> My "remote network" is actually a roadwarrior (i.e. on the "internet" side). > Sorry I wasn't clear.
OK, so you're creating a host <-> subnet connection, with the subnet being your firewalled home network, and the host being a random road-warrior IP? > As a result, I would have to open it up to ANY valid ip address. Perhaps > opening it up is ok as long as I keep my firewall rules intact (ports 22 and > 80 are blocked on eth0 but ipsec0 bypasses those rules) If the answer to my above question is "yes", then this will work. You loose the hosts.allow/hosts.deny "defense in depth", but firewall rules should prevent any external users from hitting your ssh & weblet ports. NOTE: If you have any untrusted internal networks/machines, you'll have to explicitly firewall them with custom ipchains rules, or possibly stick them in hosts.deny (I think you can override hosts.allow with more specific settings in hosts.deny, but it's been a while since I read through the man pages...I'd test it before trusting any configuration anyway...). Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
