From: "Seferovic Edvin" <edvin.seferovic@kolp.at>
To: netfilter@lists.netfilter.org, poptop-server@lists.sourceforge.net
Subject: Netfilter and Poptop ( and stuff ... )
Date: Mon, 10 Oct 2005 08:28:37 +0200 [thread overview]
Message-ID: <E1EOr9T-0001D1-Ma@mail.sourceforge.net> (raw)
[-- Attachment #1: Type: text/plain, Size: 1760 bytes --]
Hi,
first of all - excuse me for mailing this to two mailing lists at once, but
I am hoping to get more answers from your experience with poptop and
netfilter.
Here is my situation - I've configured a gateway with poptop ( which uses
RADIUS for auth/acct - which again uses LDAP as auth-backend and mySQL for
accounting ). This gateway has 2 internal and one external interface ( with
public routeable IP address ). One internal interface is used to build a
restricted network for unknown machines, and the second one is used as a
gateway for the known machines. Now - I would like allow my VPN users
internet access, but not to all machines on the internal network. So I have
to use NAT on the tunnel endpoints ( ppp+ interfaces ), right?
I wanted to make this easy as possible, but as always - I took the wrong
turn... probably by choosing Firewall Builder to help me get my firewall set
up. I achived everything, but I cannot configure ppp+ interfaces in
FW-Builder? Does anyone has a hint for me? Is this possible anyway ( please
don't tell me I have to configure 150 ppp interfaces in FW-Builder ) ???
I suppose it would be more secure to enter a firewall rule every time a ppp
interface comes up ( by using scripts like ip-up from pppd )? Do I have to
enter a NAT rule for each interface then? Any performance thought when
having 150+ interfaces at the same time?
Nevertheless I would also like to redirect http traffic going from a NATed
ppp+ interface to my squid process - how does this combined rule looks like?
Sorry for this huge eMail, and amateur questions.. I hope at least a few of
the gurus out there will be able and willing to help me out...
Thank You in advance !
Regards,
Edvin Seferovic
[-- Attachment #2: Type: text/html, Size: 5810 bytes --]
next reply other threads:[~2005-10-10 6:28 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-10-10 6:28 Seferovic Edvin [this message]
2005-10-10 15:15 ` Netfilter and Poptop ( and stuff ... ) Phil Oester
2005-10-11 17:33 ` Seferovic Edvin
[not found] <20051010062902.A7C34F4DA@sorry.no-ip-here.net>
2005-10-10 11:29 ` /dev/rob0
-- strict thread matches above, loose matches on Subject: below --
2005-10-10 6:28 Seferovic Edvin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=E1EOr9T-0001D1-Ma@mail.sourceforge.net \
--to=edvin.seferovic@kolp.at \
--cc=netfilter@lists.netfilter.org \
--cc=poptop-server@lists.sourceforge.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.