Mailinglist Archive: opensuse-security (88 mails)

< Previous Next >
Re: [Fwd: Re: [suse-security] VPN and SuSEfirewall2]
  • From: Jonathan Baxter <jbaxter@xxxxxxxxxxxxx>
  • Date: Thu, 27 Apr 2006 19:12:20 +0930
  • Message-id: <200604271912.20838.jbaxter@xxxxxxxxxxxxx>
I think the issue is almost certainly that the SuSE router is NATing the
packets from the internal network, rather than redirecting down the tunnel.

output of "iptables -t nat --list":

target prot opt source destination
MASQUERADE all -- anywhere anywhere

The first rule says don't masquerade packets headed for, but
the second rule says masquerade everything, which will still match (as Ludwig
pointed out). The first rule is the one I added, I guess the second is the
one SuSE automatically adds based on on the setting of FW_MASQ_NETS.

Problem is, if I set FW_MASQ_NETS to "0/0,!", packets from to seem to get dropped by the firewall before
they get a chance to go down the tunnel.

- Jonathan

< Previous Next >