[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[suse-security] IPTables and GRE Packets

To: <suse-security@xxxxxxxx>
Subject: [suse-security] IPTables and GRE Packets
From: "Drew J. Como" <dcomo@xxxxxxxxxx>
Date: Mon, 1 Dec 2003 10:49:36 -0500
Delivered-to: mailing list suse-security@xxxxxxxx
Delivery-date: Mon, 01 Dec 2003 16:50:24 +0100
Envelope-to: suse@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Importance: Normal
List-help: <mailto:suse-security-help@suse.com>
List-post: <mailto:suse-security@suse.com>
List-subscribe: <mailto:suse-security-subscribe@suse.com>
List-unsubscribe: <mailto:suse-security-unsubscribe-suse=archive.cert.uni-stuttgart.de@suse.com>
Mailing-list: contact suse-security-help@xxxxxxxx; run by ezmlm

All,

I am having a problem that I hope someone could shed
some light on.  I have a machine running 3COM VPN software
behind a SuSE 7.3 system running the 2.4.20 kernel.

I am having a problem writing the appropriate rules that
will allow this machine to talk to a VPN server that is sitting
on the outside world.

I know I have to write a protocol 47 rule, but am not sure
the exact syntax.

I tried the following:
iptables -A FORWARD -i eth0 -o eth1 -p 47 -j ACCEPT

However, running a tcpdump while trying the connection shows:
172.16.0.1 > 172.16.0.16: icmp: x.x.x.x protocol 47 port 34827 unreachable
(x.x.x.x = outside address)

Do I need to add additional support rules, or is my syntax just
incorrect?

Any assistance that can be offered is greatly appreciated.

Drew



-- 
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here

Prev by Date: Re: [suse-security] suse 8.1 : ptrace exploit still working fine!?
Next by Date: RE: [suse-security] IPTables and GRE Packets
Previous by thread: [suse-security] Patch for /sbin/conf.d/SuSEconfig.postfix fuer SMTPD-User Auth
Next by thread: RE: [suse-security] IPTables and GRE Packets
Index(es):
- Date
- Thread