[Cu-wireless] firewall rules, tunneling

David Young dyoung at ojctech.com
Mon Dec 9 11:56:45 CST 2002

On Mon, Dec 09, 2002 at 09:31:23AM -0600, Ralph Johnson wrote:
> > 1 We need some firewall rules to protect the subscriber side of our nodes.
> > If you want to go the extra mile, find a teeny-tiny Web server that
> > will serve up an easy-to-use firewall configurator on the subscriber
> > side.
> Could you explain in more detail what you want?  Perhaps give examples?

  I am looking for a safe default configuration which lets the subscriber
  get out, but which protects the subscriber from baddies getting in.
  Sorry I cannot be more specific, I am looking for somebody to lead
  on this.

  The Web configurator should be able to relax the protections to allow
  for servers and for certain firewall-unfriendly apps to work.

> > 2 For subscribers' privacy, we need for some brave soul to invent a
> > secure scheme for tunneling over wireless to a tunnel server which is
> > attached to the Internet. I can point you to docs to get you started on
> > NetBSD. I imagine the tunnel server will be a Linux machine at Zach's.
> Madhur Nigam has been working with me to figure out how to make tunnels from
> one NetBSD box to another.  We are tunneling with ssh so it should be
> portable.  We are working on a variety of related issues, like how to get
> the private key when the router gets rebooted, even though the router has no
> disk.  So, you can assume we will take care of it.

  Sounds good.


David Young             OJC Technologies
dyoung at ojctech.com      Engineering from the Right Brain
                        Urbana, IL * (217) 278-3933

More information about the CU-Wireless mailing list