After spending many hours this past week trying to understand ipchains and firewalling in general I have come to the conclusion that I am spending a lot of time trying to recreate something that probably already exists. Does anyone have any experience with either open source or commercial firewalling products that can be configured to work in a small office network and allow VPN connections to larger networks. I do not have a very big budget but would be willing to pay for the appropriate solution.
The approach I use for my home network is with masquerading a set of 10.x IPs. For a configurable office solution I would recommend something commercial or at least far more complex than what I have in use, but my ipchains setup is as follows, for reference: /sbin/ipchains -F /sbin/ipchains -P forward DENY /sbin/ipchains -A forward -j MASQ -s 10.0.0.254/24 /sbin/ipchains -M -S 43200 120 300 /sbin/modprobe ip_masq_ftp /sbin/modprobe ip_masq_cuseeme /sbin/modprobe ip_masq_irc /sbin/modprobe ip_masq_quake /sbin/modprobe ip_masq_raudio /sbin/modprobe ip_masq_vdolive /sbin/modprobe ip_masq_user /sbin/modprobe ip_masq_icq /sbin/modprobe ip_masq_msn For VPN-type connectivity I use ppp-over-ssh (search google, there are plenty of howto's on it), but that's more of a hack than a useful solution, though a clever one at that. =) Brian J. Conway dogbert@clue4all.net Geek for hire: http://clue4all.net/resume Men may control the free world, but women control the boobs. (http://www.pvponline.com/archive.php3?archive=20001024)