Is the Download version of MNF Crippleware?

[Windependent]

After spending a number of weeks beating my head against the wall trying to get the download version of Mandrake's Multi-Network Firewall to work properly, I've given up. I'm absolutely convinced that there's no way to get the download version of the software to work properly using the program's default installation methods.

 

Its almost as if the free-download edition of this product (the retail version costs US$1,900.00) is nothing but a fake download that's been designed as a ruse to make it appear that Mandrake is actually satisfying the terms of the Linux GPL. I wouldn't be surprised if the download version has been intentionally crippled in order to force customers to buy the $1900 retail version of the software.

 

If ANYONE here has successfully installed the download version of MNF and gotten the software to work using the default installation procedure and the web based interface, I want to hear about it. Hell, I'll even PAY you to come over to my place and prove to me that its possible. One caveat -- all of the installation has to be done using the default installation procedure and the web based administrative interface -- No custom programming or editing of the configuration files through the root account will be allowed.

 

After weeks of trying to get MNF to work, I'm convinced that the download version is nothing more than a totally bogus GPL compliance fake. I'd love to have somebody here prove me wrong, so please speak up!

[fissy]

you don't have to offer software for download to comply with the gpl, you just have to offer the sources should you provide it. I don't think you can download RedHats server products for example.

 

-fissy

[aRTee]

It doesn't fit with Mandrake to make it crippleware on purpose. To be honest, it may be that way unintentionally.

 

However, before you continue with accusations etc, can you please indicate what hardware you are using exactly, and which Mandrake versions actually got installed and ran without command line edition on that hardware, if any?

Did you take the proper BIOS settings?

 

Lastly, I don't think it is fair to state: without command line editing or su to root.

 

This is linux, that is how it is done. And it happens to be the best way for the guru and advanced users. There is a reason for that too.

[Gowator]

I have to agree with aRTee vis the su to root and CLI.

This is a firewall product ... after all.

 

However regarding crippleware, kinda depends how you define it??

 

Mandrake Move might be considered crippleware since the download edition is obviously designed as a trail and prevents you from saving to a USB key....

 

The lack of source in MDK 9.2 download edition is gettingt here... however I guess if you downlad 3x650MB CD's then downloading another few hundred megs of source is ... OK.

(Of course doesn't help people who get a friend to burn the Cd etc.... )

 

Its all a bit sticky.

In the end Mandrake need to convince people to part with their hard earned money for a distro....

Much as I like Free (libre) I also know they need to make money so I dont mind....

and the basic distro is pretty cheap anyway :D

 

However, quite how mandrake go about convincing people to part with their cash is another matter.....

US$1,900.00 is a pretty big number so I wouldnt be surprised if they 'paid less attention' to the download edition than they might. In other words they expect people to buy it if they use it ???

 

I really dunno, Im just speculating here.... Mandrake seem to yhave very strange ideas every so often

[Windependent]

However, before you continue with accusations etc, can you please indicate what hardware you are using exactly, and which Mandrake versions actually got installed and ran without command line edition on that hardware, if any?

Did you take the proper BIOS settings?

fair enough. i have to admit, i was pretty upset when i started this thread, after having had MNF lock up on me and require an umpteenth reinstallation.

 

I am getting the same results on three different boxes:

1. Dell Optiplex P3/800 MHz with 256 MB RAM

2. FIC PA-2007 MB, with P200 with 128 MB RAM

3. Gateway P133 with 64 MB RAM

 

The problems I've encountered have been the same on each machine. Just for the sake of verifying that the boxes aren't hostile to Linux, I've successfully used the following distros on them without any install problems: Mandrake 9.2 (ISO Download), Suse 9.0 (FTP), RedHat 9.0 (Distro CD), and the current release of Knoppix (Distro CD). All of them installed without a hitch - no command line editing required.

 

Interestingly I can't even get MDK Move (download) to boot on any of them. During bootup, none of the machines go any farther than a blank blue screen. Just for reference the LiveEval versions of other distro like Suse 9.0 and Knoppix work just fine, and the checksums on the MNF and MOVE CDs check out alright.

 

Now I can understand somebody pointing the finger at a pair of old Pentium-class PCs as potential problems, but the Dell Optiplex is a standard business-class PC that is certified on RedHat.

 

What BIOS settings are you referring to?

