News: This forum is now permanently frozen.
Pages: [1]
Topic: Firewall and IPSec  (Read 2046 times)
« on: September 30, 2007, 22:23:55 »
wrdarnell *
Posts: 3

Hi All,
Sorry if this is somewhere else, but I couldn't find it...

I have a m0n0<->m0n0 IPSec tunnel and it works great.  Now I'd like to filter traffic that crosses the VPN.  I would like to filter traffic from certain machines on my home network such that it isn't allowed to enter the company network.  For example, I would like to make sure only my machine can access the tunnel.  Is this possible?

Thanks!
wd
« Reply #1 on: October 01, 2007, 01:12:09 »
cmb *****
Posts: 851

Yes, you need to control traffic on the originating end's LAN rules. Allow your machine, deny others to the remote subnet, then allow whatever you want out to the Internet.
« Reply #2 on: October 01, 2007, 02:15:40 »
wrdarnell *
Posts: 3

Fantastic.  Thanks for the help, works like a charm.  Now I don't have to worry about houseguest's laptops leaking on to the corporate network.

One more question though:  Will the flipside work?  Can I control similarly from the corporate (head) end?  We are going to be deploying VPN routers to a few employees for VoIP and I'd rather control similar filtering from the head end.  Frankly, I don't see how this will work as the VPN already side-steps the default "Block Private Networks" rule.  Then again, I'm the one asking the question...

Thanks,
wd
« Reply #3 on: October 02, 2007, 05:27:06 »
cmb *****
Posts: 851

It only works if you control the originating end's firewall. If you're providing these users with a m0n0wall box that you control, you can do it on that. You can't do it on your corporate end.
« Reply #4 on: October 02, 2007, 22:35:10 »
wrdarnell *
Posts: 3

Looks like we'll be deploying m0n0 to the remote endpoints.  Not such a bad thing when you think about it.

Thanks for the assistance!

wd
 
Pages: [1]
 
 
Powered by SMF 1.1.20 | SMF © 2013, Simple Machines