On Fri, Aug 10, 2001 at 12:47:53PM -0500, Austad, Jay (austad at marketwatch.com) wrote: > > Questions: > > 1. Can I put the VPN router behind the linux firewall and > > just route VPN traffic from outside the network to the VPN > > router? > > Yes. Give the VPN router a private IP on one interface and put it on the > internal network. Shutdown the other interface, you don't need it anymore. > Map an external ip on the firewall to the vpn router's ip on the inside. I > assume the vpn router is pptp, so you need to put in rules to allow GRE > packets to the vpn router (I think it's protocol type 42), and allow port > 1723/tcp. It should work. Make sure you remove the the pptp.o module in > the firewall if you have it, this is for outgoing connections only and may > mess with your setup. If everything works, you can put it back in. Thank you. > If you're using IPSec, you'll need to open some other ports. Let me know if > this is the case. Yep, I'm using IPSec - looks like that requires port 500 -p 17 open, and -p 50 - according to: http://linuxdocs.org/HOWTOs/VPN-Masquerade-HOWTO-3.html > >2. Does the VPN router need IPs on both interfaces? > > If so, do you set up private IPs for both interfaces and > > bridge between them? > > No, like I said above, just don't use the other interface, shut it down. Thank you. -- Amy Tanner amy at real-time.com