Slashdot is powered by your submissions, so send in your scoop

 


Forgot your password?
Close
typodupeerror
×
Unix Operating Systems Software

Firewall Help with OpenBSD 8

Posted by Cliff from the light-the-digital-moat dept.
smkndrkn asks: "I'm looking to change our firewall config at work from a dual-homed host architecture to an OpenBSD based Screened Subnet Architecture, however I have a PPTP (yes I know it is horrible but our customer isn't changing to IPSec for another couple months )VPN that needs to work. I've looked at www.OpenBSD.org but cannot find much in the way of documentation ( other than the FAQ ). My current Linux firewall does this fine. I'm looking to have the Exterior router setup with Slackware Linux and the interior router setup with OpenBSD for more security ( and a diversity of architectures ). I'm a little worried that the PPTP connection will not work ( Does it filter GRE? )and that possibly I'll run into other issues. Just for some additional info I need the VPN to go through both routers to get to our internal network ( where the machines that use the connection are located ). Is there another way of doing this? Say have a machine on the perimeter network connect and then allow the machines to connect to that server, which would then route their traffic over the VPN? "
This discussion has been archived. No new comments can be posted.

Firewall Help with OpenBSD More

Firewall Help with OpenBSD

Comments Filter:
  • I don't know if you found this page yet but it fairly basic but it might get you started...

    http://www.swcp.com/~synk/ipf-howto.txt
  • Strip the ipf-howto.txt from the URL and see what you get, it might make you smile!


    No matter what it looks like, there isn't a .sig here.

  • Linux VPN Masquerade [rubyriver.com].



    This page has info on how to get PPTP through a Linux NAT box. That's not what you're looking for, but it might provide you with some helpfull answers.

  • Linux VPN Masquerade [rubyriver.com].

    This page has info on how to get PPTP through a Linux NAT box. That's not what you're looking for, but it might provide you with some helpfull answers.

  • It'll work fine. IPF can easily filter by protocol type (in this case, GRE). I've built many OpenBSD machines that operate in this configuration.

    I guess I should start reading the openbsd mailing lists again... damn job gets in the way.

    -kj
  • If you can't find BSD software like the PPTP proxy for Linux, then you have to disable NAT for the PPTP traffic through BSD. Configure the BSD machine to route the PPTP packets (both TCP/1723 and GRE) without rewriting them.

Slashdot Top Deals

One man's constant is another man's variable. -- A.J. Perlis

Close