I have Suse 6.4 running as a firewall very well. I have to have some of my internal computers (W95) telnet via a Checkpoint client software to a VPN server on the internet. I have included both the ip address of the VPN server and the computer I telnet to in the fw_trusted_nets and set the fw_services_trusted_tcp to 1:65535. The VPN authenticates itself but will not connect to allow the telnet session to start. I went around the firewall and all connect just fine. Any suggestions? Eldon Berg __________________________________________________ Do You Yahoo!? Talk to your friends online with Yahoo! Messenger. http://im.yahoo.com
* Eldon Berg wrote on Mon, Oct 09, 2000 at 20:10 -0700:
internal computers (W95) telnet via a Checkpoint client software to a VPN server on the internet.
Is that useing IPSec?
not connect to allow the telnet session to start. I went around the firewall and all connect just fine. Any suggestions?
Did you opened protocol=50? (IP-protocol 50! not port 50 or somthing, but protocol!). Use all reject/deny rules with --log and check syslog (/var/log/messages) for the packets that get rejected/denied, and you know what you missed ;) oki, Steffen -- Dieses Schreiben wurde maschinell erstellt, es trägt daher weder Unterschrift noch Siegel.
Morning Steffen, Morning Eldon.
From reading the docs on VPN-1 I assume it is using some sort of IPSec. There is a How-To including a background plus the config. I did it a couple of times and it really works. However, when you try to connect over almost the whole world. Lets say from a client in Germany to a VPN server behind a firewall in California, this is unreliable to nearly not working.
here is the URI: http://www.linuxdoc.org/HOWTO/VPN-Masquerade-HOWTO.html Oh, yes: You might not be able to use the standard SuSE firewall wrapper since it is tailored for the most common scenarios only... Again, look at the How-To it is pretty detailed on this. good luck, let me know if you have questions... marco Steffen Dettmer wrote:
* Eldon Berg wrote on Mon, Oct 09, 2000 at 20:10 -0700:
internal computers (W95) telnet via a Checkpoint client software to a VPN server on the internet.
Is that useing IPSec?
not connect to allow the telnet session to start. I went around the firewall and all connect just fine. Any suggestions?
Did you opened protocol=50? (IP-protocol 50! not port 50 or somthing, but protocol!). Use all reject/deny rules with --log and check syslog (/var/log/messages) for the packets that get rejected/denied, and you know what you missed ;)
oki,
Steffen
-- Dieses Schreiben wurde maschinell erstellt, es trägt daher weder Unterschrift noch Siegel.
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
participants (3)
-
Eldon Berg -
Marco Heuer -
Steffen Dettmer