Svein Skogen (Listmail Account) wrote:
> Actually, I'd find an answer from the FreeBSD Networking gurus useful as
well. My trusted Cisco 3640 is getting old (had it's
ten-years-of-service birthday a little while ago), so I guess I must be
prepared to replace it with something new. Preferrably something that
can do proper NAT port mapping to the inside servers in an
RFC1918-adressed DMZ, proper NAT mapping for the client net, incoming
VPDN (virtual private dialin network, such as PPTP+MPE and L2TP+IPSEC
tunelling), sane IDS in the border-gateway, GRE or IPinIP tunelling with
crypto for remote-sites, etc
If somebody has a good starting-point for documentation on these
features, I'm more than willing to "do a procject on it" to create a
mini-howto/handbook-section on "setting up FreeBSD as your border
gateway", provided I have someone to ask when the documentation is ...
flaky. ;)
Although I feel that you'll have to write book to cover all the things
mentioned above, I'll try to reply to your question... These is just
pointers...
Several forms of NAT are supported with the following tools:
ipfw
pf
ipf
ng_nat
I doubt there is some form of NAT you will miss.
the net/mpd5 port can do PPTP, the MPPE part is blurry to me. L2TP is
supported for LNS/LAC scenarios. I don't know "if you can"/"how difficult
is to" combine IPSEC with L2TP.
The most famous open source IDS is snort, you'll find it in the ports.
For GRE and IPIP read gre and gif manual pages. Again, IPSEC is not
integrated to these, yet there is IKE support via ipsec-tools port.
You'll have to check for yourself the documentation. Though I can say that
all the FreeBSD stuff mentioned above are well documented as usual and
there is always this list if you have questions.
Good luck replacing the aging Cisco...
Nikos
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
