Date: Thu, 26 Apr 2001 10:06:54 -0400 From: James Housley <jim@thehousleys.net> To: freebsd-questions@freebsd.org Subject: PPTP and firewalls, can I? Message-ID: <3AE82B7E.F4E68DDC@thehousleys.net>
next in thread | raw e-mail | index | archive | help
I have been asked to help solve a problem with a local Non Profit company. They have about 50 machines plus printers and such running Win9x on their local network and a single IP with NAT to the internet. They have about 15 machines that need PPTP to connect to an external inventory/billing company. They have tried all sorts of other solutions. I am proposing that they get a block of 64 IPs and give each machine an IP. Install PPTP on the 15 that need it and give them all a block of addresses together at one end of the IP block. Give the rest of the machines IPs starting at the other end of the block. Install FreeBSD as the router with a firewall. - Lock down almost all access to the "normal" machines. - Block the vunerable ports (NetBIOS, etc) on the PPTP machines. - There would be no need for NAT. I am being told that it is hard to find a firewall that can pass 15 PPTP sessions at the same time, but I think they are confusing firewall&NAT with straight firewalling. 1) Will this work? 2) Am I missing something obvious? Jim -- /"\ ASCII Ribbon Campaign . \ / - NO HTML/RTF in e-mail . X - NO Word docs in e-mail . / \ ----------------------------------------------------------------- jeh@FreeBSD.org http://www.FreeBSD.org The Power to Serve jim@TheHousleys.Net http://www.TheHousleys.net --------------------------------------------------------------------- Progress (n) : What led from smart users in front of dumb terminals to dumb users in front of smart terminals. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3AE82B7E.F4E68DDC>