Re: VPN to a host behind the firewall

To: Jarle Aase <jgaa@jgaa.com>
Cc: debian-firewall@lists.debian.org
Subject: Re: VPN to a host behind the firewall
From: Rene Mayrhofer <rene.mayrhofer@vianova.at>
Date: Fri, 26 Nov 1999 13:35:38 +0000
Message-id: <[🔎] 383E8CAA.8B031EA8@vianova.at>
References: <[🔎] NCBBIJAIBDGCMNAHBHJPGECNFDAA.jgaa@jgaa.com>

Jarle Aase wrote:
> 
> Thanks for your reply.
> 
> If it was up to me, they would not be running NT at all :)
> 
> The decision to use NT as the VPN server is not mine, - I'm just asked to find a 
> technical solution. If GRE tunneling is possible, that seems like a easy and "safe" 
> way to do it. The other way around is to add another NIC to the NT server and connect 
> it to a "dmz" zone on the firewall, where all traffic except GRE is rejected by the 
> firewall.
Technically it should work without problems. On my firewalls I already
have rules for GRE (I have to let it in from the external interface).
ipchains can deal with any protocol numbers (should be 47 for GRE, but
better look it up, I am not sure) after '-p', not only tcp, udp, icmp or
all (although this is undocumented) since version 1.3.9 as far as I
know. Forwarding is no problem at all since GRE uses IP packets.

So the simple anser is yes, it should work, although I have not done
forwarding with GRE, only filtering on the same machine that handles the
GRE connections.

greets,
Rene

Reply to:

References:
- RE: VPN to a host behind the firewall
  - From: "Jarle Aase" <jgaa@jgaa.com>

Prev by Date: RE: VPN to a host behind the firewall
Next by Date: Re: VPN to a host behind the firewall
Previous by thread: RE: VPN to a host behind the firewall
Next by thread: Re: VPN to a host behind the firewall
Index(es):
- Date
- Thread