DOCSLIB.ORG

About Ipfire Because Ipfire Is More T Han Just a Firewall

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

About IPFire Because IPFire is more t han just a firewall IPFire An Open Source Firewall Distribution IPFire was designed with both modularity and a high-level of flexibility in mind. You can easily deploy many variations of it, such as a firewall, a proxy server or a VPN gateway. The modular design ensures that it runs exactly what you've configured it for and nothing more. Everything is simple to manage and update through the package manager, making maintenance a breeze. The IPFire development team understands that security means different things to different people and certainly can change over time. The fact that IPFire is modular and flexible make it perfect for integrating into any existing security architecture. Don't forget that ease-of-use is a key principle. If all this sounds a little too much for you, IPFire comes with great default settings out-of-the-box, meaning it's a snap to get going quickly! Above are some links that we encourage you to click through. Please take a look at all of the features and possibilities which IPFire offers for your network. Security The primary objective of IPFire is security. As there is of course no one, single way to achieve network security, it is important for a network administrator to understand their environment and what the term security means in the context of their own network. IPFire forms the base of a secure network. It has the power to segment networks based on their respective security levels and makes it easy to create custom policies that manage each segment (see the Firewall page for more information). Security of the modular components is a top priority. Updates are digitally signed and encrypted, as well as can be automatically installed by Pakfire (the IPFire package management system). Since IPFire is typically directly connected to the Internet, it is going to be a primary target for hackers and other threats. The simple Pakfire package manager helps administrators feel confident that they are running the latest security updates and bug fixes for all of the components they utilize. IPFire 2.15 - Core Updat e 77 Since IPFire 2.15 (http://planet.ipfire.org/post/feature- highlights-ipfire-2-15-1-hardening-the-system), the IPFire Linux kernel is patched with the grsecurity (http://grsecurity.net) patchset, which pro-actively hardens the kernel against various forms of attacks. Most importantly, it protects from zero-day exploits by eliminating entire bug classes and exploit vectors. It makes stack buffer overflows almost impossible to exploit and comes with strict access controls, that make it harder for attackers to cause harm to the system. Ñ About IPFire FirewallÑ Security Ñ Firewall IPFireÑ Pakfire employs a Stateful Packet Inspection (SPI) firewall, which is built on top of netfilter (the Linux packet filtering framework). Ñ Updates During the installation of IPFire, the network is configured into different, separate segments. This segmented security scheme means that there is a perfect place for each machine in the Ñ Dialup network. These different segments may be enabled separately, depending on your requirements.Ñ Web Proxy Each segment represents a group of computers who share a common security level: Ñ Cryptography Green Green represents a "safe" area. This is where all regular clients will reside. It is Ñ VPN usually comprised of a wired, local network. Clients on Green can access all other network segments without restriction. Ñ Intrusion Detection Red Red indicates "danger" or the connection to the Internet. Nothing from Red is Ñ Quality permittedof Service to pass through the firewall unless specifically configured by the administrator. Ñ Hardware Blue Blue represents the "wireless" part of the local network (chosen because it's Ñ Virtualizationthe color of the sky). Since the wireless network has the potential for abuse, it is uniquely identified and specific rules govern clients on it. Clients on this Ñ Wirelessnetwork Access segmentPoint must be explicitly allowed before they may access the network. Orange Orange is referred to as the "demilitarized zone" (DMZ). Any servers which are publicly accessible are separated from the rest of the network here to limit security breaches. IPFire 2.15 - Core Updat e 77 With IPFire 2.15, the graphical user interface has been completely rewritten and massively extended with new functionality. It is now possible to manage groups of hosts or services. That makes it simpler to create many similar rules for a great number of hosts, networks or services. Managing firewall rules has never been easier before. Because even with a big number of rules, the configuration remains easily manageable and that makes it possible to build more restrictive configurations without losing control. Additionally, the firewall can be used to control outbound Internet access from any segment. This