General Questions

Hello Everyone,

Thank you to everyone that has had a hand in the development and support of Monowall.  It appears to be a great product with great support for the community.

We are new to monowall, but  have had some experience with IPCop and have a few questions about the features that are unclear anywhere that I have looked so far. 

So I turn to you the community for answers.

It appears monowall has QOS that would benefit a system with VOIP.  Can someone please confirm this.

Does it have SSH capability, if not a suitable alternative?

If I had a box setup up with 1 input and 8 ouput jacks could I use the Monowall as a router/switch as well?

Does it allow plugin modules?  Like Open VPN?  How easy are they to setup?  I have seen posts that say yah and some that say nah.

Does Monowall use the annoying zones like IPCop.  Don't get me wrong... the zone concept is a great idea for security, but for what we need, imagine a room of developers, its overkill.  Everything that I have seen so far says no.


Thank you in advance for any help.

It appears monowall has QOS that would benefit a system with VOIP.  Can someone please confirm this.

yes

Does it have SSH capability, if not a suitable alternative?

No, it's not necessary though. Unlike IPCop, you can actually do everything in the webGUI. 

If I had a box setup up with 1 input and 8 ouput jacks could I use the Monowall as a router/switch as well?

Not as a switch since you can't bridge multiple interfaces together, but as a router, yes. Generally because of the overhead involved in filtering with any software or device, you don't want to do something like this unless you use some beefy hardware.

Does it allow plugin modules?  Like Open VPN? 

no

Does Monowall use the annoying zones like IPCop.  Don't get me wrong... the zone concept is a great idea for security, but for what we need, imagine a room of developers, its overkill.  Everything that I have seen so far says no.

I'm not exceptionally familiar with IPCop - what do you mean by zones?

Thanks for the reply Chris.

The zones, I am probably not using the exact terminology that IPCop uses, are the way they classify the different subnets available and are controlled per NIC card installed.

Red - Interface to the public, reserved only for the IPCop server.
Green - Workstations or the common setup in a single subnet network like home or small office.
Orange - Servers, DMZ, not accessible by the green unless you open a pin hole.
Blue - Wireless interface, segregated from all other interfaces.

So what we had was RED, GREEN, ORANGE, BLUE, until we lost the blue due to a bad WiFi router.

This setup is very secure, but a little overkill for what we need.  We could have pruned the setup to be just Red - Green, the bare minimum, but we were setting it all up by the book when we started.

We would probably do it differently now.

Just to follow up on Chris's response about the QOS on m0n0wall - I've used it on a production basis for several months now and it works great - even using a m0n0wall derivative (AskoziaPBX) for our VOIP hub. :-)

Thanks for the reply Chris.

The zones, I am probably not using the exact terminology that IPCop uses, are the way they classify the different subnets available and are controlled per NIC card installed.

Red - Interface to the public, reserved only for the IPCop server.
Green - Workstations or the common setup in a single subnet network like home or small office.
Orange - Servers, DMZ, not accessible by the green unless you open a pin hole.
Blue - Wireless interface, segregated from all other interfaces.

So what we had was RED, GREEN, ORANGE, BLUE, until we lost the blue due to a bad WiFi router.

What a needlessly complex abstraction.  Out of the box, m0n0wall has 2 interfaces, LAN and WAN.  You can add more.  Out of the box LAN can go anywhere, and WAN is blocked.  New interfaces have no rules allowing anything until you make them.