Am Freitag, 4. Januar 2008 05:03:55 schrieb Tim Ertl:
> 10.2 and 10.3 are wonderful! What an improvement over the old 8.2!
>
> Are there any doc's on how to set up SuSE 10.2 (or equiv) PPTP SERVER with
> SuSEfirewall2? I have looked all over and found VPN Client configs but no
> Server configs that are current and not much on the firewall with vpn's.
> All thoughts and comments are very welcome. Happy New Year!
> Why?
> I had done it on SuSE 8.2 so I took a stab at it on 10.2.
> I am able to connect and validate passwords etc.
> I can Ping the Server host IP (192.168.1.1).
> I can ping my ppp0 (192.168.225.1) ip address on the firewall.
> I can even VNC into the 192.168.1.1(the firewall ip)!
> I can not get on to the rest of the INTernal network (192.168.1.25)?
PPTP is another beast... Look below.
> ERROR:
> Jan 3 22:23:20 gate kernel: SFW2-FWDint-DROP-DEFLT IN=ppp0 OUT=eth2
> SRC=192.168.224.1 DST=192.168.1.25 LEN=60 TOS=0x00 PREC=0x00 TTL=127
> ID=2316 PROTO=ICMP TYPE=8 CODE=0 ID=39955 SEQ=1280
>
> I am one of those that have had good success with SuSEfirewall2 in the past
> but I am confused this time.
> ETH2 = 192.168.1.1 # internal network
> PPP0 = 192.168.224.1
> I want to get to 192.168.1.25
>
> Sysconfig->SuSEfirewall2:
> (I grep'd off comments & null parameters "" for space)
> FW_DEV_EXT="eth-id-00:15:e9:80:db:e9"
> FW_DEV_INT="eth-id-00:0e:0c:d7:f9:f9 eth-id-00:0f:1f:f8:26:c5 ppp0 ppp1"
> FW_ROUTE="yes"
> FW_MASQUERADE="yes"
> FW_MASQ_DEV="$FW_DEV_EXT"
> FW_MASQ_NETS="0/0"
> FW_PROTECT_FROM_INT="no"
> FW_SERVICES_EXT_TCP="https imaps pop3s pptp smtp 1723"
> FW_SERVICES_EXT_IP="47"
> FW_SERVICES_INT_TCP="80"
> FW_SERVICES_INT_UDP="ntp icmp"
> FW_SERVICES_INT_IP="47"
> FW_SERVICES_REJECT_EXT="0/0,tcp,113"
> FW_LOG_DROP_CRIT="yes"
> FW_LOG_DROP_ALL="yes"
> FW_LOG_ACCEPT_CRIT="yes"
> FW_LOG_ACCEPT_ALL="no"
> FW_KERNEL_SECURITY="yes"
> FW_STOP_KEEP_ROUTING_STATE="no"
> FW_ALLOW_PING_FW="yes"
> FW_ALLOW_PING_DMZ="no"
> FW_ALLOW_PING_EXT="yes"
> FW_ALLOW_FW_BROADCAST_EXT="no"
> FW_ALLOW_FW_BROADCAST_INT="ntp"
> FW_ALLOW_FW_BROADCAST_DMZ="no"
> FW_IGNORE_FW_BROADCAST_EXT="yes"
> FW_IGNORE_FW_BROADCAST_INT="no"
> FW_IGNORE_FW_BROADCAST_DMZ="no"
> FW_REJECT_INT="yes"
> FW_IPSEC_TRUST="no"
> All other param's are "" defaulted.
Looks like you need
FW_LOAD_MODULES="ip_conntrack_pptp"
If you plan to use pptp in the other direction, from you masqueraded LAN to
the ouside, you must add ip_nat_pptp, too.
> Any Help is greatly appreciated.
> Many Thanks!
> We have about 40 SuSE linux systems and a mess of Windoze systems!
Herbert
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