feature gives the network administrator complete control over how their network is configured and secured. Firewall Documentation (http://wiki.ipfire.org/en/configuration/firewall/start) (http://static.ipfire.org/static/images/screenshots/en/firewall/rules.png?v=e8c6d) (http://static.ipfire.org/static/images/screenshots/en/firewall/new-rule.png?v=8db69) (http://static.ipfire.org/static/images/screenshots/en/firewall/service-groups.png?v=4534e) (http://static.ipfire.org/static/images/screenshots/en/firewall/host-groups.png?v=005e6) (http://static.ipfire.org/static/images/screenshots/en/firewall/connections-1.png?v=6707c) Pakfire The IPFire package management system From a technical point of view, IPFire is a minimalistic, hardened firewall system which comes with an integrated package manager called Pakfire. The primary task of Pakfire is to update the system with only a single click. It is very easy to install security patches, bugfixes and feature enhancements (/features/updates), which make IPFire safer and faster - or simply: better. Another task of Pakfire is to install additional software that adds new functionality to the IPFire system. Some useful of them are: File sharing services such as Samba and vsftpd Communications server using Asterisk Various command-line tools as tcpdump, nmap, traceroute and many more. (http://static.ipfire.org/static/images/screenshots/en/pakfire/pakfire-overview-1.png? v=bed95) (http://static.ipfire.org/static/images/screenshots/en/pakfire/addon-services-1.png? v=14eb2) Pakfire as a build syst em The next major release of IPFire will also ship a new generation of the Pakfire packagement system. This new generation has been made faster, more secure, more easy to handle and adds a whole bunch of new features. One of this features is that pakfire is now the buildsystem as well. Having a customized build system for the needs of IPFire and the IPFire developers improved the development process very much. Building new packages became a lot more easy and less time-consuming. Quality assurance became more social right now. Check it out at pakfire.ipfire.org (http://pakfire.ipfire.org/). Updates IPFire is based on Linux, which is the best Open Source kernel around. Additionally, IPFire is not based on any other distribution like Knoppix is on Debian. It is compiled from the sources of every single package. This comsumes a lot of work, but finally gives the opportunity to not rely on the update cycles of others. The advantages we gain is that we are able to select very stable versions of software and build the distribution from them. For example is the most part of the distribution quite well tested and long maintained - in contrast to the kernel which is very recent and regularly updated with patches to support as much hardware as possible and more importantly fix security errors. This is what makes IPFire a very strong and hardened system. To keep up that strength and be prepared for new hardware (/features/hardware), we give out the so called Core Updates which are issued in about every four weeks and updating collected fixes. If there is a security emergency, we provide updates in less than a day to overcome zero-day holes in the system. All of the updates can be installed by the package management system (/features/pakfire) and users are notified by mail. So in all cases, the update is just a simple click and your system is running safe again. Dialup IPFire as an Internet Gateway is able to dialup through various techniques to connect to the Internet. It supports all popular types of broadband access, as well as mobile access: VDSL VDSL is short for Very High Data Rate Digital Subscriber Line and it currently offers bandwidth up to 50 Mbit/s downstream and 10 Mbit/s upstream. VDSL brings the possibility of using new technologies such as IPTV. With IPFire, a conventional router can be replaced by a full-fledged system that brings the IPTV stream into your own home network. ADSL/ SDSL Conventional DSL is also supported, although it is technically called also PPPoE or PPPoA. In some countries, the PPTP protocol is also widely used and it is also fully supported by IPFire. Ethernet Over Ethernet, IPFire can also be connected to the Internet and obtain an IP address either via DHCP or static configuration. 4G/ 3G Mobile broadband connections over USB modems, which are also known by the names UMTS, 3G, CDMA, HSDPA or LTE are also supported by IPFire. Web proxy IPFire includes a full-fledged web proxy, which is the well-known, open-source software Squid. It is used by ISPs, universities, schools and large companies use because of its diversity, stability and mature development. Even for small home networks, it is a useful feature. In addition to the stateful paket inspection (SPI) filtering by the firewall on the TCP/IP layer, the web content which is transmitted over HTTP, HTTPS or FTP can be analyzed and filtered as well.
Recommended publications
  • Proceedings of the Bsdcon 2002 Conference

