Re: looking for a hub or switch that can connect a VPN and apply firewall rules to all ports

[Thomas Anderson <zelnaga () gmail com>]

On Fri, Aug 14, 2009 at 3:18 PM, Justin Mitchell<jgmitchell () gmail com> wrote:
> On Thu, Aug 13, 2009 at 3:00 PM, Thomas Anderson<zelnaga () gmail com> wrote:
> > Right now, I have maybe 10-20 computers plugged into a VPN enabled
> > router.  Problem with this setup is that if one computer behind the
> > router does something "bad" all the computers behind the router suffer
> > the consequences if the ISP decides to disable the connection,
> > temporarily or otherwise.  Normally, the way to work around this would
> > be to just get a hub or a switch and connect through that, however, if
> > that's done, all the computers would have to have VPN software
> > installed on them and managing 10-20 computers is much more of a
> > logistical challenge than managing one router.
> >
> > The ideal solution, it seems to me, would be a switch that connects
> > each port, individually, to the VPN.  If firewall rules could be
> > applied universally to all ports, as well, that'd be helpful.
> >
> > Any ideas?
>
> You are going to have this problem regardless, using a single shared
> connection for 10-20 computers. To prevent a single computer from
> affecting the others would require each computer to have it's own
> dedicated connection to the internet.

That's what I'm proposing.  I just don't want to have to setup 10-20
computers, individually, on a VPN - I'd much prefer to have some
single device route traffic for all of those 10-20 computers as
appropriate.  ie. I could have 10-20 routers configured in the same
way and each computer plugged into it's own router but that would
still be 10-20 devices to manage.  Granted, that would be easier than
reinstalling VPN software every time a computer gets reformated, but
still.

I don't get internet access through a cable modem, DSL modem, or
anything like that - I get it through a single 100mbit ethernet
connection.  The router has its own IP address assigned through DHCP
and if I had the computers connected to a hub instead of a router it
would be each of the 10-20 computers that would be doing the DHCP
request instead - not the router.

I could plug a hub into the router and replug all the computers on the
LAN to the hub.  Once that's done, I could use promiscuous mode on a
dedicated computer to police the network, myself, and although that
would have some merit, it wouldn't solve the problem at hand unless I
were using the exact same rules my ISP was and for some reason, I
don't think my ISP's going to be *that* helpful.

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------