Mailinglist Archive: opensuse-security (421 mails)
| < Previous | Next > |
AW: [suse-security] Ipsec + firewall
- From: "Schulz, Wolfgang" <W.Schulz@xxxxxx>
- Date: Wed, 20 Jun 2001 10:22:12 +0200
- Message-id: <312B2118801AD411A3C000508B303073118760@xxxxxxxxxxxx>
Thanks for your help!
One more question regarding our configuration:
I forgot to mention that we have in the internal nets private addresses
which are masqueraded at the firewall. Due to different reasons we need the
the masquerading (no way to use proxies).
Is there any way to use masquerading and ipsec on the same gateway
(firewall)?
If this is not possible with ipsec - is this maybe possible with cipe (I
only know the name till now).
Thanks
Wolfgang
> -----Ursprüngliche Nachricht-----
> Von: Tobias Gewinner [mailto:gewinner@xxxxxx]
> Gesendet: Dienstag, 19. Juni 2001 23:24
> An: Schulz, Wolfgang
> Cc: suse-security@xxxxxxxx
> Betreff: Re: [suse-security] Ipsec + firewall
>
>
> On Tue, Jun 19, 2001 at 05:55:09PM +0200, Schulz, Wolfgang wrote:
> > Hi list!
> >
> > As soon as we start the firewall script (Version 4.1) ipsec
> doesn't work
> > anymore.
>
> I remember having the same problem in the past. AFAIK the
> firewalls must
> accept incoming requests from the outside on port 500/UDP. Also the
> firewall doesn't know the net behind his partner, so any input from
> these IPs to the internal net is denied.
>
> I remember that I set the following ipchains rules (or something like
> that) manually on both machines:
>
> On firewall A this (may have) looked like
>
> ipchains -I forward -b -s [local net B] -d [local net A] -j ACCEPT
> ipchains -I input -b -s [local net B] -d [local net A] -j ACCEPT
> ipchains -I output -b -s [local net B] -d [local net A] -j ACCEPT
>
> and on firewall B you must swap the networks, of course ;-)
>
> After that it worked fine for me. I think you can set these rules
> in /etc/rc.config.de/firewall-custom.rc.config
>
> Greetings!
> --
> -----------------------------------------------------------------
> Tobias Gewinner <gewinner@xxxxxx>
> Fachinformatiker i.A. TMT InterNETworks GmbH
> Phone: +49921560716-0 Maxstrasse 4
> Fax: +49921560716-18 D-95444 Bayreuth
> -----------------------------------------------------------------
>
One more question regarding our configuration:
I forgot to mention that we have in the internal nets private addresses
which are masqueraded at the firewall. Due to different reasons we need the
the masquerading (no way to use proxies).
Is there any way to use masquerading and ipsec on the same gateway
(firewall)?
If this is not possible with ipsec - is this maybe possible with cipe (I
only know the name till now).
Thanks
Wolfgang
> -----Ursprüngliche Nachricht-----
> Von: Tobias Gewinner [mailto:gewinner@xxxxxx]
> Gesendet: Dienstag, 19. Juni 2001 23:24
> An: Schulz, Wolfgang
> Cc: suse-security@xxxxxxxx
> Betreff: Re: [suse-security] Ipsec + firewall
>
>
> On Tue, Jun 19, 2001 at 05:55:09PM +0200, Schulz, Wolfgang wrote:
> > Hi list!
> >
> > As soon as we start the firewall script (Version 4.1) ipsec
> doesn't work
> > anymore.
>
> I remember having the same problem in the past. AFAIK the
> firewalls must
> accept incoming requests from the outside on port 500/UDP. Also the
> firewall doesn't know the net behind his partner, so any input from
> these IPs to the internal net is denied.
>
> I remember that I set the following ipchains rules (or something like
> that) manually on both machines:
>
> On firewall A this (may have) looked like
>
> ipchains -I forward -b -s [local net B] -d [local net A] -j ACCEPT
> ipchains -I input -b -s [local net B] -d [local net A] -j ACCEPT
> ipchains -I output -b -s [local net B] -d [local net A] -j ACCEPT
>
> and on firewall B you must swap the networks, of course ;-)
>
> After that it worked fine for me. I think you can set these rules
> in /etc/rc.config.de/firewall-custom.rc.config
>
> Greetings!
> --
> -----------------------------------------------------------------
> Tobias Gewinner <gewinner@xxxxxx>
> Fachinformatiker i.A. TMT InterNETworks GmbH
> Phone: +49921560716-0 Maxstrasse 4
> Fax: +49921560716-18 D-95444 Bayreuth
> -----------------------------------------------------------------
>
| < Previous | Next > |