    Proceedings of the Bsdcon 2002 Conference

    USENIX Association Proceedings of the BSDCon 2002 Conference San Francisco, California, USA February 11-14, 2002 THE ADVANCED COMPUTING SYSTEMS ASSOCIATION © 2002 by The USENIX Association All Rights Reserved For more information about the USENIX Association: Phone: 1 510 528 8649 FAX: 1 510 548 5738 Email: [email protected] WWW: http://www.usenix.org Rights to individual papers remain with the author or the author's employer. Permission is granted for noncommercial reproduction of the work for educational or research purposes. This copyright notice must be included in the reproduced paper. USENIX acknowledges all trademarks herein. Flexible Packet Filtering: Providing a Rich Toolbox Kurt J. Lidl Deborah G. Lidl Paul R. Borman Zero Millimeter LLC Wind River Systems Wind River Systems Potomac, MD Potomac, MD Mendota Heights, MN [email protected] [email protected] [email protected] Abstract The BSD/OS IPFW packet filtering system is a well engineered, flexible kernel framework for filtering (accepting, rejecting, logging, or modifying) IP packets. IPFW uses the well understood, widely available Berkeley Packet Filter (BPF) system as the basis of its packet matching abilities, and extends BPF in several straightforward areas. Since the first implementation of IPFW, the system has been enhanced several times to support additional functions, such as rate filtering, network address translation (NAT), and traffic flow monitoring. This paper examines the motivation behind IPFW and the design of the system. Comparisons with some contemporary packet filtering systems are provided. Potential future enhancements for the IPFW system are discussed. 1 Packet Filtering: An Overview might choose to copy only this data.
  • Hotspot Feature for Wi-Fi Clients with RADIUS User Authentication on Digi Transport

    Hotspot Feature for Wi-Fi Clients with RADIUS User Authentication on Digi Transport

    Application Note 56 Hotspot feature for Wi-Fi clients with RADIUS User Authentication on Digi TransPort. Digi Support November 2015 1 Contents 1 Introduction ......................................................................................................................................... 4 1.1 Outline ......................................................................................................................................... 4 1.2 Assumptions ................................................................................................................................ 4 1.3 Corrections .................................................................................................................................. 4 2 Version .................................................................................................................................................5 3 Configuration .......................................................................................................................................5 3.1 Mobile Interface Configuration .....................................................................................................5 3.2 Ethernet Interface Configuration ................................................................................................. 6 3.2.1 ETH 0 Configuration ................................................................................................................. 6 3.2.2 ETH 12 Logical Interface Configuration ....................................................................................
  • Ipv6 DMZ Web Service Technology Design Guide

    Ipv6 DMZ Web Service Technology Design Guide

    IPv6 DMZ Web Service Technology Design Guide August 2014 Series Table of Contents Preface ........................................................................................................................................1 CVD Navigator .............................................................................................................................2 Use Cases .................................................................................................................................. 2 Scope ......................................................................................................................................... 2 Proficiency .................................................................................................................................. 2 Introduction .................................................................................................................................3 Technology Use Cases ............................................................................................................... 3 Use Case: Enable Native IPv6 Access for Network Traffic Between the Internet and a Web Server DMZ Network.............................................................................................................. 3 Use Case: Enable IPv6 Access for Network Traffic Between the Internet and an IPv4-only Web Server DMZ Network ..................................................................................................... 3 Design Overview ........................................................................................................................
  • Iptables with Shorewall!

    Iptables with Shorewall!

    Iptables with shorewall! Table of Contents 1. Install swarmlab-sec (Home PC) . 1 2. shorewall . 1 2.1. Installation . 2 3. Basic Two-Interface Firewall. 2 4. Shorewall Concepts . 3 4.1. zones — Shorewall zone declaration file . 3 4.2. interfaces — Shorewall interfaces file. 4 4.3. policy — Shorewall policy file . 4 4.4. rules — Shorewall rules file . 4 4.5. Compile then Execute . 4 5. Three-Interface Firewall. 5 5.1. zones . 6 5.2. interfaces . 6 5.3. policy . 7 5.4. rules . 7 5.5. masq - Shorewall Masquerade/SNAT definition file . 7 5.6. snat — Shorewall SNAT/Masquerade definition file . 8 5.7. Compile and Execute . 8 1. Install swarmlab-sec (Home PC) HowTo: See http://docs.swarmlab.io/lab/sec/sec.adoc.html NOTE Assuming you’re already logged in 2. shorewall Shorewall is an open source firewall tool for Linux that builds upon the Netfilter (iptables/ipchains) system built into the Linux kernel, making it easier to manage more complex configuration schemes by providing a higher level of abstraction for describing rules using text files. More: wikipedia 1 NOTE Our docker instances have only one nic to add more nic’s: create netowrk frist docker network create --driver=bridge --subnet=192.168.0.0/16 net1 docker network create --driver=bridge --subnet=192.168.0.0/16 net2 docker network create --driver=bridge --subnet=192.168.0.0/16 net3 then connect network to container connect network created to container docker network connect net1 master docker network connect net1 worker1 docker network connect net2 master docker network connect net2 worker2 now let’s look at the following image 2.1.
  • Firewall and Proxy Server HOWTO Firewall and Proxy Server HOWTO

