1

I've setup a VPN server using Debians pptpd. This all works, but I want to restrict incoming connections so they can only access ports on the VPN server and not get access to other machines on the VPN servers local network.

I'm guessing this is a firewall rule? but i'm new to linux so am struggling a bit...

---- Additional info -----

The VPN Server is also hosting an SVN server, which is its real purpose, and the only service I want it to expose to incoming connections. I guess I could expose the SVN server directly, but I'm not confident that I could secure this correctly, so a VPN seemed to give an additional layer of security.

Sprotty
  • 121
  • 2

1 Answers1

1

Yeah... what are you using as your firewall?

The simplest implementation of this is to set up a rule that denies all traffic from external networks to your internal network, and add an exception for the VPN server at ip [blah] on ports [foo].

It's not great security, but unless you're willing and able to set up a DMZ network, it's what you've got to work with. And as it sounds like your local network is directly connected to the internet, I feel obligated to point at this is just begging for trouble.

HopelessN00b
  • 53,795
  • 33
  • 135
  • 209
  • Only the PPTP port is tunneled through the ADSL hub to the VPN server (all internal machines are NAT'ed), so the only exposure is the VPN port, I figure this is the best I can (easily) do as you say, without creating a DMZ? I've not done anything with a firewall yet, is there one thats easy to install and configure, I'm I expecting to much to hope for one with a gui? – Sprotty Jun 24 '12 at 06:47
  • On the firewall side of things is it also possible to tie the rule just to connections coming via the PPTPd. It would still be useful to be able to connect to the local network from the machine? – Sprotty Jun 24 '12 at 06:50
  • Unfortunately, I'm not very up with Linux firewall applications, as I spend most of my professional time working with Windows VMs, ESX and SQL. As far as the basics go, on Linux you're looking at iptables and squid, and I don't know what's out there that's easier. Sounds like something to ask over at a Linux-specific forum, or maybe even SuperUser. Sorry, I guess I misunderstood the question - I thought for some reason that you were talking about a dedicated firewall, rather than firewall software on Linux. – HopelessN00b Jun 25 '12 at 18:25