Re: Firewall for broadband connection
From: René (spamisnietleuk_at_hotmail.com)
Date: 11/18/04
- Next message: Justins local account: "Re: Newbie: basic "economy" network configuration question; internal email servers"
- Previous message: LB: "Re: Allow all "high UDP" or not ?"
- In reply to:(deleted message) Leythos: "Re: Firewall for broadband connection"
- Next in thread: Leythos: "Re: Firewall for broadband connection"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 18 Nov 2004 08:49:45 +0100
"Leythos" <void@nowhere.org> schreef in bericht
news:MPG.1c05907d852946f6989a78@news-server.columbus.rr.com...
> In article <419bb713$0$44076$5fc3050@dreader2.news.tiscali.nl>,
> spamisnietleuk@hotmail.com says...
> > <I cut the VPN and VNC explanation here>
> >
> > I now fully understand how it works. At least, I fully understand what
You
> > have explained (except for one detail, I'll ask that later on).
> > I found two other devices that are available in a shop in the
Netherlands
> > which might be of interest. One cheaper than the Hotbrick, the other one
a
> > bit more expensice. They are from Linksys and can be seen on
> > http://www.linksys.com/products/product.asp?grid=34&scid=29&prid=433 and
> > http://www.linksys.com/products/product.asp?grid=34&scid=29&prid=607.
Both
> > have, if I have understood the things written there correctly, hardware
> > support for VPN, i.e. a processor in the device that handles this. There
are
> > some tutorial-like things on their site, I am going to study them, same
goes
> > for the product manuals.
>
> The BEFSX and BEFVP units support connections in IPSec mode between
> their LAN side and another networks LAN side through the IPSec tunnel.
> This means that once the WAN side has an internet connection you can
> setup router to router IPSec tunnels inside the units that will let you
> connect to the other network without the need for client type VPN
> software / solutions.
>
> These units can also connect their WAN ports to other types, but, if you
> want a site-to-site VPN solution then you can use one at each location
> with a tunnel connected between them - using each device to tunnel to
> the other.
>
> One thing to remember, these units don't like doing IPSec over a Dynamic
> WAN IP Address. No matter how you configure it, unless there is constant
> traffic between each side and the other, they will time-out and not
> reconnect until traffic starts again. One other thing - when using them
> with Dynamic WAN addresses, the renegotiating period (time it takes to
> rebuild the tunnel) is very long (30+ seconds), with a fixed IP on each
> WAN port it's almost not noticeable.
>
>
> > One thing I still do not understand is the following (if You could throw
> > just a little light on it, it would be very nice, even though I might
find
> > out about it when studying all those texts). Suppose my father's
computer is
> > turned on and online on the internet, having an IP address I do not
know. I
> > want to make some adjustments on his computer, so I go online as well.
We
> > both have routers with hardware VPN-capability (so not his computer has
the
> > important IP-address I do not know, but his routers has)(You see, I have
> > understood that)(his computer has an IP address given to him by the
> > DHCP-server in the router). I go online and my router also get's an IP
> > address. How do those two routers manage to find each other? Do they do
> > portscans on a lot of computers to pick out their "brother/sister"? Or
do we
> > have to "help" them by telling them the addresses?
>
> You've got two things here:
>
> 1 WAN Port on Router A - gets IP from ISP's DHCP Service - this will
> change and you have no way to pre-determine what it will be
>
> 2 LAN Port on Router A - provides dynamic addresses to nodes behind the
> router. Again, you have no way to pre-determine what address will be
> assigned to a specific node. If you are going to provide external (From
> the Internet) to a node, you must give that node a fixed IP in the same
> network as the other nodes. As an example, the normal DHCP from Linksys
> is 192.168.0.100~199, you could set the fixed node as 192.168.0.10. This
> would allow you to reach the internal node at .10 once you created a
> FORWARDING RULE that does FORWARD TCP/UDP PORT XXXXX to 10.
>
> The same is true on the other router.
>
> One thing, make sure that you don't use the default IP network on either
> router - security thing here.
>
> Make sure that you use DIFFERENT IP Networks on each router - meaning
> that you can make LAN on Router A - 192.168.10.0 with 255.255.255.0 and
> LAN on Router B - 192.168.20.0 with 255.255.255.0. When you do the IPSec
> tunnels between networks you'll be glad you did it that way.
>
> If you want to do a Windows XP PPTP connection to your Dad's computer,
> then you need a couple other things:
>
> Setup a INBOUND PPTP VPN in the START/SETTINGS/Network Connections/New
> Connection Wizard on his side. Then you have to FORWARD the PPTP ports
> from his router to his computer: Linksys has a document on how to do
> this
> http://linksys.custhelp.com/cgi-bin/linksys.cfg/php/enduser/entry.php
>
> Enter PPTP in the SEARCH box, and select ANSWER ID 737 Setting up a PPTP
> server behind a Linksys Router.
>
> On your end, you need to do a VPN setup in the Network Connections also,
> but you are going to pick something like "Connect to my network at
> work".
>
> Now, the kicker here - you have to know his PUBLIC IP Address in order
> to connect. You can use Dynamic DNS to register your IP with a name, but
> I've not done that since I have multiple fixed IP to use.
>
> If you have any more questions, please let me know.
So You're still not tired of this very slow understanding guy...;-). Thank
You for replying again, first I am going to do some reading in the documents
I found en the document You pointed me at above. It is good to know that if
there are things I don't understand, I can ask You.
Thanks again!
Sincere greetings,
Rene
- Next message: Justins local account: "Re: Newbie: basic "economy" network configuration question; internal email servers"
- Previous message: LB: "Re: Allow all "high UDP" or not ?"
- In reply to:(deleted message) Leythos: "Re: Firewall for broadband connection"
- Next in thread: Leythos: "Re: Firewall for broadband connection"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
