From owner-freebsd-security Mon Apr 2 11:44:28 2001 Delivered-To: freebsd-security@freebsd.org Received: from tholian.securitydynamics.com (mail.rsasecurity.com [204.167.112.129]) by hub.freebsd.org (Postfix) with SMTP id 8D80A37B71A for ; Mon, 2 Apr 2001 11:44:25 -0700 (PDT) (envelope-from dfinkelstein@rsasecurity.com) Received: from sdtihq24.securid.com by tholian.securitydynamics.com via smtpd (for hub.freebsd.org [216.136.204.18]) with SMTP; 2 Apr 2001 18:42:01 UT Received: from tuna.rsa.com (tuna.rsa.com [10.80.211.153]) by sdtihq24.securid.com (Pro-8.9.3/Pro-8.9.3) with ESMTP id OAA14050; Mon, 2 Apr 2001 14:44:19 -0400 (EDT) Received: from rsasecurity.com ([10.81.217.239]) by tuna.rsa.com (8.8.8+Sun/8.8.8) with ESMTP id LAA20342; Mon, 2 Apr 2001 11:44:26 -0700 (PDT) From: dfinkelstein@rsasecurity.com Message-Id: <200104021844.LAA20342@tuna.rsa.com> X-Mailer: exmh version 2.2 06/23/2000 with nmh-1.0.4 To: "Ian Cartwright" Cc: freebsd-security@FreeBSD.ORG Subject: Re: IPSec VPN Client behind Firewall In-reply-to: Your message of "Sun, 01 Apr 2001 13:25:39 PDT." Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Mon, 02 Apr 2001 11:44:17 -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org "Ian Cartwright" wrote: >I have been trying to install the Nortel Contivity Extranet Client on a >Windows 2000 box behind my FreeBSD firewall. The firewall is FreeBSD-STABLE >(as of about amonth ago) with ipfw and nat running. After, scanning as many >newsgroups, mailing lists and web pages as I could find on the subject, I >have still not found a way to do this... I have seen a couple discussion in >this newsgroup and a (hopefully) promising patch to ipfilter that may help >me (and whoever else is out there with my problem)... I saw a message somewhere (I thought it was here) about somebody who accomplished this by simply setting up a firewall rule to allow full access to/from the other end of his VPN pipe. I have tested this with my Nortel client (running on an NT laptop); I just added rules to ipfw to allow traffic to and from my VPN connection. Seems to work great, though you are open to attacks due to IP spoofing. --- David To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message