Mailinglist Archive: opensuse-security (511 mails)
| < Previous | Next > |
Re:[suse-security]RE:Can't connect hosts behind firewall
- From: maf king <maf@xxxxxxxxxxxxxx>
- Date: Mon, 20 Aug 2001 11:21:19 +0100
- Message-id: <20010820112119.E10683@carrie>
Hi Christoph,
On 2001.08.20 10:31:35 +0100 Christoph Egger wrote:
> On Monday, 20. August 2001 10:55, maf@xxxxxxxxxxxxxx wrote:
> > Hi Christoph,
> >
>From your logfile:
> Aug 20 11:39:06 ipseca kernel: Packet log: input ACCEPT eth0 PROTO=1
> 10.0.1.1:8 192.168.2.1:0 L=60 S=0x00 I=5606 F=0x0000 T=128 (#11)
> Aug 20 11:39:06 ipseca kernel: Packet log: input ACCEPT eth1 PROTO=50
> 62.180.107.60:65535 62.180.107.61:65535 L=112 S=0x00 I=45938 F=0x0000
> T=64 (#32)
> Aug 20 11:39:06 ipseca kernel: Packet log: input DENY ipsec0 PROTO=1
> 192.168.2.1:0 10.0.1.1:0 L=60 S=0x10 I=62222 F=0x0000 T=254 (#59)
Looks like the interface ipsec0 is being DENYed by default. Try inserting
a couple of rules in your firewall :
INPUT : allow everything from interface ipsec0
OUTPUT : allow everything to ipsec0
Maybe you also need to do the routed patches I suggested earlier?
Maybe SuSE firewall config needs something like
FW_DEV_WORLD = eth1, ipsec0 <---- Will this work???
Hopefully someone who knows if you can do this with SuSE firewall 4.9 will
answer here...
HTH,
Maf.
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Maf. King
Standby Exhibition Services
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"It is easier to do a job right than to explain why you didn't."
- Martin Van Buren
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| < Previous | Next > |