Hello folks!
So i've been using ClearOS for quite some time now (most of my installs still running 5.2) but a network I manage just got a little big 2000+ users, and I need to add some extra layers of security, my current setup as follows
ClearOS> Endian Firewall >WAN
ClearOS does the bandwidth management and Endian FW does the proxy (since it's AD Auth is free), now I need to put a packet fence box before ClearOS, so here comes the question:
Based on what I've read in packet fence mailing lists I will need to set up packet fence in routed mode so all traffic is just routed through it, but theres a catch, I need a source rule so the packets can go back the same way they came. Been a while since I played with iptables source nat/rules, so do you guys have any idea on how to do this one? Also is there anyone here using a similar setup? I mean at least ClearOS and Packet Fence? Cause my whole idea is to have packet fence with the real user ip still reaching the ClearOS box.
Thanks for any help guys.
So i've been using ClearOS for quite some time now (most of my installs still running 5.2) but a network I manage just got a little big 2000+ users, and I need to add some extra layers of security, my current setup as follows
ClearOS> Endian Firewall >WAN
ClearOS does the bandwidth management and Endian FW does the proxy (since it's AD Auth is free), now I need to put a packet fence box before ClearOS, so here comes the question:
Based on what I've read in packet fence mailing lists I will need to set up packet fence in routed mode so all traffic is just routed through it, but theres a catch, I need a source rule so the packets can go back the same way they came. Been a while since I played with iptables source nat/rules, so do you guys have any idea on how to do this one? Also is there anyone here using a similar setup? I mean at least ClearOS and Packet Fence? Cause my whole idea is to have packet fence with the real user ip still reaching the ClearOS box.
Thanks for any help guys.
Share this post:
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »