[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] openvpn and SuSEfirewall



* suse@xxxxxx; <suse@xxxxxx> on 22 Jul, 2004 wrote:
Quoting "Kaiser, Hans" <r_2@xxxxxx>:

Hallo list,

I'm using openvpn and SuSEfirewall. Oenvpn is running fine, but my routing
won't work.
My local network (eth0) is 192.168.1.0/24
My tunnel net    (tun1) is 192.168.2.0/24

So I'm trying to route the both nets, but I get for every protocol from the
SuSEfirewall:
SFW2-FWDint-DROP-DEFLT IN=tun1 OUT=eth0 SRC=192.168.2.1 DST=192.168.1.250
LEN=84 TOS=0x00 PREC=0x00 TTL=63 ID=2 DF PROTO=ICMP TYPE=8 CODE=0 ID=2365
SEQ=3

[snip]

FW_DEV_EXT="ppp0"
FW_DEV_INT="eth0 tun1"

As I understand it, SuSE Firewall was designed with the intention of only
routing between Internal and External interfaces, not between two that are
Internal or two that are External.

Well it can do the routing if you set the following to yes

# 23.)
# Allow same class routing per default?
# REQUIRES: FW_ROUTE
#
# Do you want to allow routing between interfaces of the same class
# (e.g. between all internet interfaces, or all internal network
# interfaces)
# be default (so without the need setting up FW_FORWARD definitions)?
#
# Choice: "yes" or "no", defaults to "no"
#
FW_ALLOW_CLASS_ROUTING="no"


--
Togan Muftuoglu			     |   	
Unofficial SuSE FAQ Maintainer	     |	Please reply to the list;
http://susefaq.sf.net		     |	Please don't put me in TO/CC.

		Nisi defectum, haud refiecendum

--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here