Mailinglist Archive: opensuse-security (394 mails)

< Previous Next >
RE: [suse-security] IPTables and GRE Packets
  • From: "Peer Stefan" <stefan.peer@xxxxxxxx>
  • Date: Mon, 1 Dec 2003 17:15:21 +0100
  • Message-id: <01B66D0A11EB3E439676C0EAA891D89F0EE713@xxxxxxxxxxxxxxx>
> From: Drew J. Como [mailto:dcomo@xxxxxxxxxx]
> All,
> I am having a problem that I hope someone could shed
> some light on. I have a machine running 3COM VPN software
> behind a SuSE 7.3 system running the 2.4.20 kernel.
> I am having a problem writing the appropriate rules that
> will allow this machine to talk to a VPN server that is sitting
> on the outside world.
> I know I have to write a protocol 47 rule, but am not sure
> the exact syntax.
> I tried the following:
> iptables -A FORWARD -i eth0 -o eth1 -p 47 -j ACCEPT

Shouldn't that read
iptables -A INPUT -i eth0 -p 47 -j ACCEPT
iptables -A FORWARD -i eth0 -o eth1 -p 47 -j ACCEPT
iptables -A OUTPUT -o eth1 -p 47 -j ACCEPT
And what about replies? I would not use -i for such a rule, I'd rather use --source and --destination
Could you give some more details about your rules? Maybe the connection gets denied by an other rule.

> However, running a tcpdump while trying the connection shows:
> > icmp: x.x.x.x protocol 47 port
> 34827 unreachable
> (x.x.x.x = outside address)
> Do I need to add additional support rules, or is my syntax just
> incorrect?
> Any assistance that can be offered is greatly appreciated.
> Drew


< Previous Next >