Mailinglist Archive: opensuse-security (359 mails)

< Previous Next >
Re: [suse-security] SuSEfirewall2 & MS/VPN
  • From: Sven 'Darkman' Michels <sven@xxxxxxxxxx>
  • Date: Fri, 25 Jul 2003 19:14:50 +0200
  • Message-id: <3F21658A.3090907@xxxxxxxxxx>
Andy Bennett wrote:
Hi,

No. Briefly, I have come into the middle of a situation where a someone else has set up a system for a friend of mine in such a way that his MS VPN box is directly connected to the internet alongside his SuSEfirewall2 like this

Internet
|
Exterior router
| |
SuSEfirewall MS/VPN

My first thouht was that the guy had gone mad but then it occurred to me that maybe he knows something I don't. In any event I thought I'd ask here first.

I thought it should be possible to simply put something like

FW_FORWARD="0/0,192.168.1.2,tcp,1723

as Jorn Ott suggested to forward connections directly to the MS VPN machine and let it handle everything but, like I said, am I missing something?

As with ipsec etc. you cannot simply edit the packages (like NAT will
do). So you cannot forward the connection i would guess. For your setup
you will need to put the win maschine in Front of the firewall or setup
the firewall itself as a PPTP Server (or if you need, as client). For
PPTP from inside -> outside some masq modules exist (at least for Kernel
2.2.x, dunno if it's ported to 2.4 right now). Maybe such a masq modul
would help for your forwarding problem, but i don't think so ;)

HTH,
Sven


< Previous Next >