From owner-freebsd-questions Thu Apr 26 8:36:18 2001 Delivered-To: freebsd-questions@freebsd.org Received: from probity.mcc.ac.uk (probity.mcc.ac.uk [130.88.200.94]) by hub.freebsd.org (Postfix) with ESMTP id 5A8B737B423 for ; Thu, 26 Apr 2001 08:36:15 -0700 (PDT) (envelope-from rasputin@freebsd-uk.eu.org) Received: from dogma.freebsd-uk.eu.org ([130.88.200.97] ident=root) by probity.mcc.ac.uk with esmtp (Exim 2.05 #4) id 14snoQ-000Pye-00; Thu, 26 Apr 2001 16:36:10 +0100 Received: (from rasputin@localhost) by dogma.freebsd-uk.eu.org (8.11.1/8.11.1) id f3QFa9R39397; Thu, 26 Apr 2001 16:36:09 +0100 (BST) (envelope-from rasputin) Date: Thu, 26 Apr 2001 16:36:09 +0100 From: Rasputin To: James Housley Cc: questions@freebsd.org Subject: Re: PPTP and firewalls, can I? Message-ID: <20010426163609.A39160@dogma.freebsd-uk.eu.org> Reply-To: Rasputin References: <3AE82B7E.F4E68DDC@thehousleys.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0.1i In-Reply-To: <3AE82B7E.F4E68DDC@thehousleys.net>; from jim@thehousleys.net on Thu, Apr 26, 2001 at 10:06:54AM -0400 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG * James Housley [010426 15:08]: > I have been asked to help solve a problem with a local Non Profit > company. They have about 50 machines plus printers and such running > Win9x on their local network and a single IP with NAT to the internet. > They have about 15 machines that need PPTP to connect to an external > inventory/billing company. They have tried all sorts of other > solutions. > I am proposing that they get a block of 64 IPs and give each machine an > IP. Speaking as someone who spent a large chunk of the past 3 years applying for blocks like that for folks like yourself, I'd like to say that public IPs on a private network are Evil. Use private address space. This has the additonal advantage that if NAT fails ,the network is unreachable. I can't think of any reason you'd need public IPs there anyway. Apply for 4 public Ips, which will give you 1 usable for the front of the firewall and 1 for the router. ipnat should do the NAT, ipf / ipfw for security. Do you need PPTP from each client, or just a tunnel from the firewall to a remote site? -- Trying to be happy is like trying to build a machine for which the only specification is that it should run noiselessly. Rasputin :: Jack of All Trades - Master of Nuns :: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message