[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] SuSEfirewall and VPN routing

To: "SuSE-sec" <suse-security@xxxxxxxx>
Subject: Re: [suse-security] SuSEfirewall and VPN routing
From: "Arthur" <tuur@xxxxxxxx>
Date: Mon, 9 May 2005 12:34:51 +0200
Delivered-to: mailing list suse-security@xxxxxxxx
List-help: <mailto:suse-security-help@suse.com>
List-post: <mailto:suse-security@suse.com>
List-subscribe: <mailto:suse-security-subscribe@suse.com>
List-unsubscribe: <mailto:suse-security-unsubscribe-suse=archive.cert.uni-stuttgart.de@suse.com>
Mailing-list: contact suse-security-help@xxxxxxxx; run by ezmlm
References: <5a6543ead9758eaf05eeb899aaea973e@xxxxxx>

Hi Dirk,

I'm not sure how to set this in the SuSEfirewall config, but this is how you
can set it on the command line using iptables.

iptables -I PREROUTING -t nat -j DNAT -p GRE -i eth1 -d <extrenal inet
ip> --to-destination <internal MS-VPN server ip>

Good luck!

Regards,
Arthur

> Hi,
>
> I'm trying to make a vpn-connection from the internet to an internal
> ms-vpn-server. So I configured SuSEfirewall to forward tcp port 1723
> with FW_FORWARD_MASQ="0/0,192.168.17.15,tcp,1723".
>
> The vpn-server is allowed to have masquerading
> FW_MASQ_NETS="192.168.17.15/32,0/0".
>
> But all I get is a connection timeout. How do I have to configure the
> GRE forwarding?
>
> Greetings,
> Dirk
>


-- 
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here

Follow-Ups:
- Re: [suse-security] SuSEfirewall and VPN routing
  - From: Arthur

References:
- [suse-security] SuSEfirewall and VPN routing
  - From: Dirk Borchers

Prev by Date: [suse-security] SuSEfirewall and VPN routing
Next by Date: Re: [suse-security] SuSEfirewall and VPN routing
Previous by thread: [suse-security] SuSEfirewall and VPN routing
Next by thread: Re: [suse-security] SuSEfirewall and VPN routing
Index(es):
- Date
- Thread