[BillingsLUG] WAN to WAN help question

Mike Berry madeinmontana at bresnan.net
Tue Jul 20 01:12:50 MDT 2010 

I would probably be looking at the pre-builds. Lol, I'm not that versed in
the build-ur-own.

When you say re: the cicso, If you want multiple WAN, you will need an 1821
or better, does blgs to bzmn count as multiple?

And who is a reputable outlet for these? Any one?

I will have to talk to you more, later, about the other OS, maybe I could
suggest a LUG meeting demo from someone for those of us not so
knowledgeable?

Thanks again to all, GREAT BIG help here!!

mb

 

  _____  

From: billingslug-bounces at billingslug.org
[mailto:billingslug-bounces at billingslug.org] On Behalf Of dan
Sent: Monday, July 19, 2010 19:03
To: Mailing list for the Billings Linux User Group
Subject: Re: [BillingsLUG] WAN to WAN help question

 

My first action if I am testing security is to sniff packets, which will
instantly give me source and destination addresses, ports, etc etc.  By not
having DHCP you are really just making it difficult on yourself if someone
with a laptop comes in and needs to get online, or you are setting up a net
machine.  Real network security is going to be significantly more involved.
There are two common roads to go down. A) improve security for your network
services or B) encrypt network traffic.

 

A) this means locking down services, making sure passwords are in place,
disabling insecure services like telnet.  You should do this anyway

B) use ipsec in transport mode, on each client setup firewall rules that it
will only talk to other devices speaking ipsec and set some ipsec policies.
Make some exceptions for printing.  Your internet gateway would have to be
ipsec as well or you would have to make an exception which kind defeats the
purpose.

 

Suggestions?:

If you are looking at a pre-build, branded router then look at the Cisco 800
series, the 881 is Ethernet WAN and has a 4 port switch.  Solid router, can
handle 20 ipsec VPN tunnels.  If you want multiple WAN, you will need an
1821 or better.

 

I would suggest that you look at a pfsense router.  Very easy to get up and
running, lots of support out there, the irc chan is very helpful, and it is
rock solid.  You can put something together from  <http://www.netgate.com/>
http://www.netgate.com/  or buy a premade from Phoenix
<http://www.hacom.net/catalog/network-appliances/pfsense/phoenix>
http://www.hacom.net/catalog/network-appliances/pfsense/phoenix or
<http://www.hacom.net/catalog/mercury-neo-pfsense-appliance>
http://www.hacom.net/catalog/mercury-neo-pfsense-appliance.  Better yet, you
can build one for pretty cheap. 

 

I really like pfsense, it can do ipsec tunnels with ease, openvpn, be a
content filter, and do all kinds of other high end functions.  I have run
pfsense on a netbook.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.billingslug.org/pipermail/billingslug/attachments/20100720/dfc97683/attachment.html

More information about the BillingsLUG mailing list