From owner-freebsd-questions Fri Jul 9 12:45: 0 1999 Delivered-To: freebsd-questions@freebsd.org Received: from dorthy.state.net (dorthy.state.net [209.234.62.254]) by hub.freebsd.org (Postfix) with ESMTP id 0693214EEC for ; Fri, 9 Jul 1999 12:44:58 -0700 (PDT) (envelope-from jon.passki@neicoltech.org) Received: from lp020001 (209-234-63-231.state.net [209.234.63.231] (may be forged)) by dorthy.state.net (8.8.8/8.7.2) with SMTP id OAA14873 for ; Fri, 9 Jul 1999 14:43:40 -0500 (CDT) From: "Jon Passki" To: Subject: Oh, boy, another VPN question Date: Fri, 9 Jul 1999 14:44:39 -0500 Message-ID: <000201beca43$7b2cb660$af00a8c0@lp020001.neicoltech.org> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook 8.5, Build 4.71.2173.0 X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3110.3 Importance: Normal Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Okay, I've browsed the mail archive on http://www.freebsd.org and http://www.deja.com for a FreeBSD + VPN solution w/ interoperability on a Windows NT network. SKIP, NATD/IPFW, IPFilter, IPSec, SSH, yadda yadda yadda... I'll lay out the scenario, and see what the guru's say :) ---------- | Client | Microsoft Client (95, 98, NT) Primarily. ---------- FreeBSD Client Secondary. | Internet Connection, don't care how the client connects | just that their client software supports the connection. | Internet Connection | ------------------ | Uplink's Cisco | | 3000 Router | ------------------ | x.x.x.254 (x.x.x.0/24 is a registered range) | | x.x.x.231 (fxp0) -------------- |DMZ Gateway | FreeBSD 3.2 w/ NATD/IPFW and DHCP on the internal -------------- | 192.168.0.1 (vx0) | | 192.168.0.0/16 ]--------------[ NT Network w/ a variety of servers needed for internal development, file access, and other resources What have people used or seen to let a client (running whatever client software) get access to the internal network, and access the internal resources (printers, file servers, ...)? I DON'T want to have an NT Server on the DMZ (I ph33r NT's security :), so the choice is to incorporate either a proxy into the FreeBSD box, or to configure the existing setup. Would there be a better solution other to any I have suggestion? Jon Passki To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message