Date: Thu, 26 Apr 2001 07:15:36 -0700 From: "Caleb Walker" <cwalker@cwalk.org> To: "James Housley" <jim@thehousleys.net>, <freebsd-questions@FreeBSD.ORG> Subject: Re: PPTP and firewalls, can I? Message-ID: <001901c0ce5b$5d72e310$2701a8c0@cwalk.org> References: <3AE82B7E.F4E68DDC@thehousleys.net>
next in thread | previous in thread | raw e-mail | index | archive | help
I have one IP and go through my FreeBSD firewall/router for vpn you dont need 62 ip addresses ----- Original Message ----- From: "James Housley" <jim@thehousleys.net> To: <freebsd-questions@FreeBSD.ORG> Sent: Thursday, April 26, 2001 7:06 AM Subject: PPTP and firewalls, can I? > I have been asked to help solve a problem with a local Non Profit > company. They have about 50 machines plus printers and such running > Win9x on their local network and a single IP with NAT to the internet. > They have about 15 machines that need PPTP to connect to an external > inventory/billing company. They have tried all sorts of other > solutions. > > I am proposing that they get a block of 64 IPs and give each machine an > IP. > Install PPTP on the 15 that need it and give them all a block of > addresses together at one end of the IP block. > Give the rest of the machines IPs starting at the other end of the > block. > Install FreeBSD as the router with a firewall. > - Lock down almost all access to the "normal" machines. > - Block the vunerable ports (NetBIOS, etc) on the PPTP machines. > - There would be no need for NAT. > > I am being told that it is hard to find a firewall that can pass 15 PPTP > sessions at the same time, but I think they are confusing firewall&NAT > with straight firewalling. > > 1) Will this work? > > 2) Am I missing something obvious? > > Jim > -- > /"\ ASCII Ribbon Campaign . > \ / - NO HTML/RTF in e-mail . > X - NO Word docs in e-mail . > / \ ----------------------------------------------------------------- > jeh@FreeBSD.org http://www.FreeBSD.org The Power to Serve > jim@TheHousleys.Net http://www.TheHousleys.net > --------------------------------------------------------------------- > Progress (n) : What led from smart users in front of dumb terminals to > dumb users in front of smart terminals. > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?001901c0ce5b$5d72e310$2701a8c0>