    Firewall and Proxy Server HOWTO Firewall and Proxy Server HOWTO

    Firewall and Proxy Server HOWTO Firewall and Proxy Server HOWTO Table of Contents Firewall and Proxy Server HOWTO................................................................................................................1 Mark Grennan, mark@grennan.com.......................................................................................................1 1. Introduction..........................................................................................................................................1 2. Understanding Firewalls......................................................................................................................1 3. Firewall Architecture ..........................................................................................................................1 4. Setting up the Linux Filtering Firewall ...............................................................................................1 5. Software requirements.........................................................................................................................1 6. Preparing the Linux system.................................................................................................................1 7. IP filtering setup (IPFWADM)............................................................................................................2 8. IP filtering setup (IPCHAINS).............................................................................................................2 9. Installing a Transparent SQUID
  • Multiple Internet Connections by Balancing Traffic and Managing Failover with Zeroshell

    Multiple Internet Connections by Balancing Traffic and Managing Failover with Zeroshell

    Multiple Internet Connections by Balancing Traffic and Managing Failover With Zeroshell The purpose of this document is to describe the creation of a router to access a network that uses multiple Internet connections in order to balance the outgoing LAN demand and to obtain network access redundancy, managing fault situations for one or multiple lines. To reach our objective, we shall use the Net Balancer module by Zeroshell. Lastly, we shall examine the possibility of aggregation (Bonding) of VPN aimed at increasing the bandwidth for point-to-point connection between remote locations via the Internet. Is it really possible to increase the Internet connection bandwidth? The answer to this question is not, "yes, absolutely." It depends on what you mean by increasing the Internet connection bandwidth. In essence, the Net Balancer distributes requests originating from the LAN by round-robin (weighed) policy over multiple Internet gateways. In other words, if at a given point in time there is only one LAN user making only one TCP connection (e.g. he executes only one download from the web), his traffic will flow from a single gateway, thus it would not benefit from balanced connections. Instead, if the LAN is crowded with users, each executing multiple requests at the same time, as a whole, their connections will have access to a higher bandwidth, equal to the sum of the single-access bandwidths. We then conclude that a single connection may never have more bandwidth than what offered by a single link, while multiple simultaneous connections will, on average, altogether have access to a greater bandwidth, which will stretch to the sum of the bandwidths of all the Internet links being balanced.
  • Block Icmp Ping Requests

    Block Icmp Ping Requests

    Block Icmp Ping Requests Lenard often unpenned stutteringly when pedigreed Barton calques wittingly and forsook her stowage. Garcia is theropod vermiculatedand congregate unprosperously. winningly while nonnegotiable Timothy kedges and sever. Gyrate Fazeel sometimes hasting any magnetron Now we generally adds an email address of icmp block ping requests That after a domain name, feel free scans on or not sent by allowing through to append this friendship request. Might be incremented on your Echo press and the ICMP Echo reply messages are commonly as! Note that ping mechanism blocks ping icmp block not enforced for os. This case you provide personal information on. Send to subvert host directly, without using routing tables. Examples may be blocked these. Existence and capabilities is switched on or disparity the protocol IP protocol suite, but tcp is beat of. We are no latency and that address or another icmp message type of icmp ping so via those command in this information and get you? Before assigning it is almost indistinguishable from. Microsoft Windows found themselves unable to download security updates from Microsoft; Windows Update would boost and eventually time out. Important mechanisms are early when the ICMP protocol is restricted. Cisco device should be valuable so a host that block icmp? Add a normal packet will update would need access and others from. Now check if you? As an organization, you could weigh the risks of allowing this traffic against the risks of denying this traffic and causing potential users troubleshooting difficulties. Icmp block icmp packets. Please select create new know how long it disables a tcp syn flood option available in specific types through stateful firewalls can have old kernels.
  • Linksys E800 Router User Guide

    Linksys E800 Router User Guide

    User Guide Linksys E800 Linksys E800 Contents Contents Product overview How to find your network on the Internet 14 How to clone a MAC address 15 Package contents 1 How to connect to your corporate office using a VPN 15 Features 1 Back view 2 How to optimize your router for gaming and voice 16 Bottom view 2 How to remotely change your router settings 17 How to enable Voice over IP on your network 18 Setting Up: Basics How to configure UPnP 19 How to create a home network 3 How to use a router as an access point 19 What is a network? 3 How to put your new router behind an existing router 21 How to set up a home network 3 To add your router to an existing router or gateway 21 Where to find more help 3 To share an Internet connection 21 To extend your network 23 How to set up your router 3 How to start Cisco Connect 4 How to expose a device to the Internet 23 How to improve your wireless connection speed 5 How to test your Internet connection speed 5 Improving Security How to connect devices to your network 6 How do I know if my network is secure? 25 How to connect a computer to your network 6 How to connect a printer 8 Network security following a manual setup 25 How to connect other devices 8 How to set up wireless security using Wi-Fi Protected Setup 26 How to change your router’s name and password 10 Wi-Fi Protected Setup activity light 26 Connecting a device using the Wi-Fi Protected Setup button 26 How to connect a device using its Wi-Fi Protected Setup PIN 27 How to connect a device using the router’s Wi-Fi Protected Setup PIN 27
  • Internet Protocol Suite

    Internet Protocol Suite

    InternetInternet ProtocolProtocol SuiteSuite Srinidhi Varadarajan InternetInternet ProtocolProtocol Suite:Suite: TransportTransport • TCP: Transmission Control Protocol • Byte stream transfer • Reliable, connection-oriented service • Point-to-point (one-to-one) service only • UDP: User Datagram Protocol • Unreliable (“best effort”) datagram service • Point-to-point, multicast (one-to-many), and • broadcast (one-to-all) InternetInternet ProtocolProtocol Suite:Suite: NetworkNetwork z IP: Internet Protocol – Unreliable service – Performs routing – Supported by routing protocols, • e.g. RIP, IS-IS, • OSPF, IGP, and BGP z ICMP: Internet Control Message Protocol – Used by IP (primarily) to exchange error and control messages with other nodes z IGMP: Internet Group Management Protocol – Used for controlling multicast (one-to-many transmission) for UDP datagrams InternetInternet ProtocolProtocol Suite:Suite: DataData LinkLink z ARP: Address Resolution Protocol – Translates from an IP (network) address to a network interface (hardware) address, e.g. IP address-to-Ethernet address or IP address-to- FDDI address z RARP: Reverse Address Resolution Protocol – Translates from a network interface (hardware) address to an IP (network) address AddressAddress ResolutionResolution ProtocolProtocol (ARP)(ARP) ARP Query What is the Ethernet Address of 130.245.20.2 Ethernet ARP Response IP Source 0A:03:23:65:09:FB IP Destination IP: 130.245.20.1 IP: 130.245.20.2 Ethernet: 0A:03:21:60:09:FA Ethernet: 0A:03:23:65:09:FB z Maps IP addresses to Ethernet Addresses
  • Internet of Things

    Internet of Things

    8.5 GB Motorola Xiaomi Mi Lenovo A lightweight and Dual Layer DVD Moto Turbo A Powerful Processor Low on cost but high Yoga 3 Pro Free on performance premium quality Free Smartphone With a Brilliant Screen Pad Tablet Hybrid Laptop convertible `150 Remote Desktop Sharing with Chrome Recover Data from www.pcquest.com Encryped Hard Disk UNDERSTAND • CHOOSE • IMPLEMENT IT MAY 2015 with Ubuntu Internet of Things: The Road Ahead Key industries that are bullish on IoT and why, ISVs that live on IoT, 5 innovative IoT startups, latest trends on IoT adoption by businesses, and more... CONTEST: If your disks are missing, please ask your newsagent or email: [email protected] please ask your newsagent or email: If your disks are missing, WIN Ashampoo Snap 8 screen capturing tool and licensed copy of KEYWIN worth `44,000. See pg 58 for details Hot Trends: Developer Corner: The Pros and Cons of Net Neutrality How to Reduce Vulnerabilities in Android Apps How Online-only Mobile Brands are Shootouts Redefining Retail 12 Portable Bluetooth Speakers 5 Big Data Costs You Can’t Afford to Ignore 10 Budget Smartphones under `10,000 Subscribe to PCQuest and get antivirus worth `1,800 free. For details, go to pg. 74 92 pages including cover Contents 36 COVER STORY Internet of Things: The Road Ahead Moving beyond the initial euphoria, IoT has steadily progressed to impact our lives in several meaningful ways. Going forward we expect both businesses and individuals to make steady returns on their investments 38 5 Key Industries that are Bullish on IoT 42
  • Ipfire Duobox Business, 4 GB RAM, 64 GB SSD

