Re: [Nufw-users] nufw in production environments

[Javier de Miguel Rodríguez]

Vincent Deffontaines escribió:

> hareram said:
>  
>
> > Hi
> >
> > its very itnresting to hear that u have successfully installed
> >
> > can you send me the steps
> > and Iptables scripts to run on linux
> > what distro have installed ??
> >    
>
>
> We have developped a tool to generate netfilter rules, customized for NuFW
> (or not). The tools is named Nuface and will be released soon.
>
> Else, the principle of generating netfilter rules by hand works too, as
> described in the documentation.
>
> I cannot send you the iptables script as it is specific to my client, and
> of course tells many things about his topology/internal informations.
> However, the principles are simple :
> send to QUEUE SYN, SYN ACK, and FIN packets to authenticate.
>  

One tip... that ONLYworks with tcp. If you use -m state --state NEW to 
QUEUE all protocols should work,
not only tcp... or am i missing something?

> Vincent
>
>  
>
> > hare
> > ----- Original Message -----
> > From: "Vincent Deffontaines" <address@hidden>
> > To: <address@hidden>
> > Sent: Thursday, April 28, 2005 1:30 AM
> > Subject: Re: [Nufw-users] nufw in production environments
> >
> >
> > Matthew Branton said:
> >    
> >
> > > hi everyone,
> > >
> > > I am interested in know if anyone has had any success deploying nufw in
> > > 100-500 user environments.  Specifically whether or not the clients
> > > work well in a windows terminal services / ltsp environment.  Any
> > > insight would be appreciated. :)
> > >      
> > Ok, here we go now.
> > We have finished an installation on a 250 users network last week.
> > It runs like a charm.
> > Clients are 99% windows 2K/XP, which are running a service for
> > authentication. The service grabs the login and password directly from the
> > user starting their session, so this behaviour is 100% transparent to the
> > user.
> >
> > Also, the login/password is integrated to the Windows NT domain.
> >
> > The performances of the engine are, as we thought, very fine. Nuauth runs
> > with quite little ressources, and there is no perception from users about
> > the extra filtering tasks.
> >
> > As a résumé, very positive experience.
> >
> > Feel free to ask for more specific details if needed.
> >
> > Vincent
> >
> >
> >
> >
> > _______________________________________________
> > Nufw-users mailing list
> > address@hidden
> > http://lists.nongnu.org/mailman/listinfo/nufw-users
> >
> >
> >
> >
> >    
>
>
>
>
> _______________________________________________
> Nufw-users mailing list
> address@hidden
> http://lists.nongnu.org/mailman/listinfo/nufw-users
>