[Shorewall-users] Design Problems for VPN/Transparent Firewall
Sun, 13 Jan 2002 12:18:04 -0800
On Sunday 13 January 2002 12:13 pm, firstname.lastname@example.org wrote:
> Thanks for the response. My exact requirements are:
> 1. Protecting ~124 hosts behind the device with configurable firewall
Ok -- what function does your DSL router play?
- From your ISP's point of view, does it act as the gateway to your /25=20
- Does it physically interface to the phone line or is there a "dsl modem=
outbound of it?
2. Allowing any given host on that protected subnet to access just
> about any given type of VPN system at a variety client sites. (ruling =
> NAT, necessarily)
That's a routing requirement, not a firewall requirement.
> 3. Having the gateway/firewall act as the VPN gateway connecting three
> remote office subnets together seamlessly.
> 4. Logging intrusion attempts.
> 5. Ad hoc configurable rules to allow machines unfiltered access for
> periodic testing activities
> If you can guide me on sound configs, or let me know if I'm on the righ=
> track, I'd much appreciate it.
Let's answer the questions about the DSL router first then I'll give you =
Tom Eastep \ A Firewall for Linux 2.4.*
AIM: tmeastep \ http://www.shorewall.net
ICQ: #60745924 \ email@example.com