Mailinglist Archive: opensuse-security (409 mails)

< Previous Next >
Re: [suse-security] SuSE Firewall2 routing problem
>I set up a firewall/gt/vpn machine with SuSE 8.0 and SuSE Firewall2.
>IPSec works fine, connection established. Connections to ssh and ftp from
>external is ok.
>Now when I try to ping an external address from internal lan (not from this
>machine) I get the following message:
>Aug 1 13:28:22 transfairix kernel: SuSE-FW-UNAUTHORIZED-ROUTING IN=eth1
>OUT=eth0 SRC=10.10.13.152 DST=10.75.0.110 LEN=60 TOS=0x00 PREC=0x00 TTL=127
>D=24367 PROTO=I CMP TYPE=8 CODE=0 ID=1024 SEQ=24093
>Both IPs are located within the VPN subnets for FreeS/WAN.
>Without the firewall it works.
>Whats's wrong with my firewall config?

Assuming you're running freeswan to set up ipsec, should'nt the route to
your vpn subnet
go across ipsecX and not across eth0 ??!!!!!!

route add -net 10.75.0.0 netmask 255.255.0.0 ipsecX

Check netstat -rn for kernel routing table.

As i can recall the thing is called eroute in freeswan. Did you mentioned
the whole subnet
in ipsec.conf or just the hosts??

I'am not shure, but maybe you've to set FW_ALLOW_CLASS_ROUTING="yes"

Yours

Michael




< Previous Next >
This Thread
  • No further messages