gmane.comp.security.firewalls.m0n0wall

M0n0Pluguin

sergi — 2012-05-16T10:07:07

 Hello everybody!

I'm really interested in develop a pluguin that can menage the vouchers,
the first and the main objective is to
know the actual voucher state, for example is if active or not, when it
expires, etc...

Does anybody worked in this before?? Could you give me some advise on how
to start developing?

I took a look at the development section of your web-page. It seems that
the first thing I must do is to
install the FreeBSD OS and then the m0n0 image for his OS. I'm wondering
if I can do all of this in a VMWare Workstation... My doubt is if I'm in
the right path, sorry I've never developed for this kind of sytems. So any
infomration will be really helpful.

Thanks in advance!!!

Re: WRAP/ALIX platform running 1.33 - seeing limited download bandwidth

David Cramblett — 2012-05-04T19:37:46




Thanks for the link.

My Comcast SMC modem is set to auto and is seeing the connection as 100Mbit
Full-Duplex, which is the same for my m0n0wall router.  I just now
tried experimenting with turning off auto on both the SMC and the m0n0wall
box (using config file options), then setting both to 100Mbit full-duplex
manually and didn't see any change.

David

Re: WRAP/ALIX platform running 1.33 - seeing limited download bandwidth

Fred Grayson — 2012-05-04T18:51:24

There have been some speed related oddities with Comcast. See if what is 
discussed here helps any.

http://forum.m0n0.ch/index.php/topic,5620.msg17054.html#msg17054

WRAP/ALIX platform running 1.33 - seeing limited download bandwidth

David Cramblett — 2012-05-04T18:37:49

I recently changed my internet connection from Qwest/Century Link 20M/896K
DSL to a Comcast Business Cable which is netting about 55M/45M.  However,
when I run a speed test through a LAN based computer connected to my WRAP
based m0n0wall system, I was seeing only 16M down/35M up.

I checked my interfaces to make sure they were configured at 100Mb-Full
Duplex, and everything looked good.  It seemed really odd that I was still
seeing 35M up, but only seeing 16M Down.  I reset the Comcast SMC modem, my
"dirty" WAN side switch and my m0n0wall WRAP router - just to make sure
everything was cleaned up but still saw the same results.

Despite the 35M upload I was seeing, I decided my old WRAP platform must be
"dated" and ordered a new 500MHz ALIX board.  It arrived yesterday and I
replaced the router and now I am seeing about 10M down/35M Up.

I re-checked the interfaces, still showing 100M-Full Duplex. Whenever I
plug my workstation into the dirty WAN switch (bypassing m0n0wall) I
immediately get the 55M/45M speed result.

I tried a factory reset of settings and used DHCP on the WAN side, same
speed result of 10M/35M.

I am at a loss to what my problem is.  I couple of things worth mentioning:

1. I built the old WRAP system many years ago and have just been upgrading
the firmware over the years.

2. Since WRAP and ALIX both use the embedded image, I assumed I could just
plug my CF card into the new ALIX board and all would be fine - it seems to
be working fine.

3. I think the old image is just setup on an 8Mb partition of the CF card,
but it's actually quite a bit larger card - not sure if I should upgrade
the partition size - shouldn't be a speed related issue though.


Here is a link to a copy of my status.php.

http://pastehtml.com/view/bwystheel.html


Thanks,

David

Re: Performance issues on WRAP

Chris Buechler — 2012-04-24T02:55:43

ALIX is good up to 80-85 Mbps. Go up to an Atom platform and depending
on NICs you're looking at 300-500 Mbps.

Re: Performance issues on WRAP

Lee Sharp — 2012-04-23T13:55:50

PS:  I got it from these guys...

Steve Winn
Technical Sales
Logic Supply, Inc.
Direct: 802 861 7451 | Main: 802 861 2300
www.logicsupply.com

Re: Performance issues on WRAP

Lee Sharp — 2012-04-23T13:54:48

Pushing data over a buss takes power...  Nothing for it.


How future proof do you want it?  You may want to conside a Jetway 
NF96FL-525 with the AD3INLANG daughter card.  This gives you 4 gig-e 
ports, and three of them are Intel.  You also have a leftover PCI slot 
for a 4 ports fast ether card if needed.  I have built m0n0 on this and 
it works well.

Lee

Re: Performance issues on WRAP

James L. Lauser — 2012-04-23T13:42:16

If you want to stay in that realm (low power, single board system), I'd
recommend looking at the Soekris 6501. It has an Atom CPU and quad gig
ethernet. Should be able to handle several hundred megs of routing, if not
fully saturate a gig.

Re: Performance issues on WRAP

Stefan Ott — 2012-04-23T13:30:49

:(

But thanks a lot for the answers, I honestly didn't expect some minor
routing and NATting to use that much CPU power. Guess it's time to go
shopping then!

On a related note, does anyone happen to know whether the ALIX boards
(500 MHz Geode) have enough power to be reasonably future proof? Or is
it a simple linear thing, i.e. I'll have the same issues on an ALIX
once I hit 50 Mbps?

cheers

Re: Performance issues on WRAP

Chris Buechler — 2012-04-22T04:55:49

At 25 Mbps, you're pushing everything you're going to get through a
WRAP. Things are going to get unresponsive at that point, you're going
to start dropping packets, etc. Enabling polling won't really help,
it'll at least keep userland processes on the system from being
overwhelmed by interrupt load, but it will slightly reduce the amount
of throughput you can get and increase latency. Really need a faster
box than a 233 or 266 MHz Geode at 25+ Mbps.

