Mailinglist Archive: opensuse-security (375 mails)

< Previous Next >
Re: [suse-security] VPN masquerading
  • From: "Alexander Gretha" <alexander.gretha@xxxxxxxxxxx>
  • Date: Tue, 10 Sep 2002 16:11:23 +0200
  • Message-id: <000e01c258d3$f255acc0$7000a8c0@xxxxxxxxxx>
thanks for your help, but as far as i see these settings are for a vpn
endpoint *at* the firewall (firewall == vpn server, otherwise i wouldn't
have an ipsec0 interface (or am i missing something)). what i try to achieve
is forward the vpn to a masqueraded server (i.e. a server with a private ip
address). the variant vpn server == firewall would work, but sadly is not an
option for our configuration.

thanks anyway
alex


----- Original Message -----
From: "GentooRulez" <paranoiac_user@xxxxxxxxxx>
To: <suse-security@xxxxxxxx>; ""Alexander Gretha""
<alexander.gretha@xxxxxxxxxxx>
Sent: Tuesday, September 10, 2002 3:48 PM
Subject: Re: [suse-security] VPN masquerading


> >i have read lots of newsgroups and howto's and until now have not found a
> >definitive answer to the question:
> >how do i forward the necessary protocols (not the ports, for pptp or
ipsec)
> >to a masqueraded
>
> Port 500 UDP, Protocol 50,51 for freeswan
>
> >vpn server, or is is possible at all using susefirewall2 and iptables?
> >most people seem to agree that it is indeed possible using iptables
without
> >susefirewall2,
>
> of course, its just a script and you could write your own !
>
> >but event then i have not found a working solution up to now.
> >if anybody knows a patch for the susefirewall2 script or the necessary
> rules
> >to put in the custom script which is called at the end of the config
file,
> >please help me out. anything that works is appreciated...
>
> You sound a little desperate. Dont do !
>
> edit /etc/rc.config.d/firewall2.rc.config
>
> snip
> ---
> FW_DEV_INT="eth0 ipsec0"
> FW_ROUTE="yes"
> FW_ALLOW_CLASS_ROUTING="yes"
> ---
> snap
>
> and to prevent masquerading
>
> snip
> ----
> # 19.)
> # Say yes, if you use IPSEC
> # Defaults to "no"
> #
> FW_IPSEC="yes"
> #
> # 20.)
> # IPSEC device
> #
> FW_DEV_IPSEC="ipsec0"
>
> # 21.)
> # local/remote network
> # masquerading is disabled through the tunnel automatically,
> # if you enabled it above
> #
> FW_IPSEC_LOCALNET="192.168.x.x/24"
> FW_IPSEC_REMOTENET="192.168.x.x/24"
> ----
> snap
>
> The resource 4 latest script version is:
>
> http://www.suse.com/~marc/SuSEfirewall2-2.1.tar.gz
>
> Hope that helps
>
> Yours
>
> Michael
>
>
>
> --
> Check the headers for your unsubscription address
> For additional commands, e-mail: suse-security-help@xxxxxxxx
> Security-related bug reports go to security@xxxxxxx, not here
>


< Previous Next >
References