Re: IPtables and/or firewall-easy?

To: debian-firewall@lists.debian.org
Subject: Re: IPtables and/or firewall-easy?
From: Daniel Pittman <daniel@rimspace.net>
Date: Tue, 06 Apr 2004 17:47:40 +1000
Message-id: <[🔎] 87isgdfsyr.fsf@enki.rimspace.net>
References: <[🔎] 407256DC.3060808@yahoo.co.uk>

On Tue, 06 Apr 2004, Tim Beauregard wrote:
> Hi,
> 
> Could someone explain the basics to this firewalling newbie:
> 
> 1.  I have an IPtables ruleset, and installed firewall-easy.  Do I
> actually need firewall-easy?

I am not familiar with the tool, so can't really advise you on that,
sorry.

[...]

> 2.  I'm about to start using ssh (ppp-ssh as the client machine is on
> ppp) and need to add rules to open ports between the machines.  Is my
> strategy appropriate?

If I am not mistaken, you are planning on using PPP over SSH to create a
VPN between two hosts.

If that is the case then, no, your strategy is not the best. PPP over
SSH has a number of issues when the link gets busy, as both the SSH and
the PPP level retransmit packets, causing the link to become more
busy...

If you want to establish a VPN between the sites, you would be better
using a tool like pipsecd, or the kernel IPSEC layer in 2.6.*, to
establish it.

These provide an IPSEC VPN, which is a much better path to take when
connecting two sites.

           Daniel

-- 
Good teaching in our schools leads to risk taking.
        -- Prof. Jacob Neusner, commencement address, 1991

Reply to:

Follow-Ups:
- Re: IPtables and/or firewall-easy?
  - From: Tim Beauregard <helycos@yahoo.co.uk>

References:
- IPtables and/or firewall-easy?
  - From: Tim Beauregard <helycos@yahoo.co.uk>

Prev by Date: IPtables and/or firewall-easy?
Next by Date: Re: no way to get out
Previous by thread: IPtables and/or firewall-easy?
Next by thread: Re: IPtables and/or firewall-easy?
Index(es):
- Date
- Thread