[Shorewall-users] Design Problems for VPN/Transparent Firewall

Tom Eastep teastep@shorewall.net
Sun, 13 Jan 2002 12:18:04 -0800


On Sunday 13 January 2002 12:13 pm, dgilleece@optimumnetworks.com wrote:
> Tom,
>
> Thanks for the response.  My exact requirements are:
>
> 1.  Protecting ~124 hosts behind the device with configurable firewall
> rules.

Ok -- what function does your DSL router play?

- From your ISP's point of view, does it act as the gateway to your /25=20
network?
- Does it physically interface to the phone line or is there a "dsl modem=
"=20
outbound of it?

2.  Allowing any given host on that protected subnet to access just
> about any given type of VPN system at a variety client sites.  (ruling =
out
> NAT, necessarily)

That's a routing requirement, not a firewall requirement.

> 3.  Having the gateway/firewall act as the VPN gateway connecting three
> remote office subnets together seamlessly.

Ditto.

> 4.  Logging intrusion attempts.

Ok.

> 5.  Ad hoc configurable rules to allow machines unfiltered access for
> periodic testing activities

Ok.

>
> If you can guide me on sound configs, or let me know if I'm on the righ=
t
> track, I'd much appreciate it.

Let's answer the questions about the DSL router first then I'll give you =
my=20
thoughts.

-Tom
--=20
Tom Eastep    \ A Firewall for Linux 2.4.*
AIM: tmeastep  \ http://www.shorewall.net
ICQ: #60745924  \ teastep@shorewall.net