Mailinglist Archive: opensuse-security (88 mails)

< Previous Next >
Re: [suse-security] VPN and SuSEfirewall2
  • From: Ludwig Nussel <ludwig.nussel@xxxxxxx>
  • Date: Thu, 27 Apr 2006 09:12:54 +0200
  • Message-id: <20060427071254.GA16610@xxxxxxx>
Jonathan Baxter wrote:
> [...]
> But nothing works from left-to right; neither the SuSE router box itself, nor

The router itself cannot reach the subnet on the other side if you
use it's external IP as source. You'd need a second tunnel for that.

> from any machines on the subnet behind it can see any machines on
> the subnet at the other end of the tunnel.
> [...]
> I am running SuSEfirewall2 on the SuSE router. I have explicitly enabled
> forwarding between the two subnets by setting FW_FORWARD
> in /etc/sysconfig/SuSEfirewall2:
> FW_FORWARD=",,,,ipsec \

Looks correct.

> I have explicitly disabled NAT of packets between the two subnets by adding
> the following line to the fw_custom_before_port_handling() section
> of /etc/sysconfig/scripts/SuSEfirewall2-custom:
> iptables -t nat -A POSTROUTING -o eth2 -s -d \!

Packets to do not match that rule and fall
through to the rule SuSEfirewall2 creates I guess.



(o_ Ludwig Nussel
//\ SUSE LINUX Products GmbH, Development

< Previous Next >