Questions and Answers

Amy Rich

Thanks to Darren Dunham for pointing out an omission in the May issue. When discussing how to set up Solaris for printing to an HP printer, I neglected to mention that Solaris 8 doesn’t actually ship with a bootpd. You can use the one available from HP in the jetdirect package. Other operating systems that come with their own bootpd can be configured without additional software, though. You can also use the dhcpd that comes with Solaris, but the required configuration steps are different.

Q. At work we have a SonicWall VPN, and a number of home users have SonicWall’s VPN client installed on their home PCs and working fine. We also have a cablemodem user with one dynamic IP that needs to access the network. Instead of having his PC hooked up to the cablemodem directly, he has a Solaris 8 machine acting as a gateway for his RFC1918 LAN. He only wants to use the VPN client on one of his PCs, though. The Solaris box is using ipfilter to do packet filtering and one to many NAT for various types of hardware on his LAN. Unfortunately, since he’s doing NAT, he can’t get his PC to talk to our VPN box. I took a look at the ipfilter package and the mailing list and FAQ, but there doesn’t seem to be any clear-cut advice on how to set this up, if it’s even possible. Do you have any pointers on how we could get this user connected to our VPN?

A. The SonicWall VPN uses IPSec to create the connection between your office and your home users. Some background information about IPSec will probably help you understand the solution to the NAT issue. For some basic definitions, I’ll quote from the IPSec RFC (http://www.faqs.org/rfcs/rfc2401.html). Other RFCs that you may want to take a close look at include:

AH: RFC2402 —