LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 10-13-2004, 02:42 PM   #1
GT3NE1
LQ Newbie
 
Registered: Aug 2004
Posts: 24

Rep: Reputation: 15
Need theory advice from security experts


I have started building a firewall from an Xserve G4 running Yellowdog. We would also like this to be a VPN box as well. Our main goal is to allow multiple home users access to their desktop machines at work using Timbuktu. Is this even possible? I am a little fuzzy on whether or not iptables will allow me to forward the timbuktu ports to different machines depending on where the traffic is coming from. Is this something a VPN would do along with secure traffic? i.e. The user logs on to the VPN and then the firewall can determine which machine to forward the ports based on the username?

I am looking at different VPN servers right now, but Super FreeS/WAN looks like it might work since the super version has the NAT Traversal patch already included. Our entire company is NAT'ed behing a firewall.

Are there any other better ways to do what I need to do.

Thanks a bunch.
 
Old 10-14-2004, 01:28 AM   #2
chort
Senior Member
 
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660

Rep: Reputation: 69
You can use your firewall box as an IPSec "Security Gateway" and have it advertize routes over the VPN to the internal network. At that point you don't need to forward any ports, the user can just use Timbuktu as if they were on the local network.
 
Old 10-14-2004, 10:56 AM   #3
GT3NE1
LQ Newbie
 
Registered: Aug 2004
Posts: 24

Original Poster
Rep: Reputation: 15
Hmmm...that sounds interesting. Can you elaborate a little more? Would (Super) FreeS/WAN accomplish this or ????? Thanks.

Matt
 
Old 10-14-2004, 08:55 PM   #4
chort
Senior Member
 
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660

Rep: Reputation: 69
Yes, FreeS/WAN can do that. You would configure FreeS/WAN on the firewall box to act as a security gateway and configure it to advertise the routes necessary to reach your desktop LAN. I assume they're using Mac OS since you're talking about Timbuktu. Mac OS 10 comes with Racoon IPSec built-in, but it's completely command-line and config-file based, no GUI. In fact, if you ran OS 10 on your firewall you could use the built-in IPFW firewall with NATd (built-in) and Racoon IPSec (built-in).

For home users you'll probably want a GUI, so look at something like IPSecuritas or some of the other clients listed in the download section on www.apple.com. You could also distribute config files for Racoon and a custom Terminal.app script that they could put on their Desktop and double-click on when they needed VPN access.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Redhat 7.2 upgrade/security advice stoke Red Hat 2 03-21-2005 06:29 AM
One for the experts (Switched network security) R4z0r Linux - Security 2 09-07-2004 02:57 AM
Noob security advice Fiend Linux - Security 3 08-28-2004 09:46 PM
Security advice for a web server please pembo13 Linux - Security 4 07-01-2004 04:19 PM
Need security advice - Sharing Internet connectivity to a third party jimieee Linux - Security 1 12-22-2003 11:06 AM


All times are GMT -5. The time now is 06:14 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration