Re: Ideas for stopping ssh brute force attacks

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Mon, Jul 21, 2008, John R Pierce wrote:
> Bo Lynch wrote:
>> we have been looking at implementing OpenVPN to allow access to the
>> internal LAN. For a firewall, we basically have iptables with 2 nics doing
>> NAT. So would the OpenVPN server live inside of our private network and
>> just do some forwards with iptables on the firewall or would it be better
>> to implement it with by itself with 2 nics one on the public and one on
>> the private?
>
> openvpn uses a simple TCP socket for its transport, so sure, port  
> forwarding would work fine.    or running it ON your firewall server, if  
> thats something which openvpn can run on (pfsense, any linux firewall, 
> etc).

Actually the public interface with OpenVPN is udp by default.  We
have been using it for a while now with a variety of clients,
Windows, Mac OS X, and other Linux boxen.

Bill
-- 
INTERNET:   bill@xxxxxxxxxxxxx  Bill Campbell; Celestial Software LLC
URL: http://www.celestial.com/  PO Box 820; 6641 E. Mercer Way
Voice:          (206) 236-1676  Mercer Island, WA 98040-0820
Fax:            (206) 232-9186

A paranoid is a man who knows a little of what's going on.
		-- William S. Burroughs
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux