you may want to look into the compact Coyote Linux solution. They are easy to configure and the entire package is on a single floppy disk provide more secure to your network. They are available for free or commercial Here are their features: DHCP Connections Static IP Connections PPP Dialup PPPoE Connections DHCP Server IP Chains Firewalling IP Auto-forwarding Linux Floppy Builder PPTP Client Support Their web site is http://www.coyotelinux.com "Brian J. Conway" wrote:
After spending many hours this past week trying to understand ipchains and firewalling in general I have come to the conclusion that I am spending a lot of time trying to recreate something that probably already exists. Does anyone have any experience with either open source or commercial firewalling products that can be configured to work in a small office network and allow VPN connections to larger networks. I do not have a very big budget but would be willing to pay for the appropriate solution.
The approach I use for my home network is with masquerading a set of 10.x IPs. For a configurable office solution I would recommend something commercial or at least far more complex than what I have in use, but my ipchains setup is as follows, for reference:
/sbin/ipchains -F /sbin/ipchains -P forward DENY /sbin/ipchains -A forward -j MASQ -s 10.0.0.254/24 /sbin/ipchains -M -S 43200 120 300 /sbin/modprobe ip_masq_ftp /sbin/modprobe ip_masq_cuseeme /sbin/modprobe ip_masq_irc /sbin/modprobe ip_masq_quake /sbin/modprobe ip_masq_raudio /sbin/modprobe ip_masq_vdolive /sbin/modprobe ip_masq_user /sbin/modprobe ip_masq_icq /sbin/modprobe ip_masq_msn
For VPN-type connectivity I use ppp-over-ssh (search google, there are plenty of howto's on it), but that's more of a hack than a useful solution, though a clever one at that. =)
Brian J. Conway dogbert@clue4all.net Geek for hire: http://clue4all.net/resume
Men may control the free world, but women control the boobs. (http://www.pvponline.com/archive.php3?archive=20001024) _______________________________________________ Wlug mailing list Wlug@mail.wlug.org http://mail.wlug.org/mailman/listinfo/wlug
-- Leon Do Lucent Technologies eServices Group 200 Lucent Lane Cary, NC 27511 email: leondo@lucent.com fax : (919) 463-4379 ph : (919) 463-3149