[Shorewall-users] Design Problems for VPN/Transparent Firewall
Sun, 13 Jan 2002 14:29:30 -0600 (CST)
Quoting Tom Eastep <email@example.com>:
> Ok -- what function does your DSL router play?
The DSL router currently passes all traffic to a network switch, through which
all hosts currently access the internet directly --- using only local security
measures (personal firewall, ipchains, etc.)
> - From your ISP's point of view, does it act as the gateway to your /25
- Does it physically interface to the phone line or is there a "dsl
> outbound of it?
Not sure what you mean here. It is a Cisco 678, connected to a dedicated (non-
shared "dry pair") business circuit. LAN-side, it is attached to a workgroup
> 2. Allowing any given host on that protected subnet to access just
> > about any given type of VPN system at a variety client sites. (ruling
> > NAT, necessarily)
> That's a routing requirement, not a firewall requirement.
By "allowing" I mean not interfering with "aggressive" VPN connections -- which
NAT firewalls hose.
> > 3. Having the gateway/firewall act as the VPN gateway connecting
> > remote office subnets together seamlessly.
Given my intent to create an simple (relative term here) appliance that does
both VPN management and filtering, I am concerned the two applications don't
make life difficult for each other -- I wasn't sure if your comments in the doc
would be show-stoppers...
> Let's answer the questions about the DSL router first then I'll give you
I am looking forward to them :)
Thanks for helping,