Mailinglist Archive: opensuse-security (359 mails)
| < Previous | Next > |
Re: [suse-security] SuSEfirewall2 & MS/VPN
- From: Sven 'Darkman' Michels <sven@xxxxxxxxxx>
- Date: Fri, 25 Jul 2003 19:14:50 +0200
- Message-id: <3F21658A.3090907@xxxxxxxxxx>
Andy Bennett wrote:
As with ipsec etc. you cannot simply edit the packages (like NAT will
do). So you cannot forward the connection i would guess. For your setup
you will need to put the win maschine in Front of the firewall or setup
the firewall itself as a PPTP Server (or if you need, as client). For
PPTP from inside -> outside some masq modules exist (at least for Kernel
2.2.x, dunno if it's ported to 2.4 right now). Maybe such a masq modul
would help for your forwarding problem, but i don't think so ;)
HTH,
Sven
Hi,
No. Briefly, I have come into the middle of a situation where a someone else has set up a system for a friend of mine in such a way that his MS VPN box is directly connected to the internet alongside his SuSEfirewall2 like this
Internet
|
Exterior router
| |
SuSEfirewall MS/VPN
My first thouht was that the guy had gone mad but then it occurred to me that maybe he knows something I don't. In any event I thought I'd ask here first.
I thought it should be possible to simply put something like
FW_FORWARD="0/0,192.168.1.2,tcp,1723
as Jorn Ott suggested to forward connections directly to the MS VPN machine and let it handle everything but, like I said, am I missing something?
As with ipsec etc. you cannot simply edit the packages (like NAT will
do). So you cannot forward the connection i would guess. For your setup
you will need to put the win maschine in Front of the firewall or setup
the firewall itself as a PPTP Server (or if you need, as client). For
PPTP from inside -> outside some masq modules exist (at least for Kernel
2.2.x, dunno if it's ported to 2.4 right now). Maybe such a masq modul
would help for your forwarding problem, but i don't think so ;)
HTH,
Sven
| < Previous | Next > |