 

Lastly, I don't think it is fair to state: without command line editing or su to root.

 

This is linux, that is how it is done. And it happens to be the best way for the guru and advanced users. There is a reason for that too.

My point wasn't to argue that I expect to run a linux box without ever going to root. Rather, I'm just concerned that MNF is advertised to be completely manageable and configurable from the Administrator's Web Interface. Unfortunately, MNF-download doesn't work as advertised.

 

There are plenty of threads in this message base about MNF-download locking up when people try to utilize the Administrative interface as it was designed to be used. There are also plenty of threads in this message base from users with varying levels of expertise who have NEVER been able to get MNF to work as advertised.

 

Playing the devil's advocate, I can't see that there's any added value in an expensive package like MNF (which claims to offer easy setup and turnkey installation through the Admin Web Interface) if you end up having to do all of the system configuration via the command line. If I had planned on designing and entire system and configuring it from the command line, I might as will have built a firewall on FreeBSD. As it stands right now, it looks like I'm dealing with one of two situations: 1) MNF-download is crippleware, or 2) MNF-download isn't crippleware, and MNF just sucks as a turnkey solution.

 

Unless MNF-download is crippleware, it seems pretty hard to justify the $1900 price tag for MNF. With MNF, you're being asked to pay a $1900 premium to someone who's designed a turnkey solution that spares you from having to design the system yourself and to do all of the configuration manually. If you end-up having to reverse engineer MNF and do all of the work yourself from the command line, wouldn't it make more sense to just save $1900 and start-off on a clean slate with FreeBSD?

 

Mandrake Move might be considered crippleware since the download edition is obviously designed as a trail and prevents you from saving to a USB key....

That fits my criteria!

[Guest emetib]

i have a couple of questions for you.

 

1. what are you putting the security level to when you install?

2. is ssh running once you reboot?

3. is https running once you reboot?

4. is webmin running when you reboot?

 

have you taken a look at the /etc/hosts... files to see if there is anything blocking you or if you might have to add anything in there? i know in the 9.1 server you have to add just one line to be able to get into the box.

 

also if someone wants to just have a system that works out of the box. they would have someone host it for them.

[Gowator]

hehe, I honestly get your point.

 

Erm, Why is it $1,900 ... I guess for the same reason dogs lick their *****

 

I think the CLUE is in the name.... or at least description....

 

A turnkey firewall.

 

Can such a thing exist ????

 

What is a firewall solution .....

Its a security measure to isolate PC's on a network from another network... and allow only certain requests to filter through ... ???

 

However most security is based on ignorance.

 

In reality what does MNF actually do ?? Anything that can't be set up through Webmin ? I dunno cos i aint tried it .... point is its just a linux kernel, and a couple of wizard things for an interface so the wizards are $1900.

 

If you expect a wizard to work anywhere near as effective as a CLI then think again.

 

In reality the product is probably there to allow people to buy it :D

People who WANT to spend $1900 on a firewall. (in other words companies like mine. ... although I doubt they would consider only paying 1900 ... it must be crap if its so cheap. )

 

Now to be honest I don't know which scenario it is.....

 

SURELY No company would advertise a product by giving a crippled version out and FORGETTING to say its crippled ??? Like I said Mandrake business policy sometimes seems to come from another planet .....

 

This whole thing about not including the source on the download edition just proves it. I dunno if they even considered how useless Mandrake is without the source ? Same with Mandrake Move, they seem to have taken the one genuinely useful feature and turned it off spo that anyone comparing it to knoppix will just say WELL, the number one feature I use doesn't work int he trial edition SO I have no intention of doing a long term trial.

[Windependent]

1.  what are you putting the security level to when you install?

2. is ssh running once you reboot?

3. is https running once you reboot?

4.  is webmin running when you reboot?

1. do you have hands-on experience with MNF installation, or are you just familiar with linux in general?

 

During MNF installation the administrator is not allowed to set the security level. the installation script makes all of the changes transparently to the user. from a practical standpoint, you have no input whatsoever beyond selecting your language and location, telling MNF what the interfaces hardware is for the WAN and LAN connections, and specifying your passwords for root, admin, and user accounts. MNF does the rest in black box fashion. you have no input and no control.

