News: This forum is now permanently frozen.
linktree m0n0wall Forum  >  m0n0wall Support (English)  >  General Questions
linktree Topic: New user with a lot of questions
Pages: [1]
Topic: New user with a lot of questions  (Read 1276 times)
« on: November 25, 2009, 23:47:06 »
AlexandreG
Guest
Hi!

this topic fits in a lot of places so I decided to post it here.

I was looking for a good hardware router/firewall for about 6 months and last night, I discovered m0n0wall...


I just thought: WOW!! This is exactly what I need!

As I said, I am new to it, and I have no experience with freeBSD or UNIX...., not at all! But I do have a lot of networking knowledge. Do I need any kind of BSD experience in order to really use it? I mean, it says no, but what is it really in a normal use?


Also, I was thinking about the firewall, how is the NAT implemented?? Is it ip based (I doubt it :roll: ), but seriously, is it port based (where an outgoing connection would make an entry in a table and any incoming one would be check with the ports numbers only?) or is it port AND IP pased (where both are checked)?

In other terms (and I don't use them because they are the source of a lot of confusion), is it Full Cone NAT? Address restricted cone nat or port (and address) restricted cone nat?

Also, how is the ICMP messages implemented in the NAT? Is it simply with the ICMP sequence numbers? It is also looking at IPs?? (it gets back to my last question)

My other question is about the firewall itself. Is it a simple firewall that looks at the ip and ports and allows/blocks traffic? Or is there more advanced things like a "SPI" that would look at the tcp flags to see if they are valid, and look at the sequence numbers to see if they are normal??


Last question for you : I was thinking about MTU and IP fragmentation yesterday and I think I got confused but all the IPV6 stuff I've been reading lately. In ipv4, the routers can do ip fragmentation right?
I ask that because I plan to use m0n0wall with a pppoe connection. My modem is used as a dumb modem so m0n0wall needs to handle the pppoe.
In the best case senario, I would change the mtu values on my computers and on m0n0wall, in order to be small enough to pppoe. But, if I stay at 1500 on my computer, is m0n0wall able to fragment the ip packet in order for it to fit in a pppoe frame? Is m0n0wall able to also accept incoming fragmented IP frames?

In the event where I send a packet that needs fragmentation, will m0n0wall's firewall look at the packet as a whole (before fragmentation) of at the individual fragmented pieces (it would be stupid :roll: but you know... just in case)?

If it gets a fragmented packet from the wan side, same question, will it be reconstructed, checked agains't the firewall, and then fragmented again and sent to my computer (if there is a need to)?





In another category: how are the settings saved and how often is the floppy or usb drive accessed? I live in a place where power is very unstable. Of course, the computer would be on a UPS, but sometimes it is not enough. In the event where the computer is turned off by a power outrage, what will happend to the settings? Is the floppy only accessed to boot and to read/write the settings?


Thanks a lot for your great help

Alex
« Reply #1 on: November 26, 2009, 11:02:05 »
markb ****
Posts: 331
I'll answer what I can and leave the rest for others.

Quote from: AlexandreG on November 25, 2009, 23:47:06
As I said, I am new to it, and I have no experience with freeBSD or UNIX...., not at all! But I do have a lot of networking knowledge. Do I need any kind of BSD experience in order to really use it? I mean, it says no, but what is it really in a normal use?

Not at all no BSD required, unless you want to get into hacking the code for something specific that isn't supported by default

Quote from: AlexandreG on November 25, 2009, 23:47:06
Also, I was thinking about the firewall, how is the NAT implemented?? Is it ip based (I doubt it :roll: ), but seriously, is it port based (where an outgoing connection would make an entry in a table and any incoming one would be check with the ports numbers only?) or is it port AND IP pased (where both are checked)?

My understanding is port and IP

Quote from: AlexandreG on November 25, 2009, 23:47:06
In another category: how are the settings saved and how often is the floppy or usb drive accessed? I live in a place where power is very unstable. Of course, the computer would be on a UPS, but sometimes it is not enough. In the event where the computer is turned off by a power outrage, what will happend to the settings? Is the floppy only accessed to boot and to read/write the settings?

The system disk is only accessed when booting or changing something.  It all runs from the memory.  The best configuration would be a compact flash drive.  It will not loose the config if power is lost suddenly. (Assuming you're not updating the config at the time)
 
Pages: [1]
 
 
Powered by SMF 1.1.20 | SMF © 2013, Simple Machines