[Cu-wireless] firewall rules, tunneling
dyoung at ojctech.com
Mon Dec 9 11:56:45 CST 2002
On Mon, Dec 09, 2002 at 09:31:23AM -0600, Ralph Johnson wrote:
> > 1 We need some firewall rules to protect the subscriber side of our nodes.
> > If you want to go the extra mile, find a teeny-tiny Web server that
> > will serve up an easy-to-use firewall configurator on the subscriber
> > side.
> Could you explain in more detail what you want? Perhaps give examples?
I am looking for a safe default configuration which lets the subscriber
get out, but which protects the subscriber from baddies getting in.
Sorry I cannot be more specific, I am looking for somebody to lead
The Web configurator should be able to relax the protections to allow
for servers and for certain firewall-unfriendly apps to work.
> > 2 For subscribers' privacy, we need for some brave soul to invent a
> > secure scheme for tunneling over wireless to a tunnel server which is
> > attached to the Internet. I can point you to docs to get you started on
> > NetBSD. I imagine the tunnel server will be a Linux machine at Zach's.
> Madhur Nigam has been working with me to figure out how to make tunnels from
> one NetBSD box to another. We are tunneling with ssh so it should be
> portable. We are working on a variety of related issues, like how to get
> the private key when the router gets rebooted, even though the router has no
> disk. So, you can assume we will take care of it.
David Young OJC Technologies
dyoung at ojctech.com Engineering from the Right Brain
Urbana, IL * (217) 278-3933
More information about the CU-Wireless