/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting!
/* ALSO: Don't quote this header. It makes you look lame :-) */
[EMAIL PROTECTED] wrote:
> raf,
>
> Thanks for the response. I'm wondering if I might be chasing my tail...What
> I NEED, is essentially this:
>
> 1) a strong firewalf (IP Chains works fine for this)
> 2) Support for FTP, Quake, NetMeeting and a few other progs on the internal
> net.
> (I'm currently using masq modules that work fine)
2 contradicts 1. a firewall can not possibly be considered strong if
it allows netmeeting through it. netmeeting is an inherently unsafe
application as it allows external users to take control of internal
hosts. the only way to allow it out of your network is through
a vpn to a firewall protected network that you trust at the other end.
this usually means slowing things down so the nice fast udp traffic
for video conferencing would slow to a crawl and not be worth the effort.
i could be wrong about the slowdown - never tried it and it would depend on
the vpn implementation.
alternatively, you can run netmeeting on a host that lives outside the
firewall on an untrusted victim host.
> 3) (This is the Big one) VPN support. I have two microsoft clients on the
> inside that need to access VPNs on the outside. RIght now, I can (barely)
> figure out how to open the ports, but the patching is a whole other issue.
there's more to it than ports. look at fwup.org for details on allowing
ipsec and pptp through an ipchains firewall.
> Basically I can't figure:
> 1) out if I need to patch 2.2.16 if I stay with that kernel.
why not use 2.2.19? there's probably a better chance that the
patch is in there. where does the patch come from? what do they
say about it?
> 2) What the exact process is for patching the kernel
> --Is it like a patch, make, make install, make menuconfig etc etc
> etc
more or less. read the readme file for the patch and readme
file for the kernel. if the patch doesn't work for the kernel
you want, you might have to apply it by hand but i wouldn't
recommend that unless it's a tiny patch.
> --I couldn't find any resources that gave a step-by-step patching
> howto.
man patch
also, i think the kernel's readme file does mention patching
if the vpn patch doesn't have a readme file, hassle it's authors for one.
also, doesn't the howto masquerade vpn document contain instructions?
if not or they're not adequate, hassle its authors for more details.
> 3) Whether I should give it all up and just move on to 2.4.X and start
> fresh.
it's definitely better for security but there's a lack of masquerading
module equivalents so it might not suit your needs.
> Any help would be appreciated.
>
> Thanks
>
> carl
raf
_______________________________________________
Masq maillist - [EMAIL PROTECTED]
Admin requests can be handled at http://www.indyramp.com/masq-list/ --
THIS INCLUDES UNSUBSCRIBING!
or email to [EMAIL PROTECTED]
PLEASE read the HOWTO and search the archives before posting.
You can start your search at http://www.indyramp.com/masq/
Please keep general linux/unix/pc/internet questions off the list.