 

2. yes

 

3. yes

 

4. yes

[Windependent]

SURELY No company would advertise a product by giving a crippled version out and FORGETTING to say its crippled ???  Like I said Mandrake business policy sometimes seems to come from another planet .....

well, MOVE is advertised as a portable platform that uses a USB key. if you look on the Mandrake web site there's no disclosure that the USB key functionality is not available in the download version. (at least i couldn't find such a statement). so using MOVE as an example, Mandrake is putting out demos that are crippled without telling you that they're crippled. somebody please correct me on this if i am wrong.

 

now if i'm right on the previous assumption, and Mandrake has published a crippled version of MOVE for download without disclosing it as such, why would anyone think that the $1900 MNF demo would be anything other than crippleware?

 

This whole thing about not including the source on the download edition just proves it.  I dunno if they even considered how useless Mandrake is without the source ?  Same with Mandrake Move, they seem to have taken the one genuinely useful feature and turned it off spo that anyone comparing it to knoppix will just say WELL, the number one feature I use doesn't work int he trial edition SO I have no intention of doing a long term trial.

I agree completely! what is the point in downloading trial software that doesn't even let you try out the features of the software? Mandrake, WAKE UP! There's a reason that Knoppix is more popular than Move!

 

I don't mean to bash Mandrake, but as a distribution, I've always been a bit skeptical of Mandrake because the crippled demos and the absence of the source code. There are just too many other good distro options available that are more user friendly.

[Guest sean_dunlop]

I am trialling the MNF download version in a Govt production environment. We are using a pair of Checkpoint Secure Platforms, attached to separate ISP's, to provide border protection. A pair of Mandrake MNF firewalls will connect the corporate LAN to the Internet via the DMZ (Bastion Realm). The LAN will have 2 possible exit points (the mandrakes) managed by OSPF. BGP will handle the external paths.

 

The only thing I have had to use the console for has been routing and implementing startup routing scripts.

 

MNF frustrated me at first but then I RTFM.

 

The main problem I believe is that the Mandrake wizards are a bit confusing. Understanding the way MNF (shorewall, iptables etc) operates and secures is the biggest hurdle in my mind but if you have had to cross a few firewall platforms already then you will be familiar with such differences.

 

My advice = RTFM

[Guest sean_dunlop]

I am trialling the MNF download version in a Govt production environment. We are using a pair of Checkpoint Secure Platforms, attached to separate ISP's, to provide border protection. A pair of Mandrake MNF firewalls will connect the corporate LAN to the Internet via the DMZ (Bastion Realm). The LAN will have 2 possible exit points (the mandrakes) managed by OSPF. BGP will handle the external paths.

 

The only thing I have had to use the console for has been routing and implementing startup routing scripts.

 

MNF frustrated me at first but then I RTFM.

 

The main problem I believe is that the Mandrake wizards are a bit confusing. Understanding the way MNF (shorewall, iptables etc) operates and secures is the biggest hurdle in my mind but if you have had to cross a few firewall platforms already then you will be familiar with such differences.

 

My advice = RTFM

 

PS - I have no problems administering MNF with latest IE version

[Gowator]

sounds about right...

the whole mandrake and shorewall setup in MDK is 'weird' to say the least.

 

Im not sure what MNF has over soe of the other FREE only firewalls? In the end iptables is iptables ??? or is it the setup wizards ??

[Windependent]

MNF frustrated me at first but then I RTFM.

 

The main problem I believe is that the Mandrake wizards are a bit confusing. Understanding the way MNF (shorewall, iptables etc) operates and secures is the biggest hurdle in my mind but if you have had to cross a few firewall platforms already then you will be familiar with such differences.

 

My advice = RTFM

I fully appreciate the recommendation to RTFM. But with MNF, there isn't a real manual, is there? Sure, there's an online manual that's the equivalent of the crappy help screens in the mandrake wizards, but that's about it.

 

Just so you don't get the idea I'm some dumbass who can't RTFM, I've set up shorewall/IPTables firewalls on multiple platforms, including BSD and Gentoo. The way I look at it, if I can put up with the tedium of a Stage 1 Gentoo installation and manually configuring shorewall/iptables, a "turnkey firewall" like MNF should be an easily attainable solution. The bottom line is that MNF is kludgy and the documentation just sucks. I'm convinced that some of the kludges are intentionally poorly documented in the download release. Most people would encounter alot less headaches by just skipping MNF and installing Shorewall on any modern secure linux kernel.