After spending many hours this past week trying to understand ipchains and firewalling in general I have come to the conclusion that I am spending a lot of time trying to recreate something that probably already exists. Does anyone have any experience with either open source or commercial firewalling products that can be configured to work in a small office network and allow VPN connections to larger networks. I do not have a very big budget but would be willing to pay for the appropriate solution. Mike
ipchains/iptables will do what you want. I forget the actual syntax, but you just canmaek a script (traditionally caleld rc.firewall) in your startup scripts and have ti run ipchains/iptables with the correct info. I can find out what the correct syntax is if you ened it. You can prolly do ipchains --help or iptables --help (for 2.4.x) These are free solutions btw. Orbitz Michael Long wrote:
After spending many hours this past week trying to understand ipchains and firewalling in general I have come to the conclusion that I am spending a lot of time trying to recreate something that probably already exists. Does anyone have any experience with either open source or commercial firewalling products that can be configured to work in a small office network and allow VPN connections to larger networks. I do not have a very big budget but would be willing to pay for the appropriate solution.
Mike _______________________________________________ Wlug mailing list Wlug@mail.wlug.org http://mail.wlug.org/mailman/listinfo/wlug
After spending many hours this past week trying to understand ipchains and firewalling in general I have come to the conclusion that I am spending a lot of time trying to recreate something that probably already exists. Does anyone have any experience with either open source or commercial firewalling products that can be configured to work in a small office network and allow VPN connections to larger networks. I do not have a very big budget but would be willing to pay for the appropriate solution.
The approach I use for my home network is with masquerading a set of 10.x IPs. For a configurable office solution I would recommend something commercial or at least far more complex than what I have in use, but my ipchains setup is as follows, for reference: /sbin/ipchains -F /sbin/ipchains -P forward DENY /sbin/ipchains -A forward -j MASQ -s 10.0.0.254/24 /sbin/ipchains -M -S 43200 120 300 /sbin/modprobe ip_masq_ftp /sbin/modprobe ip_masq_cuseeme /sbin/modprobe ip_masq_irc /sbin/modprobe ip_masq_quake /sbin/modprobe ip_masq_raudio /sbin/modprobe ip_masq_vdolive /sbin/modprobe ip_masq_user /sbin/modprobe ip_masq_icq /sbin/modprobe ip_masq_msn For VPN-type connectivity I use ppp-over-ssh (search google, there are plenty of howto's on it), but that's more of a hack than a useful solution, though a clever one at that. =) Brian J. Conway dogbert@clue4all.net Geek for hire: http://clue4all.net/resume Men may control the free world, but women control the boobs. (http://www.pvponline.com/archive.php3?archive=20001024)
you may want to look into the compact Coyote Linux solution. They are easy to configure and the entire package is on a single floppy disk provide more secure to your network. They are available for free or commercial Here are their features: DHCP Connections Static IP Connections PPP Dialup PPPoE Connections DHCP Server IP Chains Firewalling IP Auto-forwarding Linux Floppy Builder PPTP Client Support Their web site is http://www.coyotelinux.com "Brian J. Conway" wrote:
After spending many hours this past week trying to understand ipchains and firewalling in general I have come to the conclusion that I am spending a lot of time trying to recreate something that probably already exists. Does anyone have any experience with either open source or commercial firewalling products that can be configured to work in a small office network and allow VPN connections to larger networks. I do not have a very big budget but would be willing to pay for the appropriate solution.
The approach I use for my home network is with masquerading a set of 10.x IPs. For a configurable office solution I would recommend something commercial or at least far more complex than what I have in use, but my ipchains setup is as follows, for reference:
/sbin/ipchains -F /sbin/ipchains -P forward DENY /sbin/ipchains -A forward -j MASQ -s 10.0.0.254/24 /sbin/ipchains -M -S 43200 120 300 /sbin/modprobe ip_masq_ftp /sbin/modprobe ip_masq_cuseeme /sbin/modprobe ip_masq_irc /sbin/modprobe ip_masq_quake /sbin/modprobe ip_masq_raudio /sbin/modprobe ip_masq_vdolive /sbin/modprobe ip_masq_user /sbin/modprobe ip_masq_icq /sbin/modprobe ip_masq_msn
For VPN-type connectivity I use ppp-over-ssh (search google, there are plenty of howto's on it), but that's more of a hack than a useful solution, though a clever one at that. =)
Brian J. Conway dogbert@clue4all.net Geek for hire: http://clue4all.net/resume
Men may control the free world, but women control the boobs. (http://www.pvponline.com/archive.php3?archive=20001024) _______________________________________________ Wlug mailing list Wlug@mail.wlug.org http://mail.wlug.org/mailman/listinfo/wlug
-- Leon Do Lucent Technologies eServices Group 200 Lucent Lane Cary, NC 27511 email: leondo@lucent.com fax : (919) 463-4379 ph : (919) 463-3149
On Mon, Apr 02, 2001 at 09:36:43PM -0400, Michael Long wrote:
of time trying to recreate something that probably already exists. Does anyone have any experience with either open source or commercial firewalling products that can be configured to work in a small office network and allow VPN connections to larger networks. I do not have a very big budget but would
define "VPN connections". do you mean IPSec, or some third-party (ie: proprietary) VPN connection? If you want IPSec, you can look at FreeS/WAN which interoperates with several different vendor's IPSec implementations. (http://www.xs4all.nl/~freeswan/) As was mentioned, PPP over SSH works (klugy, but I've done it and it works fairly decently) as well. ipchains/iptables will take care of your firewalling needs. VPN is a completely different puppy though. -- Randomly Generated Tagline: "So Lone Star ... Now you see that evil will always triumph because good is dumb." - Space Balls
participants (5)
-
Brian J. Conway -
Doctor Orbitz -
Leon Do -
Michael Long -
Theo Van Dinter