which are the best or default policy for input - output - forward chains in
a linux-ipchains firewall or in a general firewall ?
It's preferred a DENY policy and accept only system services or an ACCEPT
policy and deny all services that should not be public to the Internet ?
Gustavo
On 29 Mar 2002, at 15:41, Gustavo Ritondale wrote:
which are the best or default policy for input - output - forward chains in
a linux-ipchains firewall or in a general firewall ?
It's preferred a DENY policy and accept only system services or an ACCEPT
policy and deny all services that
Greetings all,
Okay here I go. Any suggestions on setting up RADIUS on linux for
use by a pix for VPN?
Thank you
Gene Bangert IT
Thank you
Gene Bangert IT
___
Firewalls mailing list
[EMAIL PROTECTED]
Gene,
That one is easy. Free Radius. It compiles nicely (I used it last on
Solaris) and the Docs include all the info you'll need to set up AAA on
Cisco.
HTH
Glenn
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of Bangert, Gene
Sent: Friday, March 29,
I am trying to put a PIX into a network that uses OSPF between its
routers. So far I haven't been able to find a way to allow the OSPF
updates to pass through the PIX. Does anyone have any ideas or
suggestions? Thanks.
Burke McCrory
Internet Administrator
Oklahoma Tax Commission
[EMAIL
Gene,
I use Cistron Radius server. This server works very well and this product is
very stable. I have been using it on a service with 2000+ customers. We
never have to reset it and it keeps very good accounting records. You can
integrate it with databases like MySQL and keep the accounting
Burke,
What have you attempted so far in order to resolve and on which
devices, the PIX or upstream/downstream router?
The PIX doesn't support dynamic routing protocols such as OSPF, only static/default
routes.
To me this would seem good so the PIX is dedicated to security (stateful
-BEGIN PGP SIGNED MESSAGE-
UPDATED: Cisco Security Advisory: LDAP Connection Leak in CTI when
User Authentication Fails
The Cisco Security Advisory regarding a memory leak in LDAP connections
when CTI user authentication fails has been updated with new information.
Cisco
Burke,
Just in case I wasn't clear, try this:
Router APIX Router B
OSPF (all static Static redistributes
updates routes point Routes statics into OSPF
to A to PIX) to
Just a FYI, bgp seems to be about the only protocol
you can pass through a pix without some nasty GRE
tunnel.
--- Jason Ostrom [EMAIL PROTECTED] wrote:
Burke,
What have you attempted so far in order to resolve
and on which
devices, the PIX or upstream/downstream router?
The PIX
Hi all
Weird problem encountered.
Running NT checkpoint 4.1
Internal LAN running private IP address.
Private address is translated to Public IP address using address
hide feature.
Http is allowed and no proxy server involved.
Users can access the web but cannot download any files from all
I am currently using SecuRemote NG to access my
internal network remotely. I am able to supply the IP
of the machine I wish to browse as long as if the
machine I am trying to browse is a Windows 2000
machine, but if the machine is not a Windows 2000
machine I get an error. For some reason
Maybe it's just me here, but I'm not clear on the logic of why you would
want to pass any dynamic routing protocol through a PIX, or any firewall
for that matter.
What Jason illustrates follows what I consider good security practice.
That concept can be carried out further, if redundancy is an
Title: Re: PIX and OSPF updates
At 12:11 PM -0600 3/29/02, Burke McCrory wrote:
I am trying to put a PIX into a network
that uses OSPF between its routers. So far I haven't been able
to find a way to allow the OSPF updates to pass through the PIX.
Does anyone have any ideas or suggestions?
The only routing protocol that is :)
daoh!
--- Claussen, Ken [EMAIL PROTECTED] wrote:
According to Cisco Documentation:
PIX Firewall does not pass multicast packets.
Many routing protocols
use multicast packets to transmit their data. If you
need to send
routing protocols across the PIX
15 matches
Mail list logo
