thanks for your help, but as far as i see these settings are for a vpn
endpoint *at* the firewall (firewall == vpn server, otherwise i wouldn't
have an ipsec0 interface (or am i missing something)). what i try to achieve
is forward the vpn to a masqueraded server (i.e. a server with a private ip
address). the variant vpn server == firewall would work, but sadly is not an
option for our configuration.
thanks anyway
alex
----- Original Message -----
From: "GentooRulez"
i have read lots of newsgroups and howto's and until now have not found a definitive answer to the question: how do i forward the necessary protocols (not the ports, for pptp or ipsec) to a masqueraded
Port 500 UDP, Protocol 50,51 for freeswan
vpn server, or is is possible at all using susefirewall2 and iptables? most people seem to agree that it is indeed possible using iptables without susefirewall2,
of course, its just a script and you could write your own !
but event then i have not found a working solution up to now. if anybody knows a patch for the susefirewall2 script or the necessary rules to put in the custom script which is called at the end of the config file, please help me out. anything that works is appreciated...
You sound a little desperate. Dont do !
edit /etc/rc.config.d/firewall2.rc.config
snip --- FW_DEV_INT="eth0 ipsec0" FW_ROUTE="yes" FW_ALLOW_CLASS_ROUTING="yes" --- snap
and to prevent masquerading
snip ---- # 19.) # Say yes, if you use IPSEC # Defaults to "no" # FW_IPSEC="yes" # # 20.) # IPSEC device # FW_DEV_IPSEC="ipsec0"
# 21.) # local/remote network # masquerading is disabled through the tunnel automatically, # if you enabled it above # FW_IPSEC_LOCALNET="192.168.x.x/24" FW_IPSEC_REMOTENET="192.168.x.x/24" ---- snap
The resource 4 latest script version is:
http://www.suse.com/~marc/SuSEfirewall2-2.1.tar.gz
Hope that helps
Yours
Michael
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here