* suse@rio.vg;
Quoting "Kaiser, Hans"
: Hallo list,
I'm using openvpn and SuSEfirewall. Oenvpn is running fine, but my routing won't work. My local network (eth0) is 192.168.1.0/24 My tunnel net (tun1) is 192.168.2.0/24
So I'm trying to route the both nets, but I get for every protocol from the SuSEfirewall: SFW2-FWDint-DROP-DEFLT IN=tun1 OUT=eth0 SRC=192.168.2.1 DST=192.168.1.250 LEN=84 TOS=0x00 PREC=0x00 TTL=63 ID=2 DF PROTO=ICMP TYPE=8 CODE=0 ID=2365 SEQ=3
[snip]
FW_DEV_EXT="ppp0" FW_DEV_INT="eth0 tun1"
As I understand it, SuSE Firewall was designed with the intention of only routing between Internal and External interfaces, not between two that are Internal or two that are External.
Well it can do the routing if you set the following to yes # 23.) # Allow same class routing per default? # REQUIRES: FW_ROUTE # # Do you want to allow routing between interfaces of the same class # (e.g. between all internet interfaces, or all internal network # interfaces) # be default (so without the need setting up FW_FORWARD definitions)? # # Choice: "yes" or "no", defaults to "no" # FW_ALLOW_CLASS_ROUTING="no" -- Togan Muftuoglu | Unofficial SuSE FAQ Maintainer | Please reply to the list; http://susefaq.sf.net | Please don't put me in TO/CC. Nisi defectum, haud refiecendum