Re: IPtables and/or firewall-easy?
On Tue, 06 Apr 2004, Tim Beauregard wrote:
> Hi,
>
> Could someone explain the basics to this firewalling newbie:
>
> 1. I have an IPtables ruleset, and installed firewall-easy. Do I
> actually need firewall-easy?
I am not familiar with the tool, so can't really advise you on that,
sorry.
[...]
> 2. I'm about to start using ssh (ppp-ssh as the client machine is on
> ppp) and need to add rules to open ports between the machines. Is my
> strategy appropriate?
If I am not mistaken, you are planning on using PPP over SSH to create a
VPN between two hosts.
If that is the case then, no, your strategy is not the best. PPP over
SSH has a number of issues when the link gets busy, as both the SSH and
the PPP level retransmit packets, causing the link to become more
busy...
If you want to establish a VPN between the sites, you would be better
using a tool like pipsecd, or the kernel IPSEC layer in 2.6.*, to
establish it.
These provide an IPSEC VPN, which is a much better path to take when
connecting two sites.
Daniel
--
Good teaching in our schools leads to risk taking.
-- Prof. Jacob Neusner, commencement address, 1991
Reply to: