-----BEGIN PGP SIGNED MESSAGE-----
>>>>> "Linas" == Linas Vepstas <linas_at_linas.org> writes:
Linas> On Tue, Jun 25, 2002 at 06:09:07AM -0500, Greg Scott was heard to remark:
>> Why not take NFS off the gateway machine and put another NFS server box
>> behind the gateway machine? I have a customer with this setup and it
>> works well.
Linas> The NFS server is not on the 'central office' gateway machine.
Linas> That's not where the problem lies.
Linas> I'm talking about the NFS client, the thing that is issueing the 'mount'
Linas> command. The NFS client is on a laptop which needs secure access.
Linas> Ergo, there is a firewall and a freeswan gateway on the laptop.
Linas> That's why I want the laptop to present itself to the internal network
Linas> with its internal address, and not the default route.
Yes. You need source address selection rules. For this you need advanced
routing to set the route to your HQ-network. We intend to integrate this into
a 2.00 release.
Numerous postings have had such a file.
There is one at http://www.wavesec.org/secwlan_updown
It is not ideal - you can only pick one default source per system, it is
set in /etc/sysconfig/defaultsource.
] ON HUMILITY: to err is human. To moo, bovine. | firewalls [
] Michael Richardson, Sandelman Software Works, Ottawa, ON |net architect[
] mcr_at_sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another NetBSD/notebook using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: latin1
Comment: Finger me for keys
iQCVAwUBPSee+YqHRg3pndX9AQGOeAQAq8iG/LIcno4R6TX0yhNz2ic39LZgiLVy
TjaQOuuopaL7EwK3BC6zKDxfI8d6zzC4dHWnlcIrLPB57K/dMxXXh6trKKFtqyZH
TEzzUKOLOMr8pHXnL8dq84AcodkIWvNm13bFXnNRsjBG/z93wHAAiUPjFZrySbRF
AciOiJ9c0Hw=
=WWCj
-----END PGP SIGNATURE-----
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:20:18 CEST