it just might help if you could provide the routing table from the firewall/gateway as well. or test this: if you just for a test disable the firewall and reenable the routing, does the connection to citrix work or not?
also, for clarification, port611 is citrix?
plus one hint, it might help if you use tcpdump on the firewall to see if any citrix paqckets go to the remote office, and if they get an answer.
Miguel Albuquerque wrote:A company wants to use it's SuSE Linux PC to access the internet via an
ADSL router but wants the clients PC not reacheable from outside. The
firewall provides no services whatsoever from outside the local area
network. To inside network it provides an dhcp server. Plus, they need
to access Remote LAN Servers using Citrix, IKA and Oracle. Most of the
clients (win 98) are unable to connect to internet and then switch to
Citrix or whatever without rebooting.
The picture:
internet
�
�
ppp0
10.17.4.1
�
�
SuSEfirewall2 (8.0)
10.17.4.2 ----------------------------- Remote Office
� VAX: 10.17.16.1 (local)
�
GW1: 10.17.2.1 � GW2: 10.1.2.1
�
GW3: 10.192.2.10
�
�
LAN
(was 10.17.20.0)
192.168.0.0/24
By reasons that I ignore, the folks at other side complain, if LAN and
the DSL's internal IP are in the same subnet (it masquerades the public IP).
I configured the FW:
FW_DEV_EXT="ppp0 eth0"
FW_DEV_INT="eth1"
FW_ROUTE="yes"
FW_MASQUERADE="yes"
FW_MASQ_NETS="192.168.0.0/24, 10.0.0.0/16 10.0.0.0/16, 192.168.0.1/24"
FW_REDIRECT="192.168.0.0/24,10.17.2.1,tcp,611,611,192.168.0.0/24,10.17.2.1,udp,161,161,
192.168.0.0/24,10.17.16.1,tcp,23,23"
What is wrong? Internet connection works fine, but none to the Remote
Office.
One more info: the gateways listed above are in a Cisco. I've listened
some complains to connect SFW2 with a Cisco Router.
Any help will be welcome!
--
<>
.-. e-SecureNet
/v\ We Run SuSE Project Manager
// \\ *The LINUX Experts* c/o Miguel Albuquerque
/( )\ Av. Miremont 46
^^-^^ 1202 - GE, SWITZERLAND
Tel: +41 (22) 782 5344 Fax: +41 (22) 782 5348
mailto:mfoacs@e-securenet.ch http://www.e-securenet.ch
_____________________________________________________________
--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@suse.com
Security-related bug reports go to security@suse.de, not here
Mit freundlichen Gruessen
Patrick Thempel
mail:patrick_thempel@yahoo.com
---------------------------------
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now