[CentOS] Ideas for stopping ssh brute force attacks
Bill Campbell
centos at celestial.com
Tue Jul 22 03:37:39 UTC 2008
On Mon, Jul 21, 2008, John R Pierce wrote:
> Bo Lynch wrote:
>> we have been looking at implementing OpenVPN to allow access to the
>> internal LAN. For a firewall, we basically have iptables with 2 nics doing
>> NAT. So would the OpenVPN server live inside of our private network and
>> just do some forwards with iptables on the firewall or would it be better
>> to implement it with by itself with 2 nics one on the public and one on
>> the private?
>
> openvpn uses a simple TCP socket for its transport, so sure, port
> forwarding would work fine. or running it ON your firewall server, if
> thats something which openvpn can run on (pfsense, any linux firewall,
> etc).
Actually the public interface with OpenVPN is udp by default. We
have been using it for a while now with a variety of clients,
Windows, Mac OS X, and other Linux boxen.
Bill
--
INTERNET: bill at celestial.com Bill Campbell; Celestial Software LLC
URL: http://www.celestial.com/ PO Box 820; 6641 E. Mercer Way
Voice: (206) 236-1676 Mercer Island, WA 98040-0820
Fax: (206) 232-9186
A paranoid is a man who knows a little of what's going on.
-- William S. Burroughs
More information about the CentOS
mailing list