Re: Performance issues on WRAP

James L. Lauser — 2012-04-22T03:41:06

Even the "high end" WRAP devices don't have very fast CPUs. What's likely
happening when you're pushing that much bandwidth is that your device is
spending all of its CPU time handling interrupts that are coming from the
network interfaces. You can alleviate some of this CPU load by switching
your interfaces over to "polling" mode. You can do this on the Advanced tab
of the interface. Note that interface polling will slightly increase
latency.

Performance issues on WRAP

Stefan Ott — 2012-04-22T03:08:27

Hey

I recently noticed a strange behaviour with m0n0wall 1.33 running on a
PC Engines WRAP. It seems that whenever the network throughput (tried
with http and ftp) gets close to my connection's maximum (which is
around 25 Mbps) the system becomes extremely unresponsive and won't do
anything else anymore - DNS lookups fail and even wifi connections get
terminated. A quick look at the CPU load graph shows that it's very
close to 100%.

Now, I realize that maxing out my connection will have some negative
impact on additional data traffic, but using my whole CPU for a little
bit of packet forwarding seems slightly excessive. Thus I was
wondering whether anyone might have an idea about what I can do to
figure out what exactly generates all that CPU load and how to fix it.

Any advice would be highly appreciated.

cheers

Re: PPTP - multiple NICs & Subnets

Lee Sharp — 2012-04-13T16:54:56

That or 192.168.100.239 and 192.168.100.240 would give you presence on 
the nic1 lan.  This is how I do it.

Lee

RE: PPTP - multiple NICs & Subnets

Shreve, Josh — 2012-04-13T15:51:34

I was thinking of making the IPs on NIC1 and NIC2 192.168.100.100 and
192.168.200.100 respectively, and the servers behind each would be
statically assigned IPs 192.168.101-200.  Those servers would use
192.168.x.100 as their gateway.  How would I configure the VPN server?
Should I use something different, like 192.168.10.239, and give it
192.168.10.240/28 as you suggested?



-----Original Message-----
From: Lee Sharp [mailto:leesharp< at >hal-pc.org] 
Sent: Friday, April 13, 2012 11:46 AM
To: m0n0wall< at >lists.m0n0.ch
Subject: Re: [m0n0wall] PPTP - multiple NICs & Subnets

On 04/13/2012 09:21 AM, Shreve, Josh wrote:
host.


Yes.  You need to set firewall rules in all of the networks (nic1 nic2
and pptp) and pick a scope that can be found.  I usually place my pptp
scope at the top of my lan with 192.168.x.239 as my gateway, and
192.168.x.240/28 as my slots.

Lee

---------------------------------------------------------------------
To unsubscribe, e-mail: m0n0wall-unsubscribe< at >lists.m0n0.ch
For additional commands, e-mail: m0n0wall-help< at >lists.m0n0.ch

Re: PPTP - multiple NICs & Subnets

Lee Sharp — 2012-04-13T15:45:39

Yes.  You need to set firewall rules in all of the networks (nic1 nic2 
and pptp) and pick a scope that can be found.  I usually place my pptp 
scope at the top of my lan with 192.168.x.239 as my gateway, and 
192.168.x.240/28 as my slots.

Lee

PPTP - multiple NICs & Subnets

Shreve, Josh — 2012-04-13T14:21:50

Hello, I apologize for my ignorance but I have a small question.

I am considering using m0n0wall as a virtual appliance in a VMware host.
Ideally I would like for the appliance to have 3 NICs:



*NIC1 = WAN (public IP)
*NIC2 = LAN1 (192.168.100.0/24)
*NIC3 = LAN2 (192.168.200.0/24)


Would it be possible to configure a PPTP VPN that I can connect to that
would allow me to access both the 192.168.100.x and 192.168.200.x
networks, and if so how?  I'd rather use PPTP vs. IPSec due to its
support by most OS's out-of-the-box, but if I absolutely have to use
IPSec I suppose I could.

I haven't found a definite answer, and it is the last piece of my
virtual network puzzle.  Thanks in advance!

Implementing Thermal Printer TM-T20

Sergio Vemic — 2012-04-12T11:51:07

Hi,

has someone tryed or maybe implemented interface for Epson TM-T20
Thermal Printer?

It would nice if there was a possibility to use the feed button to
generate single voucher...

Regards,
Sergio

Re: Captive Portal: WLAN Authentification without entering Voucher ID or user name / password pair

Ralf Petry — 2012-04-05T14:18:46

wow, thumbs up, is it really as easy as that... i'll check that, thank 
you very much.
best regards, ralf.

Am 05.04.2012 16:13, schrieb Manuel Kasper:

Re: Captive Portal: WLAN Authentification without entering Voucher ID or user name / password pair

Manuel Kasper — 2012-04-05T14:13:08


You need to set this to "local user manager" (otherwise users who leave the voucher field blank will be allowed through the captive portal, as the "No authentication" setting is intended for setups that simply need to display an AUP without authentication). No local users actually need to be created.

- Manuel

Re: Captive Portal: WLAN Authentification without entering Voucher ID or user name / password pair

Ralf Petry — 2012-04-05T13:54:36

no authentication
regards, ralf.

Am 04.04.2012 16:11, schrieb Manuel Kasper:

Re: Captive Portal: WLAN Authentification without entering Voucher ID or user name / password pair

Manuel Kasper — 2012-04-04T14:11:03


How did you configure the "Authentication" setting on the captive portal setup page? (No authentication/Local user manager/RADIUS)

- Manuel