Hi Christoph, On 2001.08.20 08:29:39 +0100 Christoph Egger wrote:
Further the routed is somehow blocked by the firewall:
.... Kernel log: input DENY eth0 PROTO=17 10.0.1.0:520 10.0.1.255:520 L=52 S=0x00 I=0 F=0x4000 T=64 (#4) .... Kernel log: input DENY eth1 PROTO=17 62.180.107.61:520 62.180.107.63:520 S=0x00 I=0 F=0x4000 T=64 (#5)
Shutting the firewall down, routed says:
re-installing interface eth0 re-installing interface eth1
and pinging, DNS, SMB, etc. between the two subnets works perfect.
--------------------------------------------------------------------------- -------
What do you think, might be the problem?
Well, at least we know the tunnel works - the problem is something to do with the firewall. I assume the interfaces 62.180.107.6[1,3] are the public addresses of the gateways Since you are getting routed packets blocked, try: 1. Poke a hole in the FW for UDP port 520 - you can always tweak it later to make it more secure. 2. kill routed and test some static routes. If that still doesn't help, put everything back to 'normal' and grab the FW logs from a failed ping through the tunnel. Feel free to post them directly to me if you don't want to post them to the list.
Hm... no answer to my problem yet. Seems that doesn't help. So here my SuSE 7.2 firewall (version 4.9) configuration in /etc/rc.config.d/firewall.rc.config
Sorry, I have always rolled my own fw scripts - I have never looked at the docs for the SuSE fw package. HTH Maf.
-- CU, Christoph
-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Maf. King Standby Exhibition Services ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "It is easier to do a job right than to explain why you didn't." - Martin Van Buren ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~