[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: AW: [suse-security] IP Tunnel in only one direction possible

To: p.uebing@xxxxxxxxxxxxxxxxxxxxxx
Subject: Re: AW: [suse-security] IP Tunnel in only one direction possible
From: Thomas Kerkau <Thomas.Kerkau@xxxxxxxxxxxxxxx>
Date: Wed, 23 Apr 2003 11:35:05 +0200
Cc: suse-security@xxxxxxxx
Delivered-to: mailing list suse-security@xxxxxxxx
Delivery-date: Wed, 23 Apr 2003 11:35:31 +0200
Envelope-to: suse@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
List-help: <mailto:suse-security-help@suse.com>
List-post: <mailto:suse-security@suse.com>
List-subscribe: <mailto:suse-security-subscribe@suse.com>
List-unsubscribe: <mailto:suse-security-unsubscribe-suse=archive.cert.uni-stuttgart.de@suse.com>
Mailing-list: contact suse-security-help@xxxxxxxx; run by ezmlm
Organization: interactive Objects Software GmbH
References: <61BADF0B7A77D5119FD300B0D0D602320EAEB8@xxxxxxxxxxxxxxxxxxxxxxxxxxx>

Hi Peter,

something came to my mind as I read the mail from Ray: maybe its in your
MASQ/SNAT rules on GW2. I guess you use Masquerading for outgoing trafic
from NET2? In this case you should exclude traffic to 192.168.0.0/16
from this rule.

I dont use SuSEFirewall, but the shellcommand for SNAT is something
like:

iptables -t nat -I POSTROUTING -s $ownnet -d ! 192.168.0.0/16  -j SNAT
--to-source $badIP

where $ownnet is my internal (something like 192.168.22.0/24) and $badIP
is the external IP of the FW.

Greetings, Thomas 

--
www.ArcStyler.com - the Architectural IDE for MDA:J2EE/.NET/EAI
  -> CyberOne Award
  -> Winner Crossroads A-List Award USA
  -> IBM Solution Excellence Award winner for Hot Java Solution
  -> European Information Society Technologies Prize Winner
  -> Made with ArcStyler: http://www.io-software.com/customers
  -> OMG Press, John Wiley 2002 www.ConvergentArchitecture.com

----- < iO > ---------------------------------------------------------
Interactive Objects Software GmbH
mailto:Thomas.Kerkau@xxxxxxxxxxxxxxx
http://www.io-software.com
Basler Strasse 65, D-79100 Freiburg, Germany
Tel: [+49]-761-40073-0, Fax: [+49]-761-40073-73
----------------------------------------------------------------------

-- 
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here

Prev by Date: Re: [suse-security] ver7.2 server was hacked - pls help
Next by Date: Re: [suse-security] IP Tunnel in only one direction possible
Previous by thread: Re: [suse-security] ver7.2 server was hacked - pls help
Next by thread: [suse-security] WebLog entry
Index(es):
- Date
- Thread