[TriLUG] Firewall/VPN?

Mike Johnson mike at enoch.org
Wed Nov 28 11:49:14 EST 2001 

Michael S Czeiszperger [czei at webperformanceinc.com] wrote:
 
> Has anyone local gotten this working? One question I have is if I'll need two 
> machines at home, one for the VPN/Firewall, and another to actually use. I've 
> never set up a Linux firewall before so I expect it will take quite a bit of 
> time to set up.

That specific one?  No.  I've used FreeS/Wan in the past, but my
current toy is using ppp over stunnel.  Works well and is easy to
set up.

You shouldn't need two separate systems.  It would be best, of
course, to have a dedicated vpn/firewall box, but if you don't
have one, the box you expect to 'actually use' can substitue
just fine.  Simply set it up as one of the end-points for the
VPN.
 
> Another problem is I don't have a fixed IP address at work. I could use 
> dyndns or another service to register a domain name with the work servers, 
> but was hoping to use a subdomain name like office.webperformanceinc.com. 
> Does anyone know the procedure for registering a sub-domain?

I don't think you're looking for a sub-domain so much as a hostname.
I'm assuming you'd like office.webperformanceinc.com to point at a
specific IP.  That's a host address.  Whoever manages webperformanceinc.com
for you (looks like Verio) would set this up.

The one issue you have is the dynamic IP address.  Verio will get
very annoyed with you rather quickly if you keep asking them to
update their DNS records every time you get a new IP address.  A
better way to handle this would be to use dyndns on your work
system, let it manage the IP to hostname issue, then have Verio
configure an alias to point at your dyndns name.

So, you would configure webperformanceinc.dyndns.org for your
work system, then ask Verio to make an alias for office.webperformanceinc.com
to point at webperformanceinc.dyndns.org.

What you would tell them is that you want a CNAME record 
(office.webperformanceinc.com) that points at webperformanceinc.dyndns.org
(which is an A record).  This way, the A record will get updated
every time you get a new address, but you'll be able to use
office.webperformanceinc.com because it's just an alias.

Mike
-- 
"Yeah it is! Cause he's bakin' in the...kitchen of darkness!  A pie of
lost souls...until it's golden brown!" -- Moltar on Space Ghost

More information about the TriLUG mailing list