Peter, Tried your suggestion and it worked.
Thank you so much. Make sure you introduce yourself to me at the next SLUG meeting, I should be the guy behind the video. Scott On Sun, 2007-08-19 at 14:55 +1000, Peter Hardy wrote: > Hey hey. > > On Fri, 2007-08-17 at 11:58 +1000, Scott Waller wrote: > *snip* > > The Acacia program uses iptables as it's back bone I guess, it also uses > > ULOGD to log the traffic. > > > > EG log file > > > > fw acacia E violation: IN=ppp0 OUT= MAC=(null) SRC=66.124.120.195 > > DST=220.245.83.141 LEN=163 TOS=00 PREC=0x00 TTL=119 ID=23307 DF > > PROTO=TCP SPT=443 DPT=1369 SEQ=1872663048 ACK=2546150166 WINDOW=65463 > > ACK PSH FIN URGP=0 > > > > This is an example of an "External" violation, ie someone scanning my > > firewall. > > > > > > > > > > > > acacia IE violation: IN=eth0 OUT=ppp0 > > MAC=00:a0:cc:3e:22:44:00:16:6f:6c:3d:48:08:00 SRC=10.0.0.52 > > DST=203.63.234.178 LEN=52 TOS=00 PREC=0x00 TTL=127 ID=9213 > > > > This is an example of the log when I try and connect to my work VPN > > > > > > > > When I try to connect (laptop) it seems to talk to work but once it > > comes to the user name and password to times out. If I have the wrong > > password it will tell me, as I said before, I can connect through a > > Telstra Hot Spot of McDonalds for example, I can use the hotel internet > > when I am away to connect...... > > > > I have added in these lines into my acacia.conf file > > > > iptables -A INPUT -p 47 -j ACCEPT > > > > iptables -A OUTPUT -p 47 -j ACCEPT > > iptables -A INPUT -p TCP -s 0.0.0.0/0 --source-port 1723 -j ACCEPT > > iptables -A OUTPUT -p TCP -d 0.0.0.0/0 --destination-port 1723 -j ACCEPT > > The important thing to remember about iptables' built-in chains: > > The INPUT chain only applies to packets coming in an interface destined > for the local machine. > The OUTPUT chain only applies to packets leaving an interface that are > originating from the local machine. > For packets that are originating from your laptop that are going through > the firewall, the FORWARD chain is the only one that's checked. > So I'd start by adding rules like these: > iptables -A FORWARD -p 47 -j ACCEPT > iptables -A FORWARD -p TCP -d 0.0.0.0/0 --destination-port 1723 -j ACCEPT > > If you'd like to do some more reading on how iptables works, you'll find > some great documentation included under /usr/share/doc/iptables (at > least it is in debian, redhat may use a different location). > > Hope that helps. > > -- > Pete > > Scott Waller E. [EMAIL PROTECTED] M. 0439 168 103 F. 02 9838 1782 W. www.wallers.com.au -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
