[Openswan Users] Is this a proper use for OpenS/WAN?
Faber Fedor
faber at linuxnj.com
Sun Mar 14 10:06:30 CET 2004
On Sun, Mar 14, 2004 at 12:47:11PM +0100, Paul Wouters wrote:
> On Sat, 13 Mar 2004, Faber Fedor wrote:
> > 2. I Want to do my testing between a Fedora Core 1 box and a databse
> > server running Red Hat 8.0. The actual installation will be on a Red
> > Hat 8.0 box. Any known problems?
>
> Yes, but don't use FC2, since that uses the 2.6 kernel with new ipsec code.
Thanks for the heds-up. I was going to upgrade the FC1 to FC2 today. I
Won't know. :-)
> > I am extremely paranoid. I don't like the fact that I'm opening a hole
> > in the firewall and that the website will have in it's possession credit
> > card information. However, the requirement states that this is all done
> > in realtime.
>
> Your biggest problem will be if the webserver is compromised and sends *new*
> credit card information it gets from visitors elsewhere.
I'm more concerend with someone compromising the webserver; they would
then have access to the internal network via the VPN tunnel.
> > So what I Was thinking was thins: setup a VPN tunnel between the website
> > and the database servers. The tunnel naturally goes through the
> > firewall.
>
> It seems better then no vpn, but that is almost always the case. Still, don't
> give the webserver a vpn into the entire local firewalled network, but just to
> a single dropoff server.
That's still the production (Database) server, but it is better than
nothing.
>From my (meager) understanding, what I would do is set up the LinkSys
firewall to allow access only from the IP of the webserver. Then I
Would somehow (through FreeS/WAN) set up a connection between the
webserver and the database server, right?
Thanks for all the info.
--
Regards,
Faber
Linux New Jersey: Open Source Solutions for New Jersey
http://www.linuxnj.com
More information about the Users
mailing list