Hi, I'm running SuSE 9.0 with SuSEfirewall2 and poptop. I'm trying to connect from a Windows PPTP client to the Linux box. Connection succeeds (chap authentication ok). However, once connected, I can't PING to any remote host (neither the Linux server nor the PCs behind it, on the remote LAN). I noticed that if I bring SuSEfirewall2 down and I repeat the latter operation, my Windows client can ping the Linux server just fine, but won't ping the hosts behind it probably because forwarding is disabled (? - not really an expert in this). So I guess my problem is that I missed something in the SuSEfirewall2 configuration. Here are my settings: Linux server eth0 has public WAN IP, eth1 has private IP 192.168.1.92. Eth1 links to a switch to which the remote LAN's PCs are connected (all are within the 192.168.1.0 range). Server-side connectivity is OK (I can ping to LAN PCs from within 192.168.1.92). Yast configuration is as follows: * IP forwarding enabled * susefirewall2 config file: FW_QUICKMODE="no" FW_DEV_EXT="eth0 ppp0" FW_DEV_INT="eth1" FW_ROUTE="yes" FW_MASQUERADE="yes" FW_MASQ_DEV="$FW_DEV_EXT" FW_MASQ_NETS="0/0" FW_PROTECT_FROM_INTERNAL="no" FW_AUTOPROTECT_SERVICES="no" FW_SERVICES_EXT_TCP="pptp http https 137" FW_SERVICES_EXT_UDP="137 500" FW_SERVICES_EXT_IP="gre icmp 50 51" FW_SERVICES_DMZ_TCP="" FW_SERVICES_DMZ_UDP="" FW_SERVICES_DMZ_IP="" FW_SERVICES_INT_TCP="137" FW_SERVICES_INT_UDP="137" FW_SERVICES_INT_IP="gre icmp" FW_SERVICES_QUICK_TCP="" FW_SERVICES_QUICK_UDP="" FW_SERVICES_QUICK_IP="" FW_TRUSTED_NETS="" FW_ALLOW_INCOMING_HIGHPORTS_TCP="yes" FW_ALLOW_INCOMING_HIGHPORTS_UDP="yes" FW_SERVICE_AUTODETECT="yes" FW_SERVICE_DNS="no" FW_SERVICE_DHCLIENT="no" FW_SERVICE_DHCPD="no" FW_SERVICE_SQUID="no" FW_SERVICE_SAMBA="no" FW_FORWARD="" FW_FORWARD_MASQ="" FW_REDIRECT="" FW_LOG_DROP_CRIT="yes" FW_LOG_DROP_ALL="no" FW_LOG_ACCEPT_CRIT="yes" FW_LOG_ACCEPT_ALL="no" FW_LOG="--log-level warning --log-tcp-options --log-ip-option --log-prefix SuSE-FW" FW_KERNEL_SECURITY="no" FW_STOP_KEEP_ROUTING_STATE="no" FW_ALLOW_PING_FW="yes" FW_ALLOW_PING_DMZ="yes" FW_ALLOW_PING_EXT="yes"
From Window client I can connect and a fixed IP is assigned: 192.168.1.101. If I try to ping the remote 192.168.1.92 Linux server (for example; or any other PC on the remote LAN) and I check the Linux server's SYSLOG messages, I get:
kernel: SUSE-FW-DROP-ANTI-SPOOF IN=ppp0 OUT=eth1 SRC=192.168.1.101 DST=192.168.1.92 LEN=78 TTL=127 PROTO=UDP SPT=137 DTP=137 LEN=58 So, pinging the Linux server or any host behind it (192.168.1.xxx)from the Windows client doesn't give any response. Any suggestions? Regards, Vieri _______________________________ Do you Yahoo!? Declare Yourself - Register online to vote today! http://vote.yahoo.com