My approach is a little more lazy than most firewall management people
provide, I suspect. If a customer isn't able to function within the set
of firewall rules that I have set for most of the customers, I add his
IP to a "whitelist" list of IP addresses in my firewall. These addresses
don't get any firewalling. If the SRC IP or DST IP is in the "whitelist"
range, then the packet gets accepted.
My justification: The main purpose of the firewall is to protect the
customer from viruses, vulnerabilities, and the like. It also
potentially protects you from things like 'getting your IP range on a
spam RBL', but the firewall is mainly to benefit the subscribers.
If a customer has gotten this far, he sounds like he has his own NAT
firewall at least, and probably doesn't need your protection at the border.
Pete Davis
NoDial.net
rabbtux rabbtux wrote:
Anyone have suggestions on what I need to do to allow my customer to
do this type of VPN. I currently have customers behind my
linux/iptables firewall that masquerades them out a single IP. This
is the first customer who is having problems. Do I need a special
rule to accomodate them??
The customer is using CenterBeam VPN services, and they tell him that,
"your isp is blocking VPN pass thru". I'm not blocking anything.
help!
Thank you kindly,
marshall
--
WISPA Wireless List: [email protected]
Subscribe/Unsubscribe:
http://lists.wispa.org/mailman/listinfo/wireless
Archives: http://lists.wispa.org/pipermail/wireless/
