vidually,
> > but seem to ignore a broadcast.
>
> Phew - I thought I was going mad.
>
> That's correct over here as well.
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
/proc/sys/net/ipv4/icmp_echo_ignore_broadcasts defaults to zero for
historical reason
Jason Costomiris writes:
> On Monday, February 3, 2003, at 01:38 PM, Dick St.Peters wrote:
>
> > A DMZ accessed _only_ over a VPN isn't much of a DMZ. The usual
> > purpose for a DMZ is a place to locate bastion hosts that provide
> > public services and run
to IPsec-speaking boxes. If you don't,
you don't.
CIPE was originally developed for Linux, but it's been ported to
Win2K, so boxes that could talk CIPE are common on most networks.
--
Dick St.Peters, [EMAIL PROTECTED]
--
redhat-list mailing list
unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe
https://listman.redhat.com/mailman/listinfo/redhat-list
Jason Costomiris writes:
> On Sunday, February 2, 2003, at 11:11 PM, Dick St.Peters wrote:
> > Giving a remote site access to the DMZ over the VPN is exactly the
> > example intended.
>
> Ok, if that's the case, what's wrong with RFC 1918 space in the DMZ???
>
Jason Costomiris writes:
> On Sunday, February 2, 2003, at 03:41 PM, Dick St.Peters wrote:
> >
> > A DMZ with RFC1918 private-IP-space addressing? I'll grant that's
> > imaginative ... kinda useless though.
>
> Useless? Hardly. Most ISPs aren't handin
Jason Costomiris writes:
> On Saturday, February 1, 2003, at 09:31 PM, Dick St.Peters wrote:
> > Oh yee of little imagination ... start with the obvious case: two NICs
> > on the gateway, one in net2, the site's DMZ, another in net3, its
> > internal network. Aggregat
Jason Costomiris writes:
> On Saturday, February 1, 2003, at 03:17 PM, Dick St.Peters wrote:
>
> >> net1 <--> net2/net3
> >>
> >> This requires good network planning.
> >
> > No, this requires planning your network around IPsec, which is not
th stunnel and ssh, so he has a choice of many VPN
solutions.
There may be times when recommending vendor VPN solutions is
appropriate, but in my opinion this is not one of them.
--
Dick St.Peters, [EMAIL PROTECTED]
--
redhat-list mailing list
unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe
https://listman.redhat.com/mailman/listinfo/redhat-list
ts own headers, and its builds are
supposed to use them. However, there's no guarantee that all drivers
and modules do things right, especially for less common add-ons. Then
which kernel headers you have installed can matter.
--
Dick St.Peters, [EMAIL PROTECTED]
--
redhat-list mailing l
1. net1 <--> net2
2. net1 <--> gateway2
3. net1 <--> net3
4. gateway1 <--> net2
5. gateway1 <--> gateway2
6. gateway1 <--> net3
IPSEC has other complexities too. They are useful when you need them,
but they easily get in the rway when you
w minutes under load.
Switching to CIPE and later OpenVPN gave robust tunnels over the same
network path.
That said, I have a user who has been using a stunnel/PPP tunnel for
almost two years, and his tunnel stays up for weeks at a time.
--
Dick St.Peters, [EMAIL PROTECTED]
--
redhat-li
s are commented out.
After building a kernel with the patches applied, all my NFS problems
have gone away, at least so far. That leaves me wondering why RedHat
doesn't use the patches ... what do they know that I don't?
--
Dick St.Peters, [EMAIL PROTECTED]
--
redhat-list mailing list
uns
fine.
(Go to www.nz.netheaven.com to view a website through an OpenVPN
tunnel between upstate NY and New Zealand.)
--
Dick St.Peters, [EMAIL PROTECTED]
--
redhat-list mailing list
unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe
https://listman.redhat.com/mailman/listinfo/redhat-list
13 matches
Mail list logo
