Hallo, Ludwig Nussel wrote:
Marc Rieber wrote:
I want to connect two networks via openvpn. Each network is
over a suse linux 9.2 router to the internet. On each router i created a tap0 device for the openvpn connection and bridged it to the eth0 device which is the device to the internal network. Everything works fine, but I have problems with the firewall. I can ping router 1 form router 2 and router 2 from router 1. If I try to ping a pc behind router 1 from router 2 and on the other way, it doesn't work. In the log file I get the following message:
SFW2-FWDint-DROP-ICMP-CRIT IN=br0 OUT=br0 PHYSIN=tap0 PHYSOUT=eth0 SRC=192.168.0.1 DST=192.168.1.50 ..........
Broadcasts were also filtered.
Does somebody know how to configure the SuSEFirwall2, that all
connected traffic
from PHYSIN=tap0 to PHYSOUT=eth0 and on the other way with a source address of the internal network can go through the firewall.
SuSEfirewall2 doesn't support forwarding based on interfaces yet, FW_FORWARD only accepts IPs. You'll have to use FW_CUSTOMRULES. Alternatively write a patch for SuSEfirewall2 and send it to me :-)
I don't know very much about iptables, therefore maybe somebody can help me to configure the SuSEFirewall-custom script. I think I must use something like iptables -A FORWARD physdev --physdev-in=tap0 --physdev-out=eth0 -j ACCEPT In which section of the SuSEFirewall-custom script do I have to put the iptbales commands? I have the following configuration for my two networks. Network A has the address range 192.168.1.0/16 and network B has 192.168.0.0/16. I want the DHCP requests filtered and not routed through the bridge, because on each router there is an own dhcp server running. Each other IP traffic coming from network 192.168.0.0/16 should be forwarded from tap0 to eth0. Also all broadcasts should be forwarded because I want to use windows file sharing over the vpn tunnel. Kind regards Marc Rieber