On Fri, Aug 17, 2007 at 11:58:00AM +1000, Scott Waller wrote: > Hi Fellow Sluggers, > > I have searched Hi and Lo and need help. I have a weird setup here but > it works well and I would like to try and keep my setup. > > The Scene > > I have a FC6 machine running a firewalling prog called acacia, it was > written by one of Red Hat's head guys, it has served me well for many > years but my situation has changed slightly. I have a newish job, they > are windows crazy (another story for another time), they have a MS VPN > setup. The idea is that all the "road warriors" can connect via their > NextG cards or from their homes though the VPN to the office, this > allows them to connect to the Exchange server etc. > > I also have a laptop (WinXP) that connects through the VPN every where I > have tried, but not at my place. It is good in some respects because I > can't do work from home (YAY). > > Anyway, this week the wife has been sick and I now need to connect to > work to get emails etc, but I just can't make it work. I am pulling > what hair I have let out! > > The Acacia program uses iptables as it's back bone I guess, it also uses > ULOGD to log the traffic. > > EG log file > > fw acacia E violation: IN=ppp0 OUT= MAC=(null) SRC=66.124.120.195 > DST=220.245.83.141 LEN=163 TOS=00 PREC=0x00 TTL=119 ID=23307 DF > PROTO=TCP SPT=443 DPT=1369 SEQ=1872663048 ACK=2546150166 WINDOW=65463 > ACK PSH FIN URGP=0 > > This is an example of an "External" violation, ie someone scanning my > firewall. > > > > > > acacia IE violation: IN=eth0 OUT=ppp0 > MAC=00:a0:cc:3e:22:44:00:16:6f:6c:3d:48:08:00 SRC=10.0.0.52 > DST=203.63.234.178 LEN=52 TOS=00 PREC=0x00 TTL=127 ID=9213 > > This is an example of the log when I try and connect to my work VPN > > > > When I try to connect (laptop) it seems to talk to work but once it > comes to the user name and password to times out. If I have the wrong > password it will tell me, as I said before, I can connect through a > Telstra Hot Spot of McDonalds for example, I can use the hotel internet > when I am away to connect...... > > I have added in these lines into my acacia.conf file > > iptables -A INPUT -p 47 -j ACCEPT > > iptables -A OUTPUT -p 47 -j ACCEPT > iptables -A INPUT -p TCP -s 0.0.0.0/0 --source-port 1723 -j ACCEPT > iptables -A OUTPUT -p TCP -d 0.0.0.0/0 --destination-port 1723 -j ACCEPT with out looking at all the tables I would guess you need a forward rule as well.
you might also want to look at openvpn - solution works for windows and linux and its free and it works through a proxy server! > > > Thanks > > > Scott Waller > E. [EMAIL PROTECTED] > M. 0439 168 103 > F. 02 9838 1782 > W. www.wallers.com.au > > > -- > SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ > Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html >
signature.asc
Description: Digital signature
-- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
