1.8b Development

Hello,

which features will come to the next major m0n0wall-releases?

For the moment my m0n0wall runs good and I don´t need new features, but I will change my opinion, if the features will be great.

Thomas

First off, I think this has already been mentioned on the mailing list.  If memory serves me right there were no plans of ever implementing it.

I am still going to add my voice to the request though.

I currently run both a NetScreen (5GT) and a m0n0wall (WRAP) at home.  The NetScreen supports multiple external IPs just like the m0n0wall.  However, with the NetScreen if you host a web server inside your network you can still resolve to it using it's external IP.  Something that the m0n0wall can't do (at least not as far as I know)

I'm not sure how much work is involved in getting this functionality, hopefully not much.

Either way, Thanks for coming this far, and TIA if you add my requested feature.

I currently run both a NetScreen (5GT) and a m0n0wall (WRAP) at home.  The NetScreen supports multiple external IPs just like the m0n0wall.  However, with the NetScreen if you host a web server inside your network you can still resolve to it using it's external IP.  Something that the m0n0wall can't do (at least not as far as I know)

I'm not sure how much work is involved in getting this functionality, hopefully not much.

Either way, Thanks for coming this far, and TIA if you add my requested feature.

You have to create a firewall rule to allow inbound WAN connections on port 80 to that machine. The WAN IP would have to match the IP associated with the domain if you did this. If you don't want to do that, then the DNS forwarder will also solve your problem by putting in a DNS override that directs your domain to the local IP of the web server machine (your PC will bring up the website properly with the domain name this way, even though it might be using it as a 192.168.X.X kind of address)

I haven't looked at any of the Beta versions yet (don't have a spare machine  ), but multiple WAN NIC card support would be great. That way instead of using another device to combine two different ISP links, I can plug them both into m0n0wall.

I'm doing fine with multiple WAN IP using one card, but it only works when all the IP are within the same subnet, range, etc.  Having the ability to link in another ISP with a completely different IP range, subnet, etc. would be great. I'm sure the outbound NAT could fit into this as well, so that some machines go out one ISP and the others go out the extra ISP on the second WAN NIC.

If it's already in the beta, then ignore me 

Multiple WAN support is one of several features not in m0n0wall that eventually led to the fork that became pfSense. If you have to have that and other "missing" things today, it's over there.

[* certificate management for IPsec, webGUI, OpenVPN and captive portal]

Multiple WAN support is one of several features not in m0n0wall that eventually led to the fork that became pfSense. If you have to have that and other "missing" things today, it's over there.

I've looked at pfSense and well, it was just too much overkill for a single feature. m0n0wall for me is very neat and compact. There are ways to get around the multi-WAN part with hardware if it is necessary, but for me, not necessary enough to convert to another fork of what I consider to be a very solid setup.

I know you can do a multi-WAN setup if you build your own setup, very easy actually, but then you lose the on-going community support that m0n0wall has with it. I just don't see the point in me starting another fork of m0n0wall into wan0wall just for that one feature 

pfSense has it's place as well, I'm not going to put it down, but it only seems natural for m0n0wall to evolve into multiple WAN NIC setups. Not that it's trying to copy pfSense, but each has it's own niche of market that people use it for.

Here's the current to do list for 1.3B which a lot of those already exist in pfSense; so it seems that second WAN NIC in which you can direct with outbound NAT where which IP address should go (it would just be another entry to the second WAN instead of the primary) wouldn't really seem too far out there. 

    * certificate management for IPsec, webGUI, OpenVPN and captive portal
    * allow bouncing with inbound NAT mappings
    * quick-setup wizard
    * NAT on arbitrary IP protocols
    * port scan detection with automatic blackholing
    * per-IP bandwidth stats/accounting
    * support secondary networks on WAN interface (possibly with load balancing)
    * time/day of week based firewall rules
    * dialup backup link (via serial port)
    * high availability (VRRP, CARP, ...)

I would love a fullfledged dualWAN support on m0n0wall... pfSense doesn't quite get me the results I want when it comes to that. It's good as a fail-over but I'm rather disappointed in the bandwidth management of pfSense. If I have two 20M connections I want at least 35M, not 18M...

Multi wan support please

I would like to see oidentd implemented so I can have working ident behind NAT.

multi-wan's would be nice, but I would prefer CARP and Link Aggregation at the moment...

pfSense has no ipv6 support and I have no intentions on moving away from m0n0

What I am looking forward to the most is FreeBSD 8's network stack is now threaded allowing us to run m0n0 on multi-core boxes to achieve even greater performance..

If build system is easier to work with now I would like to see multiple architectures supported, I think some old sparc servers would make excellent routers and nobody wants em anymore.. Mebe not officially supported but easy enough I could roll out a sparc image of my own directly off software repo.

I would like to see oidentd implemented so I can have working ident behind NAT.

You could hack that in without much trouble, it may be too specific of a need to be in a general release. The workon.sh tool may still work (though I haven't tried that on the 8.x images yet myself).

multi-wan's would be nice, but I would prefer CARP and Link Aggregation at the moment...

CARP not very useful without pfsync, which won't work with ipfilter. Could do stateless failover with just CARP but that usually defeats the purpose of having failover. The lagg support from pfSense should be reasonably easy to port over (if someone could give me 36 hours in a day, I'd love to do it...).

pfSense has no ipv6 support and I have no intentions on moving away from m0n0

Funny, I'm actually logged in here via IPv6 going through pfSense. The IPv6 branch is solid. I do like m0n0 too though.

What I am looking forward to the most is FreeBSD 8's network stack is now threaded allowing us to run m0n0 on multi-core boxes to achieve even greater performance..

Unfortunately at this point the packet filters are still giant locked, so that largely doesn't apply to firewall scenarios. The filter is still going to be the primary bottleneck and doesn't really change much in 8.

If build system is easier to work with now I would like to see multiple architectures supported, I think some old sparc servers would make excellent routers and nobody wants em anymore.. Mebe not officially supported but easy enough I could roll out a sparc image of my own directly off software repo.

It's quite a bit of work supporting additional architectures, though if you have some FreeBSD build experience you could probably make that happen. Yeah sparc boxes are cheap up front and easy to come by, but I wouldn't bother even if they were supported - they suck a lot of power for relatively little performance, hence will really cost you over the long run. I would just get an ALIX or an Atom or similar platform, would pay for itself in electricity savings within a couple years or less depending on your power cost. ALIX is likely slower but plenty fast for a lot of uses, an Atom would be comparable if not faster and still considerably less power usage.

Funny, I'm actually logged in here via IPv6 going through pfSense. The IPv6 branch is solid. I do like m0n0 too though.

Actually I tried pfSense once when I heard v6 is quite stable, but the traffic shaper in pfSense su**s a** so hard that I got very confused and switched back to m0n0wall. Here it's plain simple, fairly intuitive, and does exactly what you want.
In pfSense there were 40 billion different options and ways to do things, and I couldn't figure out what would be the equivalent to pipes and queues. That I could assign traffic to. There was stuff that was called this way, but I just couldn't piece it together to make any (pf)sense.

To all, if you want a very simple and easy solution to dual WAN setup install a duolinks sw24 by syswan in front of the monowall gateway....it works well, you may have dual NAT in feeding the monowall WAN from the duo but its very reliable. However with that said its a work around and I too would love to see a dual load balancing WAN feature in monowall in the upcoming months....thanks