Firewall Wizards: Re: fw-1 general & VPN questions

[Bennett Todd <bet () rahul net>]

1998-04-21-09:57:38 Lyndon David:
> Yes serial console lines on workstations are not very good. With regard to
> the idea of running ppp over the serial console. On a sun box if you send a
> break down the console line the box drops to the boot prom. I expect that
> there are ways around this behavoir by changing the prom variables.
I dunno about the prom; I can't find anything that seems helpful in the
variables from /usr/sbin/eeprom on a fairly recent ultra. But I wouldn't
expose a serial console to a dialin modem in any case.

However Suns have two serial ports, and the _other_ one works OK for
dialin. Of course a half-way-decent terminal server (e.g. a simple
little Cisco 2511) works _way_ better. For one or two lines of dialin
something I like even better is a laptop w/ PCMCIA modem. A Sun lets you
do 38kbps modem<==>server; a 2511 lets you do 115kbps. PCMCIA runs at
4Mbps with hardware flow control. That makes the modem<==>host latency
just about disappear. Run the modem with compression turned off and the
PPP latency ouches as little as practical; not as good as ISDN, but
still pretty good.. And if you use a laptop w/ PCMCIA modem(s) in the
rack, you get a UPS for free.

I _really_ like mjr's suggestion of ssh over PPP w/ ipfw or ipfilter
restricting the PPP interface to secure the link.

-Bennett