Linux Router/Firewall/NAT/VPN?

[Jonas Anden <dajudge () home se>]

Hi.

  I'm looking to building a combined router/firewall/vpn solution based
on Linux 2.4.x, iptables and FreeS/WAN. Clients are on Windows 2000
Professional machines. I want the following setup:

Client
   |
Internet
   |
R/F/V
   |+--- DMZ (Public IPs)
   +---- LAN (Private IPs)

The router/firewall/VPN does NAT translation for the office LAN.

Clients should be tunneled into the office lan segment. If they attempt
to reach DMZ adresses, that should be handled as if they were connected
locally on the office LAN.

The routing and NAT:ing I got pretty much covered; it's the IPSEC VPN
solution I'm unsure about. Is the above setup secure? (or rather, are
there any obvious messups?)

Clients have dial-up connection to local providers. I got the 2.4.10
kernel with FreeS/WAN compiled in on the FW; do I need any special
software (on the client or on the FW) to establish a VPN connection from
the client? Do I need a separate subnet for the VPN clients?

  // J

_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards