SuSEfirewall2 + M$ vpn server

4 Nov 2002


      Good night,

            I was presented to the SuSE Linux 8.0 for a friend who was in Germany, I very liked it system firewall of it, and am trying to  implement a system with VPN through the Firewall Suse, being placed a server VPN after firewall SuSE, using 3 ethenets, for the best agreement, am sending an archive in annex with my problem and that I am receiving a message affirming that my server VPN this not answering.

             I am trying to make to carry through one vpn pair a server MS win 2000 server, that is for backwards of the Firewall Suse, For this I configured a ETH DMZ, and I liberated ports 1700:1800 for the connection for my server vpn that this with false IP 192.168.1.2 When I try to make one vpn, firewall makes the reverse of masks of the real IP for the false IP, in the requested ports 1723, it arrives to check user and password more informs that my server vpn is not answering, if I to place server VPN it are of firewall it functions total.  

            If it was possible, it would like that the gentlemen vpn indicated me a form to configure one using SuSEfirewall, and which ports and the protocols that are used in this type of configuration

Messages
Nov 4 15:10:04 fwpro kernel: SuSE-FW-ACCEPT-REVERSE_MASQ IN=eth2 OUT=eth1 SRC=200.xxx.xxx.xxx DST=192.168.1.2 LEN=48 TOS=0x00 PREC=0x00 TTL=125 ID=40058 DF PROTO=TCP SPT=1320 DPT=1723 WINDOW=64240 RES=0x00 SYN URGP=0 OPT (020405B401010402)

FW description

FW_SERVICES_EXT_TCP="pptp 1723 500 53 ssh"
FW_SERVICES_EXT_UDP="42:500 1024:5000"
# For VPN/Routing which END at the firewall!!
FW_SERVICES_EXT_IP="47 50 51 gre"

FW_SERVICES_DMZ_TCP="pptp 53 500 1723:1800 5800 5900"
FW_SERVICES_DMZ_UDP="53 500 1024:5000 5900"
# For VPN/Routing which END at the firewall!!
FW_SERVICES_DMZ_IP="47 50 51"
                                        

FW_FORWARD="200.249.140.60,192.168.1.2 192.168.1.2,200.249.140.60"


FW_FORWARD_MASQ="0/0,192.168.1.2,tcp,500 0/0,192.168.1.2,tcp,1723 0/0,192.168.1.2,tcp,5900 0/0,192.168.1.2,tcp,3389 0/0,192.168.1.2,udp,500"


                                           |--------ETH0(DMZ 192.168.1.1)---------ETH1(M$ VPN SERVER)--ETH0(INTERNAL LAN 10.10.40.251) RANGE 10.10.40.252-254
                                           |                                                                                                |
Internet-------------------ETH2(Suse8.0(SuSEfirewall2))                                                                  |
                                           |                                                                                                |
                                           |----------ETH1(Internal lan10.10.40.250)                                         |
                                                                                                |                                           |
                                                                                                |                                           |
                                                                                               SWicth ---------------------------------|        
                                                                                                |
                                                                                                |Internal lan


[]'s
Fabio Sena

Fabio Sena

tags

participants (1)