Date: Thu, 26 Apr 2001 16:36:09 +0100 From: Rasputin <rara.rasputin@virgin.net> To: James Housley <jim@thehousleys.net> Cc: questions@freebsd.org Subject: Re: PPTP and firewalls, can I? Message-ID: <20010426163609.A39160@dogma.freebsd-uk.eu.org> In-Reply-To: <3AE82B7E.F4E68DDC@thehousleys.net>; from jim@thehousleys.net on Thu, Apr 26, 2001 at 10:06:54AM -0400 References: <3AE82B7E.F4E68DDC@thehousleys.net>
next in thread | previous in thread | raw e-mail | index | archive | help
* James Housley <jim@thehousleys.net> [010426 15:08]: > I have been asked to help solve a problem with a local Non Profit > company. They have about 50 machines plus printers and such running > Win9x on their local network and a single IP with NAT to the internet. > They have about 15 machines that need PPTP to connect to an external > inventory/billing company. They have tried all sorts of other > solutions. > I am proposing that they get a block of 64 IPs and give each machine an > IP. Speaking as someone who spent a large chunk of the past 3 years applying for blocks like that for folks like yourself, I'd like to say that public IPs on a private network are Evil. Use private address space. This has the additonal advantage that if NAT fails ,the network is unreachable. I can't think of any reason you'd need public IPs there anyway. Apply for 4 public Ips, which will give you 1 usable for the front of the firewall and 1 for the router. ipnat should do the NAT, ipf / ipfw for security. Do you need PPTP from each client, or just a tunnel from the firewall to a remote site? -- Trying to be happy is like trying to build a machine for which the only specification is that it should run noiselessly. Rasputin :: Jack of All Trades - Master of Nuns :: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010426163609.A39160>