Hints for Frees/WAN on SuSEFirewall2-protected systems?
Hi, i got two suse 8.0 systems. Frees/WAN up and running, as far as i can say. in /var/log/messages i see something that looks like a sucessful handshake, and after that the systems have the proper routing tables. Now, how do i tweak SuSEfirewall2 to make the tunnel actually work? Subnet behind box1: 192.168.238.0/24 Subnet behind box2: 192.168.237.0/24 Connectivity in both cases: eth0 points to internal net, ipsec0 (via pppß which is DSL over eth1) is the tunnel. What do i put where in /etc/sysconfig/SuSEfirewall to make the tunnel work? bye, MH -- Die unaufgeforderte Zusendung einer Werbemail an Privatleute verstößt gegen §1 UWG und 823 I BGB (Beschluß des LG Berlin vom 2.8.1998 Az: 16 O 201/98). Jede kommerzielle Nutzung der übermittelten persönlichen Daten sowie deren Weitergabe an Dritte ist ausdrücklich untersagt! gpg key fingerprint: 5F64 4C92 9B77 DE37 D184 C5F9 B013 44E7 27BD 763C
Hi Matthias,
What do i put where in /etc/sysconfig/SuSEfirewall to make the tunnel work?
# For VPN/Routing which END at the firewall!! FW_SERVICES_EXT_IP="50" And of course in /etc/ipsec.conf: leftupdown=/usr/lib/ipsec/_updown.x509 (rightupdown) or similar script to set the right iptables rules after ipsec start. Frank
Am Mittwoch, 10. Dezember 2003 13:36 schrieb Frank Stuehmer:
leftupdown=/usr/lib/ipsec/_updown.x509 (rightupdown) or similar script to set the right iptables rules after ipsec start.
and those "right iptables rules" are which? besides, I have no such file _updown.x509. bye, MH
Hello, Am Mittwoch, 10. Dezember 2003 13:50 schrieb Mathias Homann:
Am Mittwoch, 10. Dezember 2003 13:36 schrieb Frank Stuehmer:
leftupdown=/usr/lib/ipsec/_updown.x509 [...]
and those "right iptables rules" are which? besides, I have no such file _updown.x509.
pin _updown.x509 ;-) Since SuSE 8.1, this file is part of the freeswan package. Gruß Christian Boltz -- Some gone-crazy stupid laywer filled tags with *PAGES* of license restriction. Overwhelming mass of data made fontlinge_base believe the font to be broken. - increased limits - going to get a gun [Ratti in fontlinge-cvs]
Am Mittwoch, 10. Dezember 2003 22:10 schrieb Christian Boltz:
Hello,
Am Mittwoch, 10. Dezember 2003 13:50 schrieb Mathias Homann:
Am Mittwoch, 10. Dezember 2003 13:36 schrieb Frank Stuehmer:
leftupdown=/usr/lib/ipsec/_updown.x509 [...]
and those "right iptables rules" are which? besides, I have no such file _updown.x509.
pin _updown.x509 ;-)
Since SuSE 8.1, this file is part of the freeswan package.
at start of thread i said that i have suse 8.0 on both systems. whats in that file? bye, MH
Hoping I can help I only saw this thread just now. I have two SuSE 8.0 systems running both FreeSwan and a firewall. I dont use the SuSEFirewall however they are all based on IPTables. If you dont mind re-posing your initial question I can try my best to help.
Hi Mathias,
and those "right iptables rules" are which? besides, I have no such file _updown.x509.
o.k., sample _updown script is part of all freeswan packages, you should insert your own rules there. It's easier to get a ready to use script like _updown.x509. It sets routing and iptables for ipsec connection on the fly. _updown.x509 is part of a x.509 extension, you can found it on http://strongsec.com/freeswan/ I'll send it to you per PM, if you need it. Please contact me. I inserted additional rules, so I don't need any custom rules in SuseFirewall2. Frank
participants (4)
-
Administrator
-
Christian Boltz
-
Frank Stuehmer
-
Mathias Homann