<< | Thread Index | >> ]    [ << | Date Index | >> ]

Subject: RE: running cipe behind a NAT router
From: Rod Boyce <rod_boyce,AT,stratexnet,DOT,com>
Date: Fri, 20 Sep 2002 01:01:47 +0200

Yes my firewall box does have two Ethernet cards but I do not run CIPE on
that box this is just another line of defense in a paranoid company.

I run CIPE in the internal VPN box the NAT translation goes through both
boxes without modification.  I put a lot of testing into this configuration.
It works very well it has survived power cuts, faulty UPS failures at either
end, user abuse, and lots of attempted penetrations.  
The main reason for the two firewalls is that the company can run and get
reports from two different peroration detection programs this gives a high
change of catching intruders.

CIPE just starts back up with no complaints the link goes up without any
problems it is almost a set-up and forget installation.

If you need any further information feel free to e-mail me directly.

Regards,
Rod Boyce
 -----Original Message-----
From:   Paul [mailto:paul,AT,pauls-web,DOT,co,DOT,uk 
Sent:   Thursday, September 19, 2002 3:30 PM
To:     cipe-l,AT,inka,DOT,de
Subject:        RE: running cipe behind a NAT router

Thanks for the reply and the diag is ok. What I am trying to do is
something like this.

Big bad Internet 
        |
ADSL Router with Firewall and NAT
        |
Internal LAN --- Linux box connected to Internal LAN with single
Ethernet Card

It looks like your Linux firewall has two Ethernet ports.

Paul

-----Original Message-----
From: owner-cipe-l,AT,inka,DOT,de [mailto:owner-cipe-l,AT,inka,DOT,de On 
Behalf Of
Rod Boyce
Sent: 19 September 2002 23:14
To: cipe-l,AT,inka,DOT,de
Subject: RE: running cipe behind a NAT router

This is how I have set up CIPE on many sites.  I have even gone so far
as
having:

        The big bad Internet with all 
                |
        DSL router with NAT enabled
                |
        Linux Firewall with NAT enabled
                |
        Internal LAN sites here
------------------------------------------------------------------------
--..
.
                |
|
        Linux box Running CIPE VPN to another site with same setup
Another Server

Sorry for the crap picture but this works very well and many cracrkers
are
trying to break in to an Apache server using Windows known exploits is
sad
really.

Rod Boyce
        

 -----Original Message-----
From:   Paul [mailto:paul,AT,pauls-web,DOT,co,DOT,uk 
Sent:   Thursday, September 19, 2002 2:40 PM
To:     cipe-l,AT,inka,DOT,de
Subject:        running cipe behind a NAT router

Hi all

I have a question that I cannot find an answer too it is this.

I have a Linux box behind an ADSL router with NAT can I use CIPE with
only one Ethernet interface connecting to a CIPE box in the office with
a real world address ?

Many Thanks

Paul Jones

--
Message sent by the cipe-l,AT,inka,DOT,de mailing list.
Unsubscribe: mail majordomo,AT,inka,DOT,de, "unsubscribe cipe-l" in body
Other commands available with "help" in body to the same address.
CIPE info and list archive:
<URL:http://sites.inka.de/~bigred/devel/cipe.html>

--
Message sent by the cipe-l,AT,inka,DOT,de mailing list.
Unsubscribe: mail majordomo,AT,inka,DOT,de, "unsubscribe cipe-l" in body
Other commands available with "help" in body to the same address.
CIPE info and list archive:
<URL:http://sites.inka.de/~bigred/devel/cipe.html>

--
Message sent by the cipe-l,AT,inka,DOT,de mailing list.
Unsubscribe: mail majordomo,AT,inka,DOT,de, "unsubscribe cipe-l" in body
Other commands available with "help" in body to the same address.
CIPE info and list archive:
<URL:http://sites.inka.de/~bigred/devel/cipe.html>





<< | Thread Index | >> ]    [ << | Date Index | >> ]