> From: Rainer Hofmeister [mailto:rhwebkom.net]
> Sent: Thursday, February 06, 2003 7:19 AM
> To: suse-securitysuse.com
> Subject: [suse-security] MS VPN over SuSefirewall2 (7.3)
>
>
> Hi,
>
> I'm trying to build a VPN tunnel from an internal Win2K machine to a
> server on the Internet (also MS). We are using a SuSEfirewall2 (SuSE
> 7.3) to protect our internal Lan. The internal Lan is masqueraded.
>
> Is there a way to configure the firewall to allow VPN connections from
> the Win2K machine?
>
> I opened the following ports in FW_MASQ_NETS:
>
> 10.0.0.0/24,0/0,tcp,1723
> 10.0.0.0/24,0/0,udp,1723
> 10.0.0.0/24,0/0,tcp,47
> 10.0.0.0/24,0/0,udp,47
> 10.0.0.0/24,0/0,udp,500
>
> This didn't work. I read somewhere that the communication over port 47
> is not tcp or udp but gre. Since I can't set that in SuSEfirewall2 I
> tried to open up the complete network by using:

It's not _port_ 47, but _protocol_ 47 instead! This is an important
difference!
I don't know the SuSE Firewall scripts, but opening _protocol_ 47 instead of
the port would help IMO.

Thomas

-- 
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-helpsuse.com
Security-related bug reports go to securitysuse.de, not here

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]