Date: Wed, 25 Jul 2001 17:51:55 +1000 From: "MurrayTaylor" <taylorm@bytecraftsystems.com> To: "Jim Durham" <durham@w2xo.pgh.pa.us> Cc: <freebsd-questions@freebsd.org> Subject: MPD vpn and firewalls Message-ID: <01d501c114de$acea0e40$2a7627cb@bytecraft.au.com> References: <Pine.BSF.4.33.0107071315120.1255-100000@jimslaptop.jcdurham.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Jim, You have mentioned previously that you are using MPD.. I have established MPD myself, based on the sample configuration, and it seems to go ok .... but I have a few questions. My network config works out as follows ... (Frame Relay) (Firewall) (mpd) (Firewall) <-------------->| sr0|ng0|<----|ipfw|----|ng1|----|ipfw|---> lan frame pkts gre pkts 'real data' As the data passes through the firewall twice (once as the GRE encapsulation, and once as the 'real' data), what rule systems do you use for the ng1 <=> lan part I am currently using 00530 allow ip from x.y.z.70 to x.y.z.0/25 via ng1 00535 allow udp from x.y.z.0/25 to x.y.z.70 via ng1 00540 allow udp from x.y.x.70 137-139 to x.y.z.255 via ng1 00545 allow icmp from any to any via ng1 00546 allow igmp from any to any via ng1 However I have 2 VPNs setup in my mpd config file, and the samples suggest that I could/should use the same remote address for both (x.y.z.70/32 in my case) I have different local addresses defined (x.y.z.65/32 for ng1 and x.y.z.66/32 for ng2) If I copy the above ruleset for ng2, would this not cause problems as the copied rules would point to x.y.z.70 on both ng1 and ng2? What solution/ruleset would you (or any other takers) suggest? cheers Murray Taylor To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?01d501c114de$acea0e40$2a7627cb>