Speaking of VPNs..
Richard Welty
rwelty at averillpark.net
Wed Feb 4 17:54:48 UTC 2004
On Wed, 04 Feb 2004 00:50:10 -0600 Mark <admin at kclinux.net> wrote:
> I have a small business client that is still running on Windows NT
> 3.5.1. I'm thinking about putting Fedora on their main server and
> making it a firewall, internet gateway, etc on their DSL line.
from a security point of view, i personally don't like to see firewalls
doing anything other than being firewalls. the ideal architecture would
be a 3 legged firewall with a web/email server on a separate machine
in a DMZ.
if you have a web server running on a firewall, one apache remote
root exploit can ruin your whole day.
> I
> brought it up the other day, and they will not mind the change as long
> as their employees can still VPN into the server, and PCAnywhere into
> their PC or a server.
> Can someone recommend a good one that will allow this?
with FreeSWAN running on Linux firewall, you should be able to have
them use the W2K/WinXP IPSec client to connect to the firewall and
reach anything behind it. that particular client can be a bit of a pain
to work with, but it's been done, and the procedures are well
documented.
there are other options, as have been brought out by others on the list.
richard
--
Richard Welty rwelty at averillpark.net
Averill Park Networking 518-573-7592
Java, PHP, PostgreSQL, Unix, Linux, IP Network Engineering, Security
More information about the users
mailing list