hello all,

does anyone have experience with pptpd and suse firewall (ipchains)?

i can connect to the pptpd server but i can not reach the networks behind.

config looks like:

192.168.1.0 -----|router|------|pptpd|-------internet | | | -----192.168.2.0------ | | | -----192.168.3.0------

i connect to the pptpd, get a ip, dns entry and so on.. works fine.. but i dont know how to configure the suse firewall for masq the networks behind.

when i dont load the suse firewall (fw_start="no") i masq the networks

Hello Peter, pptpd works without SuSE fw running.. when i masq the networks. ok.. the ascii graph is a little bit buggy... ;) forget it.. this is the right: -------192.168.1.0/24----[router]----192.168.2.0/24----[pptpd and fw]-------internet | | -------192.168.3.0/24-- | | -------192.168.4.0/24-- i assign the pptpd client this ip range: localip 192.168.2.2 remoteip 192.168.2.100-150 btw. this is running on SuSE Firewall on CD (but its the same as firewall.rc.config) best regards -----Ursprungliche Nachricht----- Von: Peter Nixon [mailto:peter@peternixon.net] Gesendet: Mittwoch, 17. April 2002 03:42 An: webmaster@hackenschmiede.com Betreff: Re: [suse-security] pptpd and suse firewall Hi Mate It has been along time since I playes with pptpd but it looks from your setup that you don't actually need to masq to the pptp client, but rather to forward. First of all I would get it working without SuSE fw running, then try with SuSE fw. btw, you do not say what IP addresses you are assigning to the pptp clients.. What range are you giving them?? Regards Peter On Tue, Apr 16, 2002 at 11:27:15AM +0200, webmaster@hackenschmiede.com wrote: like

this:

cerberus:~ # echo "1" > /proc/sys/net/ipv4/ip_forward cerberus:~ # ipchains -A forward -s 192.168.1.0/24 -d 192.168.1.0/24 -j MASQ cerberus:~ # ipchains -A forward -s 192.168.2.0/24 -d 192.168.1.0/24 -j MASQ cerberus:~ # ipchains -A forward -s 192.168.1.0/24 -d 192.168.2.0/24 -j MASQ cerberus:~ # ipchains -A forward -s 192.168.3.0/24 -d 192.168.1.0/24 -j MASQ cerberus:~ # ipchains -A forward -s 192.168.1.0/24 -d 192.168.3.0/24 -j MASQ

how can i do this with suse firewall?

thanx for your tips and best regards

wr

-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here

-- Peter Nixon mailto:peter@nixon.net Phone: +90 542 8813606 http://www.peternixon.net/ PGP Key: http://www.peternixon.net/public.asc "They that can give up essential liberty to obtain a little temporary safety, deserve neither liberty nor safety." -Benjamin Franklin