    Ipfire Duobox Business, 4 GB RAM, 64 GB SSD

    Item no.: 323825 IPFire DuoBox Business, 4 GB RAM, 64 GB SSD from 462,37 EUR Item no.: 323825 shipping weight: 1.20 kg Manufacturer: IPFire Product Description IPFire DuoBox Business, 4 GB RAM, 64 GB SSDThis Firewall version was specifically designed for small offices und home offices, in which a stable and fast Internet connection is essential. The Duo Box Business provides you with fast Internet, while being low-cost and energy-efficient. It keeps your business connected and, most importantly, it keeps your network safe. Main Features: ● 2x Gigabit Ethernet for LAN and WAN ● 1x 300 Mbit dual-band Wi-Fi with access point mode ● optionally upgradeable with LTE Scope of Delivery: ● System ● Power Cable ● PSU ● 2x WLAN antennas Specifications Application: Firewall application for SOHO, branch offices and IoT Type: aluminum profile construction without venting holes, black anodized Dimensions (W x D x H): 134 x 108 x 55 mm Weight: 1.2 kg Cooling: directly attached to chassis Operating conditions: 0 - 50 °C / 80 % rel. humidity CPU: Intel Pentium 3558U, 2x 1.7 GHz RAM: 4 GB DDR3L Mainboard: customized eNUC platform I/O front (standard): 1x RS232, 1x USB 3.0, 1x Audio I/O back: 2x HDMI, 2x USB 3.0, 2x RJ45 (Realtek GLAN) I/O internal: internal I/O might be occupied - depending on your configuration, 1x mSATA/mPCIe full size, 2x USB 2.0 Storage: 1x 2.5" 64 GB SSD (industrial, MLC, 0 - +70 °C ) Graphics: Intel HD, up to 2 independend displays supported, max. resolution: 3840 x 2160 px Wireless LAN, Unex DNUR-S2 300 Mbit dual-band WLAN module LTE: Huawei 909u-5214G LTE (FDD) B1/B2/B3/B5/B7/B8/B203G DC-HSPA+/HSPA+/HSPA/UMTS B1/B2/B5/B82G EDGE/ GPRS/ GSM - 850/900/1800/1900MHz Power-In: DC wide-input 9..19V, 5.5 x 2.5 mm plug PSU: FSP060-DHAN3; external AC/DC adapterInput: 90 to 264 V ACOutput: 12 V / 60 W Power consumption: Idle 6 W, 100% load (Cel.) 11 W OS compatibility: IPFire, OPNSense, PFSense, Ubuntu Linux Scan this QR code to view the product All details, up-to-date prices and availability Powered by TCPDF (www.tcpdf.org).
  • How to Configure Some Basic Firewall and VPN Scenarios

    How to Configure Some Basic Firewall and VPN Scenarios

    AlliedWareTM OS How To | Configure Some Basic Firewall and VPN Scenarios Introduction This document provides examples that illustrate common configurations for security routers. You may want to make changes or enhancements to these configurations to customize them to your particular requirements. However, with the configurations provided here, you can be quickly operational with a reliable and secure Internet connection. What information will you find in this document? The first section provides the basic configuration for two likely methods that will be used for an Internet connection from the security router: z "Script A: basic Ethernet connection" on page 3 z "Script B: basic PPPoE configuration" on page 7 The second section provides three extra configurations to enable the router to support three popular forms of Virtual Private Network (VPN) connection, followed by a configuration for a Mail server on a DMZ. One or more of these additional scripts can be added to either of the basic configuration scripts: z "Script C: internal L2TP Network Server (LNS)" on page 11 z "Script D: IPsec tunnel" on page 13 z "Script E: PPTP server on LAN behind router" on page 16 Then the second section ends with an example in which private IP addresses are used on the DMZ LAN: z "Script F: DMZ using private addresses" on page 17 C613-16069-00 REV B www.alliedtelesis.com Introduction > Related How To Notes These six configuration examples are as general as possible, and no actual IP addresses have been specified. IP addresses are represented by placeholder names in angled brackets, for example, <dmz-ip-address>.