[CentOS] Ideas for stopping ssh brute force attacks

Bill Campbell centos at celestial.com
Tue Jul 22 03:37:39 UTC 2008

On Mon, Jul 21, 2008, John R Pierce wrote:
> Bo Lynch wrote:
>> we have been looking at implementing OpenVPN to allow access to the
>> internal LAN. For a firewall, we basically have iptables with 2 nics doing
>> NAT. So would the OpenVPN server live inside of our private network and
>> just do some forwards with iptables on the firewall or would it be better
>> to implement it with by itself with 2 nics one on the public and one on
>> the private?
> openvpn uses a simple TCP socket for its transport, so sure, port  
> forwarding would work fine.    or running it ON your firewall server, if  
> thats something which openvpn can run on (pfsense, any linux firewall, 
> etc).

Actually the public interface with OpenVPN is udp by default.  We
have been using it for a while now with a variety of clients,
Windows, Mac OS X, and other Linux boxen.

INTERNET:   bill at celestial.com  Bill Campbell; Celestial Software LLC
URL: http://www.celestial.com/  PO Box 820; 6641 E. Mercer Way
Voice:          (206) 236-1676  Mercer Island, WA 98040-0820
Fax:            (206) 232-9186

A paranoid is a man who knows a little of what's going on.
		-- William S. Burroughs

More information about the CentOS mailing list