From owner-freebsd-questions Thu Apr 26 7:16:47 2001 Delivered-To: freebsd-questions@freebsd.org Received: from cwalk.org (sc-24-24-206-138.socal.rr.com [24.24.206.138]) by hub.freebsd.org (Postfix) with ESMTP id 6099237B423 for ; Thu, 26 Apr 2001 07:16:43 -0700 (PDT) (envelope-from cwalker@cwalk.org) Received: from ramon (oscar [192.168.1.39]) by cwalk.org (8.11.3/8.9.3) with SMTP id f3QEGUC05739; Thu, 26 Apr 2001 07:16:31 -0700 (PDT) (envelope-from cwalker@cwalk.org) Message-ID: <001901c0ce5b$5d72e310$2701a8c0@cwalk.org> From: "Caleb Walker" To: "James Housley" , References: <3AE82B7E.F4E68DDC@thehousleys.net> Subject: Re: PPTP and firewalls, can I? Date: Thu, 26 Apr 2001 07:15:36 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2462.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2462.0000 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG I have one IP and go through my FreeBSD firewall/router for vpn you dont need 62 ip addresses ----- Original Message ----- From: "James Housley" To: Sent: Thursday, April 26, 2001 7:06 AM Subject: PPTP and firewalls, can I? > I have been asked to help solve a problem with a local Non Profit > company. They have about 50 machines plus printers and such running > Win9x on their local network and a single IP with NAT to the internet. > They have about 15 machines that need PPTP to connect to an external > inventory/billing company. They have tried all sorts of other > solutions. > > I am proposing that they get a block of 64 IPs and give each machine an > IP. > Install PPTP on the 15 that need it and give them all a block of > addresses together at one end of the IP block. > Give the rest of the machines IPs starting at the other end of the > block. > Install FreeBSD as the router with a firewall. > - Lock down almost all access to the "normal" machines. > - Block the vunerable ports (NetBIOS, etc) on the PPTP machines. > - There would be no need for NAT. > > I am being told that it is hard to find a firewall that can pass 15 PPTP > sessions at the same time, but I think they are confusing firewall&NAT > with straight firewalling. > > 1) Will this work? > > 2) Am I missing something obvious? > > Jim > -- > /"\ ASCII Ribbon Campaign . > \ / - NO HTML/RTF in e-mail . > X - NO Word docs in e-mail . > / \ ----------------------------------------------------------------- > jeh@FreeBSD.org http://www.FreeBSD.org The Power to Serve > jim@TheHousleys.Net http://www.TheHousleys.net > --------------------------------------------------------------------- > Progress (n) : What led from smart users in front of dumb terminals to > dumb users in front of smart terminals. > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message