Networking Forums
Home Register Members Search Links
Member Login:

Networking Forums > Computer Networking > Linux Networking > LINUX/shorewall firewall to firewall VPN question

Reply
Thread Tools Display Modes

LINUX/shorewall firewall to firewall VPN question

 
 
sundog@mountaindogs.net
Guest
Posts: n/a

 
      03-14-2006, 05:02 AM
I have a linux firewall front ending a site which works fine. I am
using shorewall as the script interface to iptables.

I would like to place another linux firewall at a remote site so that
I can build an incryped tunnel between each site. I would like to
mount windows shared folders over the net securly using DSL. I want
to do SSL type encrypton between each site.

I have used SSL to build tunnels but I don't know how to configure
this type of tunnel with shorewall and iptables.

Could someone point me to information on how to configure this type of
connection.
 
Reply With Quote
 
 
 
 
Tauno Voipio
Guest
Posts: n/a

 
      03-14-2006, 06:12 AM
(E-Mail Removed) wrote:
> I have a linux firewall front ending a site which works fine. I am
> using shorewall as the script interface to iptables.
>
> I would like to place another linux firewall at a remote site so that
> I can build an incryped tunnel between each site. I would like to
> mount windows shared folders over the net securly using DSL. I want
> to do SSL type encrypton between each site.
>
> I have used SSL to build tunnels but I don't know how to configure
> this type of tunnel with shorewall and iptables.
>
> Could someone point me to information on how to configure this type of
> connection.


You need a VPN router. I'd use OpenVPN for it.

There are two options:

- Data link layer tunneling, forwarding your Ethernet frames
via the tunnel,

- Network layer tunneling, forwarding your IP packets via
the tunnel.

The network layer tunnel (using the TUN interface) has potentially
less overhead than the data link layer tunnel (using TAP interface).

You cannot tunnel with simple firewall scripts, you need
some tunneling daemon to handle it.

--

Tauno Voipio
tauno voipio (at) iki fi
 
Reply With Quote
 
Dan N
Guest
Posts: n/a

 
      03-14-2006, 11:48 AM
On Tue, 14 Mar 2006 07:12:40 +0000, Tauno Voipio wrote:

> You need a VPN router. I'd use OpenVPN for it.

The shorewall website has some OpenVPN examples.

Dan
 
Reply With Quote
 
Tauno Voipio
Guest
Posts: n/a

 
      03-14-2006, 04:04 PM
Dan N wrote:
> On Tue, 14 Mar 2006 07:12:40 +0000, Tauno Voipio wrote:
>
>
>>You need a VPN router. I'd use OpenVPN for it.
>
>
> The shorewall website has some OpenVPN examples.
>
> Dan

Yes - for passing the tunnel packets for the VPN,
but it still needs the daemon to jo the dirty job
of tunneling and encrypting/decrypting.

Shorewall is just a front-end to the network filter.

--

Tauno Voipio
tauno voipio (at) iki fi
 
Reply With Quote
 
 
 
Reply

« cipe | 2 NIC's and NAT »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Server 2008 with Hyper-V - domain controller - Firewall GUI's show firewall ON, but netsh reports firewall OFF Bruce Sanderson Windows Networking 7 10-07-2008 09:57 AM
Do I need a software firewall in addition to a NAT router/firewall? CRC Linux Networking 2 09-08-2008 02:16 AM
Completely replace software firewall with hardware firewall? Sandi Broadband 36 04-04-2005 01:52 PM
linux robust?can build application layer firewall on linux? happy Linux Networking 9 09-19-2004 06:54 PM
Linux Router/Firewall - Linux Client problem Fry Linux Networking 6 09-06-2003 02:25 AM


Forum Software Powered by vBulletin®, Copyright Jelsoft Enterprises Ltd.
SEO by vBSEO 3.3.2 ©2009, Crawlability, Inc.
Contact Us - Archive - Privacy Statement - Top

1 2 3 4 5 6 7 8 9 10 11