Need an ISP in TO
James Knott
james.knott-bJEeYj9oJeDQT0dZR+AlfA at public.gmane.org
Wed Jun 29 16:24:07 UTC 2005
CLIFFORD ILKAY wrote:
> On June 29, 2005 09:15, Michael J. Pawlowsky wrote:
>>James Knott wrote:
>>>Incidententally, why do you need a static IP for a firewall? If you're
>>>
>>>basing rules on IP, rather than port, you're doing it wrong.
>>We keep a dozen or so servers in Texas which are firewalled and we only
>>allow specific IP ranges into them for many of the services.
>>So it is easier if they have a static IP so that we do not have to
>>change the firewall rules when their IP changes.
>
> You could achieve the same goal, i.e. preventing users from unauthorized hosts
> from connecting, by using an IPSec VPN. You could also use ssh and disallow
> password authentication.
Or almost any other VPN. For example, I use OpenVPN. If I don't have
the key, I don't get in. SSH is another option, depending on requirements.
--
The Toronto Linux Users Group. Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml
More information about the Legacy
mailing list