[pptp-server] NIC

[Cowles, Steve]

Alan,

My poptop server is behind my linux based firewall so it only has one NIC.
If I was to move poptop to my firewall, then obviously it would have two
NIC's. Based on where poptop is (physically) running on your network, your
firewall rules would also need to be modifed to accomodate. In my case, I
have to use ipmasqadm and ipfwd (in addition to ipchain rules) to "forward"
the inbound VPN connections (proto 47/port 1723) to my PPTP server. Plus my
firewall kernel had to be patched to handle the masqing of PPTP/IPSEC
connections. If I was to move poptop to my firewall (which violates most
well written security policies) then I would NOT have to 1) patch the kernel
for VPN masquerading 2) use ipmasqadm and ipfwd to forward PPTP proto/ports
internally.

FWIW: My linux firewall is using Seattle Firewall (seawall) developed by Tom
Eastep to properly establish the firewall rules. By simply editing a well
documented configuration file, Seattle Firewall will execute the appropiate
ipchain, ipmasqadm, ipfwd commands based on your network design. Tom has
gone to great extremes to insure that Seawall properly configures your
firewall to work with PPTP servers which are either masq'd (like mine) or
running on the firewall itself.

Checkout: http://seawall.sourceforge.net

Steve Cowles

> -----Original Message-----
> From: Alan Chung [mailto:alan at silveregg.co.jp]
> Sent: Friday, October 06, 2000 6:00 AM
> To: pptp-server at lists.schulte.org
> Subject: [pptp-server] NIC
> 
> 
> Do I need to have two network interfaces even on an internal VPN 
> server?  If the server is staying internally, one interface 
> sounds good for me. 
> _______________________________________________
> pptp-server maillist  -  pptp-server at lists.schulte.org
> http://lists.schulte.org/mailman/listinfo/pptp-server
> List services provided by www.schulteconsulting.com!
>