On Sat, Jan 16, 2016 at 06:06:46PM +0800, Marguerite Su wrote:
Hi,
I packaged ocserv in network:vpn and I wanted to submit it to Factory.
Dominique suggests me to raise this topic.
I wrote the instruction in README.SUSE before:
#### Shutdown SUSEFirewall2 through YaST
Because I don't know how to convert iptables rules to SUSEFirewall2 ones. If you can help me, please fork this package and submit back.
#### Set iptables rules
sudo /sbin/iptables -A INPUT -p tcp --dport 9000 -j ACCEPT sudo /sbin/iptables -A INPUT -p udp --dport 9001 -j ACCEPT sudo /sbin/iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o eth0 -j MASQUERADE sudo /sbin/iptables -A FORWARD -s 192.168.1.0/24 -j ACCEPT
The 9000/9001 ports, IP range 192.168.1.0/24 are default ones, you can change them in /etc/ocserv/ocserv.conf
Warning: Your eth0 may not exist, you can ifconfig -a to find yours.
#### Enable IP forward
sudo echo 1 > /proc/sys/net/ipv4/ip_forward
It doesn't live after reboot.
=====================================================
How can I achieve the same result without shutting SuSEFirewall2 down?
Any documentation I can learn from?
Opening ports ... easy FW_SERVICES_EXT_TCP="" FW_SERVICES_EXT_UDP="" Or better, write a service file. /etc/sysconfig/SuSEfirewall2.d/services/ocserv TCP="9000" UDP="9001" and then you an enable the service with FW_CONFIGURATIONS_EXT="ocserv" j The masquerading ... is this really intended this way as I pretty much doubt that that everyone has this kind of network layout. FW_ROUTE="yes" FW_MASQUERADE="yes" will masquerade the internal network zone towards the external network zone. Ciao, Marcus -- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-packaging+owner@opensuse.org