[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [suse-security] SuSEfirewall and VPN routing
Oops, ofcourse you should also change the incoming interface ;)
My bad :)
----- Original Message -----
From: "Arthur" <tuur@xxxxxxxx>
To: "SuSE-sec" <suse-security@xxxxxxxx>
Sent: Monday, May 09, 2005 12:34 PM
Subject: Re: [suse-security] SuSEfirewall and VPN routing
> Hi Dirk,
>
> I'm not sure how to set this in the SuSEfirewall config, but this is how
you
> can set it on the command line using iptables.
>
> iptables -I PREROUTING -t nat -j DNAT -p GRE -i eth1 -d <extrenal inet
> ip> --to-destination <internal MS-VPN server ip>
>
> Good luck!
>
> Regards,
> Arthur
>
> > Hi,
> >
> > I'm trying to make a vpn-connection from the internet to an internal
> > ms-vpn-server. So I configured SuSEfirewall to forward tcp port 1723
> > with FW_FORWARD_MASQ="0/0,192.168.17.15,tcp,1723".
> >
> > The vpn-server is allowed to have masquerading
> > FW_MASQ_NETS="192.168.17.15/32,0/0".
> >
> > But all I get is a connection timeout. How do I have to configure the
> > GRE forwarding?
> >
> > Greetings,
> > Dirk
> >
>
>
> --
> Check the headers for your unsubscription address
> For additional commands, e-mail: suse-security-help@xxxxxxxx
> Security-related bug reports go to security@xxxxxxx, not here
>
>
--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here