Mailinglist Archive: opensuse-security (359 mails)
| < Previous | Next > |
Re: [suse-security] SuSEfirewall2 & MS/VPN
- From: "Jörn Ott" <suse-security@xxxxxxxxxxxxxx>
- Date: Fri, 25 Jul 2003 17:52:33 +0200 (CEST)
- Message-id: <49456.192.168.200.3.1059148353.squirrel@xxxxxxxxxxxxxxxxxxxxxxxxx>
Hi Andrew,
> Is it possible for an MS/PPTP VPN to go through SuSEfirewall2 using IP
> forwarding in much the same as it is possible to forward connections
> through a SuSEfirewall2 machine to a machine running a web server like
> this:-
>
> FW_FORWARD="0/0,192.168.1.2,tcp,80
pptp uses port 1723 to establish its connection. I did not test forwarding
yet, but my experience with a client using zonealarm on a windoze to do
many nasty things make me believe that a forwarding of port 1723 tcp
should work.
Try FW_FORWARD="0/0,192.168.1.2,tcp,1723
and have a look and the logs :-)
>
> Or does the MS VPN machine need to be accessible from the internet, i.e.
> bypassing the SuSEfirewall machine altogether.
Afaik PPTP only uses port 1723, so you don't need other protocols like GRE
(like IPSEC)
>
> Any help greatly appreciated.
HTH
Jörn Ott
--
------------------------------------------------------------
Jörn Ott Telefon: (0 22 24) 94 08 - 73
EDV Service & Beratung Telefax: (0 22 24) 94 08 -74
Lohfelder Str. 33 E-Mail: mailto:white@xxxxxxxxxxxxxx
53604 Bad Honnef WWW: http://www.ott-service.de/
> Is it possible for an MS/PPTP VPN to go through SuSEfirewall2 using IP
> forwarding in much the same as it is possible to forward connections
> through a SuSEfirewall2 machine to a machine running a web server like
> this:-
>
> FW_FORWARD="0/0,192.168.1.2,tcp,80
pptp uses port 1723 to establish its connection. I did not test forwarding
yet, but my experience with a client using zonealarm on a windoze to do
many nasty things make me believe that a forwarding of port 1723 tcp
should work.
Try FW_FORWARD="0/0,192.168.1.2,tcp,1723
and have a look and the logs :-)
>
> Or does the MS VPN machine need to be accessible from the internet, i.e.
> bypassing the SuSEfirewall machine altogether.
Afaik PPTP only uses port 1723, so you don't need other protocols like GRE
(like IPSEC)
>
> Any help greatly appreciated.
HTH
Jörn Ott
--
------------------------------------------------------------
Jörn Ott Telefon: (0 22 24) 94 08 - 73
EDV Service & Beratung Telefax: (0 22 24) 94 08 -74
Lohfelder Str. 33 E-Mail: mailto:white@xxxxxxxxxxxxxx
53604 Bad Honnef WWW: http://www.ott-service.de/
| < Previous | Next > |