[Shorewall-users] Design Problems for VPN/Transparent Firewall

Tom Eastep teastep@shorewall.net
Sun, 13 Jan 2002 12:18:04 -0800

On Sunday 13 January 2002 12:13 pm, dgilleece@optimumnetworks.com wrote:
> Tom,
> Thanks for the response.  My exact requirements are:
> 1.  Protecting ~124 hosts behind the device with configurable firewall
> rules.

Ok -- what function does your DSL router play?

- From your ISP's point of view, does it act as the gateway to your /25=20
- Does it physically interface to the phone line or is there a "dsl modem=
outbound of it?

2.  Allowing any given host on that protected subnet to access just
> about any given type of VPN system at a variety client sites.  (ruling =
> NAT, necessarily)

That's a routing requirement, not a firewall requirement.

> 3.  Having the gateway/firewall act as the VPN gateway connecting three
> remote office subnets together seamlessly.


> 4.  Logging intrusion attempts.


> 5.  Ad hoc configurable rules to allow machines unfiltered access for
> periodic testing activities


> If you can guide me on sound configs, or let me know if I'm on the righ=
> track, I'd much appreciate it.

Let's answer the questions about the DSL router first then I'll give you =

Tom Eastep    \ A Firewall for Linux 2.4.*
AIM: tmeastep  \ http://www.shorewall.net
ICQ: #60745924  \ teastep@shorewall.net