[an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] (none) [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] (none) [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive]
 
[an error occurred while processing this directive] [an error occurred while processing this directive]
Skåne Sjælland Linux User Group - http://www.sslug.dk Home   Subscribe   Mail Archive   Forum   Calendar   Search
MhonArc Date: [Date Prev] [Date Index] [Date Next]   Thread: [Date Prev] [Thread Index] [Date Next]   MhonArc
 

Re: [NETVAERK] iptables, vpn og ipsec - det rigtige subject!!



On 4/30/05, Frank Vestergaard Pedersen <sslug@sslug> wrote:
> Jeg har brug for nogle kloge hoveder og skriver så til jer :-)
> 
> Mit problem er at jeg ikke kan få en winXP ipsec vpn forbindelse igennem
> en linux firewall med NAT, men hvis jeg på samme adsl fobindelse sætter
> en sonicwall (fysisk hardware firewall) så virker vpn forbindelsen
> glimrende!!
> 
> De regler jeg er endt op med hvor man burde kunne alt!! (i test
> øjeblikket) og som stadig ikke virkede er disse:
> 
> iptables -P INPUT ACCEPT
> iptables -P OUTPUT ACCEPT
> iptables -P FORWARD ACCEPT
> 
> iptables -t nat -A POSTROUTING -s $INTERNALIP_RANGE -o $EXT_IFACE -j
> SNAT --to $EXTERNALIP
> iptables -A FORWARD -i $INT_IFACE -j ACCEPT
> iptables -A FORWARD -i $EXT_IFACE -j ACCEPT
> iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
> iptables -A FORWARD -m limit --limit 3/minute --limit-burst 3 -j LOG
> --log-level DEBUG --log-prefix "IPT FORWARD packet died: "
> 
> Hvad mangler jeg at tillade/installere/modprobe - jeg er ved at gå lidt
> kold på google rundt lidt i blinde.....
> 
> Håber i kan hjælpe
> 
> mvh
> Frank

Hvad med et par VPN linier i firewallen?
iptables -t nat -A PREROUTING -p gre -d $WAN_IP -j DNAT --to $VPN_SERVER
iptables -t nat -A PREROUTING -p tcp --dport 1723 -i $WAN -j DNAT --to
$VPN_SERVER:1723

-Doc
-- 
Evry little box should have a pat on the back by uid 0 at least once a day
Even a tux or a beastie needs love, just like I do :o)


 
Home   Subscribe   Mail Archive   Index   Calendar   Search

 
 
Questions about the web-pages to <www_admin>. Last modified 2005-08-10, 22:43 CEST [an error occurred while processing this directive]
This page is maintained by [an error occurred while processing this directive]MHonArc [an error occurred while processing this directive] # [an error occurred while processing this directive] *