[an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] (none) [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] (none) [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive]
 
[an error occurred while processing this directive] [an error occurred while processing this directive]
Skåne Sjælland Linux User Group - http://www.sslug.dk Home   Subscribe   Mail Archive   Forum   Calendar   Search
MhonArc Date: [Date Prev] [Date Index] [Date Next]   Thread: [Date Prev] [Thread Index] [Date Next]   MhonArc
 

Re: [NETVAERK] iptables, vpn og ipsec - det rigtige subject!!




Doc Nielsen wrote:


On 4/30/05, Frank Vestergaard Pedersen <sslug@sslug> wrote:


Jeg har brug for nogle kloge hoveder og skriver så til jer :-)

Mit problem er at jeg ikke kan få en winXP ipsec vpn forbindelse igennem
en linux firewall med NAT, men hvis jeg på samme adsl fobindelse sætter
en sonicwall (fysisk hardware firewall) så virker vpn forbindelsen
glimrende!!

De regler jeg er endt op med hvor man burde kunne alt!! (i test
øjeblikket) og som stadig ikke virkede er disse:

iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT

iptables -t nat -A POSTROUTING -s $INTERNALIP_RANGE -o $EXT_IFACE -j
SNAT --to $EXTERNALIP
iptables -A FORWARD -i $INT_IFACE -j ACCEPT
iptables -A FORWARD -i $EXT_IFACE -j ACCEPT
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -m limit --limit 3/minute --limit-burst 3 -j LOG
--log-level DEBUG --log-prefix "IPT FORWARD packet died: "

Hvad mangler jeg at tillade/installere/modprobe - jeg er ved at gå lidt
kold på google rundt lidt i blinde.....

Håber i kan hjælpe

mvh
Frank



Hvad med et par VPN linier i firewallen? iptables -t nat -A PREROUTING -p gre -d $WAN_IP -j DNAT --to $VPN_SERVER iptables -t nat -A PREROUTING -p tcp --dport 1723 -i $WAN -j DNAT --to $VPN_SERVER:1723

-Doc



jeg kommer vist lige til at lave lidt asci art....



winXP klient (vpn client) <---------> linux firewall <---> internet <------> vpn server
og i dette tilfælde skal jeg vel ikke lave noget DNAT ?


/Frank



 
Home   Subscribe   Mail Archive   Index   Calendar   Search

 
 
Questions about the web-pages to <www_admin>. Last modified 2005-08-10, 22:43 CEST [an error occurred while processing this directive]
This page is maintained by [an error occurred while processing this directive]MHonArc [an error occurred while processing this directive] # [an error occurred while processing this directive] *