Security Basics mailing list archives
Re: looking for a hub or switch that can connect a VPN and apply firewallrules to all ports
From: Thomas Anderson <zelnaga () gmail com>
Date: Sat, 15 Aug 2009 16:02:58 -0500
On Fri, Aug 14, 2009 at 3:55 PM, David Gillett<gillettdavid () fhda edu> wrote:
So your clients' Internet traffic doesn't go through the VPN? (If it did, all the ISP would see is the encrypted tunnel...)
Some does - some doesn't. Connections to 192.168.*.* go through the VPN but no other traffic goes through it as per the routers configuration.
1) Police your own network so the ISP doesn't see things they shouldn't (*), or
The ISP (this isn't a normal ISP, btw) complained about traffic that was being sent to 212.117.185.19:80. Beyond that, I don't know why they complained about it. Maybe 212.117.185.19 is in a DNSBL and they believe any requests sent to an IP address in a DNSBL is justification enough for shutting the whole network down? That would seem pretty dumb (what if someone just mistyped the IP address?) but I don't really know. The ISP is not being particularly forthcoming which is aggravating, but there's not a whole lot I can do about that.
2) Purchase routable address space so each of your clients has their own visible address. I'm sure the ISP will be glad to handle the technical details in exchange for a reasonable monthly charge.
That's not a problem. The problem is, as stated, applying the VPN settings and select firewall rules to all the computers.
* - This suggestion will rub some folks the wrong way. I'm guessing that this is a branch office setup with VPN back to HQ, and that when a client's Internet traffic prompts the ISP to pull the plug, the whole office loses connectivity to HQ.
That is indeed the setup. ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- RE: Offsite confidential data storage?, (continued)
- RE: Offsite confidential data storage? Rene Groothuis (Aug 19)
- Re: Offsite confidential data storage? Simone (Aug 19)
- Re: looking for a hub or switch that can connect a VPN and apply firewall rules to all ports Justin Mitchell (Aug 14)
- Re: looking for a hub or switch that can connect a VPN and apply firewall rules to all ports Richard Golodner (Aug 18)
- Re: looking for a hub or switch that can connect a VPN and apply firewall rules to all ports Thomas Anderson (Aug 18)
- Message not available
- Message not available
- Re: looking for a hub or switch that can connect a VPN and apply firewall rules to all ports Thomas Anderson (Aug 18)
- Re: looking for a hub or switch that can connect a VPN and apply firewall rules to all ports Justin Mitchell (Aug 18)
- RE: looking for a hub or switch that can connect a VPN and apply firewall rules to all ports David Gillett (Aug 19)
- Re: looking for a hub or switch that can connect a VPN and apply firewall rules to all ports David Gress (Aug 19)
- Re: looking for a hub or switch that can connect a VPN and apply firewallrules to all ports Thomas Anderson (Aug 18)
- RE: looking for a hub or switch that can connect a VPN and apply firewallrules to all ports David Gillett (Aug 18)