[KLUG Members] IPTABLES and VPN support

John Pesce pescej at sprl.db.erau.edu
Wed Apr 12 15:25:04 EDT 2006

Previous message: [KLUG Members] IPTABLES and VPN support
Next message: [KLUG Members] OpenLDAP and Active Directory synchronize
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 2006-04-12 at 14:45 -0400, bill wrote:
> On Wed, 2006-04-12 at 13:57, Adam Tauno Williams wrote:
> 
> > > So I would need a firwall between my
> > > VPN server and my boxes that provide the stream. 
> > 
> > Yep.
> 
> Can you explain that one? It sounds like you are saying you need two
> firewalls on your LAN.  One between your network and the internet, the
> other between your VPN server and your network.

Maybe, I'm trying to figure this out. I want to get data FROM BoxB
(probably in a DMZ) TO BoxA.
Which is more secure?
This is complicated because we want BoxB to be really be two redundant
servers for fail over. i.e. When BoxA looses connection to BoxB1 it will
then connect to BoxB2. To accomplish this I think I need Option1.
I don't see how Option 2 would work with failover.

Option 1:
                                          ----- VPN server---FW---BoxB
                                         /   
                                        /   
         BoxA---VPNclient---FW---Internet---FW----MyLAN

Option 2:

                                        ----- VPNclient---FW---BoxB
                                       /   
                                      /   
         BoxA---FW--VPNserver--Internet---FW----MyLAN

Previous message: [KLUG Members] IPTABLES and VPN support
Next message: [KLUG Members] OpenLDAP and Active Directory synchronize
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Members mailing list