Can someone give a critique of the options I present below?
In a nutshell, an ISP wants to isolate the ISP net
from their internal net. The internal net consists of a mix
of NT servers and UNIX servers. All the employees have Win95
machines at home. Both employees AND paying internet customers
dialin via the same modem pool. (Livingston Portmasters
authenticating against Linux Radius servers).
The main concern is employees being able to browse the NT shares
behind the firewall while keeping the external customers
(and internet at large) from doing so.
The ISP has decided on Gauntlet or Firweall-1. Reps from both
comapnies have told them the following:
Bring the internal customers directly into the internal-net by
placing a portmaster and radius server behind the firewall.
Then this isn't an issue.
Excuse me... but I thought modem banks behind the firewall
was Cardinal Sin #1??!!??
Keep internal and external people dialing in via the same point (like
now). Don't put modems behind the firewall. Use the SecuRemote
product on each employee's home machine to setup an encypted
tunnel between them and the firewall. Then allow those UDP packets
to flow through the firewall.
Umm.... isn't UDP through a firewall a bad idea?
Which one of these is a better option? I think they both suck,
so what would my alternative be? Thanks much for your attention.
Mark A. Bialik (414) 290-6749
Systems Administrator www.pmihwy.com/~markb
Preferred Medical Informatics markb @
Infinity HealthCare, Inc. mbialik @
Mequon, WI USA www.linux.org