Mailinglist Archive: opensuse-security (343 mails)

< Previous Next >
SuSEfirewall config with pptpd help
  • From: Daniel Nilsson <dnilsson@xxxxxxxxxx>
  • Date: Mon, 16 Jul 2001 20:35:01 -0400
  • Message-id: <3B538835.30605@xxxxxxxxxx>
Hi All,

I have a question regarding the configuration of a SuSEfirewall running pptpd (VPN server).
This is our current configuration:

--------------
--public static IP()-| SuSe Linux |-eth1(192.168.1.1/24)--|
-------------- |
----------
| Switch |
----------
-------------- | | |
| Solaris A |-eth0(192.168.1.2/24)-----| | |
-------------- | |
-------------- | |
| Solaris B |-eth0(192.168.1.3/24)--------| |
-------------- |
----------------- |
| DHCP machines |-eth0(192.168.1.X/24)-----------|
-----------------
The SuSE Linux machine is running the firewall software (SuSEfirewall) as
well as working as a masq server for the internal machines behind the
firewall. I'd like to be able to handle incoming requests to the
firewall from Windows client (or Linux clients running pptp). The key
is to provide access to Solaris machine A but I'd like to be able to
see all machines on the 192.168.1.0 subnet. I have the pptpd package
working and I have the correct prots open on the firewall to handle
VPN connection. My question is though how to assign IP addresses on
the ppp connections that are setup when a VPN connection is active ?
Should both ends be part of 192.168.1.0 or something else ? Second
question is how to enable forwarding of the packets on the pppX
device to the internal network ? I can get traffic through if I
enable all ports in the firewall for TCP_FORWARD and UDP_FORWARD
but I don't understand how to distuinquish between packets from the
ppp0 device that should be forwarded to eth1 compared to packets
from eth0 from the same address (in this case 192.168.3.1) that
I definately don't want forwarded inside the firewall.

Any help appreciated.

Thanks
Daniel Nilsson





< Previous Next >
This Thread
  • No further messages