC m0n0 - was Re: [m0n0wall] Captive with IMAP
 Date:  Fri, 15 Oct 2004 23:14:19 -0300
sylikc wrote:
> Jean,
> 
> 
>>        I'm replying this message cause I fully desagree with the statement
>>that m0n0 whould not evolve with new and very usefull things just cause
>>people use it inside soekris or wrap boards.
>>        I personally use it in most cases within wrap boards, but I have some
>>cases where I run mono inside Dual Xeon 2.8 - 4 Gb RAM. Why we can not
>>have this stuff in m0n0, but disabled? if you choose to run m0n0 inside
>>a SBC board, no problem, just keep this features disabled, but if you
>>have machine power why not?
> 
> 
> Wow, I think you're one of the few that would run m0n0 on a Xeon, much
> less a dual Xeon with 4G of RAM.  Sheesh... How much RAM does your
> modded m0n0 use in that environment?  I can't get my base m0n0 to use
> any more than 47MB ;)

Easy, what is needed is a systcl configuration and a kernel rebuild, 
even to work with SMP. In this machines I also have 4 Gigabit interfaces 
  and keep more than 200 VPNs simultaneously with a 10Mbit/s internet 
link, and behind this m0n0 I have more than 700 computers and 20 servers.

> 
> 
> 
>>        the problem may be the U$3,00 plus to go from a 32MB CF to a 64MB? I
>>don't think so. Or may have more RAM, but this is a real problem?
>>        I developed lots of stuff to m0n0 in the last 3 months, but I gave up
>>to post here, cause the answer is allways the same: "Bullshit, m0n0
>>isn't developed for this purpose". Among this things I have squid
>>integration in 1.2b1, snort integration in 1.2b1, database support for
>>logging purposes, an even the internationalization. All of them ( don't
>>really think this ) too heavy for SBC boards, but not to the PC case.
> 
> 
> I think m0n0's design goal started from gearing towards embedded, and
> the main developers continue their work geared towards an embedded
> platform.  This has, for the most part kept the m0n0 distro small and
> the core requirements as lean as possible.
> 
> We should get another list going, called the "m0n0 for full power PC"
> list, where people share their mods in patching up m0n0 with the
> latest squid or snort.  There's always a few posts every here and
> there about integrating some full powered package into m0n0.  I can
> see how the main distribution branch of m0n0 might not want to have
> this complication as m0n0 serves it's purpose quite well in its
> current minimalistic form.  However, a new list where all the PC
> developers coming together might just end up being a branch of
> m0n0wall.

I've already thought about this. I've also already started a SF project 
called m0n0Patches (not aproved yet, but in meanigs of being). But one 
thing I don't really want is to fork this effort into a new project. As 
you said M0n0 core team has developed a great package, and they are not 
open to new ideias, but this is not sufficient to undeserve their work.

The other thing is that every single patch I wrote to m0n0 was 
discarded(ignored, not even commented), even those ones that had not the 
purpose of changing m0n0, but let it able to certify ICSA. I had the 
oportunity to pay to m0n0 to be ICSA Firewall certified, but with I had 
to say to my client to by a netscream firewall, cause m0n0 would never 
be ICSA certifiable.

One thing that can really stop this problems is m0n0 having a WELL 
DEFINED API to integrate modules, like a new feture in menu to upload 
modules. I was figuring out about how to do this, and I can say that it 
is not easy, but it is possible (maybe having new filesystems mounted 
for each module). And with this API defined and people writing the 
modules, the users can chose what they use, all this without a fork in 
m0n0 project.

> 
> I, personally would be quite interested to see your patches for squid,
> snort, and full database logging capabilities.  (I'm sure others would
> too, seeing as there were posts earlier about it).  I've seen other
> commercial solutions out there that aren't half as feature rich as
> m0n0 but just happen to have extensive logging and proxy support where
> I've had to recommend it to a client while I would have much rather
> implemented a m0n0wall instead.  

this was what I tried to meant earlier. I really thing m0n0 is cool, but 
to be really usefull everywhere it needs some new features.

I will release my patches in more one month. Cause I'm working heavelly 
on squid patch to have NTLM integration, and to have a good ACL edition 
system. The Internationalization patch is done, what I need are the 
translators(anyone?). The snort one is just a copy of one patch that was 
posted here aplied to m0n0 1.2b1. The security patch I have is just to 
close m0n0 to the ICSA labs certification.


Jean
smime.p7s (5.8 KB, application/x-pkcs7-signature)