Mailinglist Archive: opensuse-security (409 mails)
| < Previous | Next > |
SuSEfirewall & IPSEC
- From: "Patrick Schneider" <newsletter@xxxxxxxx>
- Date: Wed, 21 Aug 2002 13:28:56 +0200
- Message-id: <001801c24905$f0be9080$0b01a8c0@alex>
Hi list!
I have the following setup:
MASQ'ed Network --- SuSE firewall --- the Internet.
The firewall is running fine since two years.
I now want to open ports with the script (SuSE Firewall) to route a VPN
tunnel
through the firewall (from inside to a server in the internet).
I need UDP Port 500 and 47/ip (GRE) or 50/ip (ESP) data channel traffic
The following switch is for masquerading:
---snipp---
# Choice: leave empty or any number of hosts/networks seperated by a
space.
# Every host/network may get a list of allowed services, otherwise
everything
# is allowed. A protocol and service is appended by a comma to the
host/network.
# e.g. "10.0.0.0/8" allows the whole 10.0.0.0 network with unrestricted
access
# "10.0.1.0/24,tcp,80 10.0.1.0/24,tcp,21" allows the 10.0.1.0 network to
use
# www/ftp to the internet. "10.0.1.0/24,tcp,1024:65535 10.0.2.0/24" is
OK too.
# You may NOT set this variable to "0/0" !
#
FW_MASQ_NETS=""
---snap---
I can use here protocols tcp,udp and icmp , but I can NOT use "IP" as
protocol.
Where can I setup, that the IP Protocols get routed through the
firewall,
or do I need additional modules ?
Bye,
Patrick
I have the following setup:
MASQ'ed Network --- SuSE firewall --- the Internet.
The firewall is running fine since two years.
I now want to open ports with the script (SuSE Firewall) to route a VPN
tunnel
through the firewall (from inside to a server in the internet).
I need UDP Port 500 and 47/ip (GRE) or 50/ip (ESP) data channel traffic
The following switch is for masquerading:
---snipp---
# Choice: leave empty or any number of hosts/networks seperated by a
space.
# Every host/network may get a list of allowed services, otherwise
everything
# is allowed. A protocol and service is appended by a comma to the
host/network.
# e.g. "10.0.0.0/8" allows the whole 10.0.0.0 network with unrestricted
access
# "10.0.1.0/24,tcp,80 10.0.1.0/24,tcp,21" allows the 10.0.1.0 network to
use
# www/ftp to the internet. "10.0.1.0/24,tcp,1024:65535 10.0.2.0/24" is
OK too.
# You may NOT set this variable to "0/0" !
#
FW_MASQ_NETS=""
---snap---
I can use here protocols tcp,udp and icmp , but I can NOT use "IP" as
protocol.
Where can I setup, that the IP Protocols get routed through the
firewall,
or do I need additional modules ?
Bye,
Patrick
| < Previous | Next > |