Jacuqes, At 19:10 30-12-02 +0100, you wrote:
It all depends on your needs. In the most basic case where you only want the Bering PPTP client to connect to the ADSL modem, all you need is to open up TCP port 1723 and IP protocol 47 (GRE). This is very nicely explained in section 4 on the following page:Is there any way to restrict the access to the adsl zone and just open the necessary ports for the modem in /shorewall/rules rather than the suggested ACCEPT default policy for eth0 ?
http://www.shorewall.net/PPTP.htm
On the other hand, if you also want to be able to telnet into the ADSL modem or access the webserver in the modem from the local network, you need more rules allowing these protocols.
I didn't bother with these rules and set the policy for eth0 to ACCEPT because I don't think there is much danger coming from that zone. All traffic coming from the internet is captured in the GRE-tunnel which terminates in the ppp0 device of the Bering box and is nicely filtered there.
If you think I've overlooked some issues here I'm interested to hear them.
Cheers,
- Eric.
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
