Ok, thanks! But I think with kernel 2.2.18 (and so ipchains, not iptables!) there might be a problem with protocoll 47 ?! And do I really not need INPUT and OUTPUT chains (this is with ipchains a little bit different as with iptables)? Bye, Patrick Ofner -----Original Message----- From: Alex Bartl [mailto:alex@bartl.net] Sent: Montag, 18. November 2002 03:28 To: Patrick Ofner; suse-security@suse.com Subject: AW: [suse-security] allow VPN (pp2p) through firewall iptables -p 47 -A FORWARD -s 0/0 -d xx.xx.xx.xx -j ACCEPT iptables -p 47 -A FORWARD -s xx.xx.xx.xx -d 0/0 -j ACCEPT iptables -p 6 -A FORWARD -s 0/0 -d xx.xx.xx.xx --destination-port 1723 -j ACCEPT iptables -p 6 -A FORWARD -s xx.xx.xx.xx --source-port 1723 -d 0/0 -j ACCEPT should be fine, whereas xx.xx.xx.xx is the VPN Server, behind your firewall. Make sure, you have no blocking rules which might capture those packages before reaching these rules, or use -I (insert) instead of -A (append). - mfg Alex Bartl Computer ALEX Bartl OEG AB1518-RIPE (whois.ripe.net) AB527363-NICAT (whois.nic.at) AB2092 (whois.networksolutions.com) *********************************** Hamerlingstrasse 2/201 4020 Linz http://www.bartl.net

-----Ursprungliche Nachricht----- Von: Patrick Ofner [mailto:ofner_pa@koeflach-tv.at] Gesendet: Samstag, 16. November 2002 14:25 An: suse-security@suse.com Betreff: [suse-security] allow VPN (pp2p) through firewall

Hi,

I want to connect two windows boxes through a vpn (pp2p), but between them there is a Linux firewall (kernel 2.2.18 , ipchains). What rules must i create?