Hello there,
I''m more/less new to FW technics, using SuSEfirewall2 (before that
SuSEfirewall), and have had some probs with it.
A couple of days ago I was told to have a look at Shorewall, as it sould
solve my probs, and fit my needs.
Is there somebody out there who''d give me some advice how to configure
it?
I re-compiled the kernel (2.4.19) with the km_freeswan modules, and now
ipsec is implemented.
I checked the /etc/ipsec.conf file, but I do not get how it works .....
Here''s a full describtion of what I''d like to have (or
what''s currently
working and what''s not working):
Its a SuSE 8.1 system, acting as a firewall & proxy server (squid) for my
LAN.
Plus the following servers: postfix, hylafax, mysql & apache.
The following services are running
pop3, imap, samba, squirrelmail, amavis, adzap, and some more.
Via the firewall I''m able also to run icq, aim & yahoo messenger
(my wife
wants those ... ;-)).
So far, these things are working using the SuSEfirewall2.
Now my employer offers a remote access to our companies LAN.
On that site a Checkpoint FW is running, and we got a CD-Rom with the
SecuRemote VPN-1 client software.
Using that should enable us to start a terminal server session on the LAN -
and exactly that''s not working.
What does I have to configure?
My SuSE system:
Shorewall version:
1.3.13
uname -a:
Linux gateway 2.4.19-4GB #1 Sun Feb 2 18:07:10 CET 2003 i686 unknown
ip addr show:
1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 brd 127.255.255.255 scope host lo
inet6 ::1/128 scope host
2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
link/ether 00:02:b3:15:03:cd brd ff:ff:ff:ff:ff:ff
inet 192.168.10.2/24 brd 192.168.10.255 scope global eth0
inet6 fe80::202:b3ff:fe15:3cd/10 scope link
3: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
link/ether 00:50:da:5a:2a:5a brd ff:ff:ff:ff:ff:ff
inet 192.168.20.2/24 brd 192.168.20.255 scope global eth1
inet6 fe80::250:daff:fe5a:2a5a/10 scope link
4: ppp0: <POINTOPOINT,MULTICAST,NOARP,UP> mtu 1492 qdisc pfifo_fast qlen 3
link/ppp
inet 80.143.78.57 peer 217.5.98.138/32 scope global ppp0
5: sit0@NONE: <NOARP> mtu 1480 qdisc noop
link/sit 0.0.0.0 brd 0.0.0.0
10: ipsec0: <NOARP,UP> mtu 16260 qdisc pfifo_fast qlen 10
link/ipip
inet 80.143.78.57 peer 217.5.98.138/32 scope global ipsec0
11: ipsec1: <NOARP> mtu 0 qdisc noop qlen 10
link/ipip
12: ipsec2: <NOARP> mtu 0 qdisc noop qlen 10
link/ipip
13: ipsec3: <NOARP> mtu 0 qdisc noop qlen 10
link/ipip
ip route show:
217.5.98.138 dev ppp0 proto kernel scope link src 80.143.78.57
217.5.98.138 dev ipsec0 proto kernel scope link src 80.143.78.57
192.168.20.0/24 dev eth1 proto kernel scope link src 192.168.20.2
192.168.10.0/24 dev eth0 proto kernel scope link src 192.168.10.2
default via 217.5.98.138 dev ppp0
lsmod:
Module Size Used by Tainted: P
ipsec 238976 2
nls_iso8859-1 2812 0 (autoclean)
udf 86816 0 (autoclean)
nfsd 70736 4 (autoclean)
ide-cd 28388 0 (autoclean)
st 26924 0 (autoclean) (unused)
sr_mod 13432 0 (autoclean) (unused)
cdrom 26400 0 (autoclean) [ide-cd sr_mod]
sg 27904 0 (autoclean)
isa-pnp 29664 0 (unused)
usbserial 18492 0 (autoclean) (unused)
parport_pc 25544 1 (autoclean)
lp 6656 0 (autoclean)
parport 22528 1 (autoclean) [parport_pc lp]
pppoe 7692 1 (autoclean)
pppox 1128 1 (autoclean) [pppoe]
snd-seq-midi 4480 0 (unused)
snd-seq-midi-event 2920 0 [snd-seq-midi]
snd-seq 37776 0 [snd-seq-midi snd-seq-midi-event]
snd-via686 8140 0
snd-pcm 63328 0 [snd-via686]
snd-timer 11524 0 [snd-seq snd-pcm]
snd-ac97-codec 26628 0 [snd-via686]
snd-mpu401-uart 3296 0 [snd-via686]
snd-rawmidi 13920 0 [snd-seq-midi snd-mpu401-uart]
snd-seq-device 4140 0 [snd-seq-midi snd-seq snd-rawmidi]
snd 31300 0 [snd-seq-midi snd-seq-midi-event snd-seq
snd-via686 snd-pcm snd-timer snd-ac97-codec snd-mpu401-uart snd-rawmidi
snd-seq-device]
soundcore 3396 0 [snd]
sbp2 16224 0
ohci1394 16364 0 (unused)
ieee1394 29676 0 [sbp2 ohci1394]
via686a 8480 0 (unused)
eeprom 3476 0 (unused)
i2c-proc 6992 0 [via686a eeprom]
i2c-isa 1192 0 (unused)
i2c-viapro 3856 0 (unused)
i2c-core 14468 0 [via686a eeprom i2c-proc i2c-isa
i2c-viapro]
ipv6 138964 -1 (autoclean)
ipt_TCPMSS 2296 1 (autoclean)
ipt_TOS 952 22 (autoclean)
ipt_MASQUERADE 1240 1 (autoclean)
ipt_LOG 3320 137 (autoclean)
ipt_state 568 119 (autoclean)
joydev 5600 0 (unused)
evdev 4352 0 (unused)
input 3168 0 [joydev evdev]
usb-uhci 21612 0 (unused)
usbcore 56768 1 [usbserial snd usb-uhci]
af_packet 12904 1 (autoclean)
ppp_generic 16504 3 (autoclean) [pppoe pppox]
3c59x 27088 1
e100 68184 1
fcdsl 934016 4
capidrv 25044 4
isdn 123584 2 [capidrv]
slhc 5040 0 [ppp_generic isdn]
capi 17056 6
capifs 3688 1 [capi]
kernelcapi 29568 6 [fcdsl capidrv capi]
capiutil 22560 0 [capidrv kernelcapi]
ipt_REJECT 2712 3 (autoclean)
iptable_mangle 2072 1 (autoclean)
iptable_filter 1644 1 (autoclean)
ip_nat_ftp 3056 0 (unused)
iptable_nat 13688 2 [ipt_MASQUERADE ip_nat_ftp]
ip_conntrack_ftp 3456 0 (unused)
ip_conntrack 14140 3 [ipt_MASQUERADE ipt_state ip_nat_ftp
iptable_nat ip_conntrack_ftp]
ip_tables 11576 11 [ipt_TCPMSS ipt_TOS ipt_MASQUERADE ipt_LOG
ipt_state ipt_REJECT iptable_mangle iptable_filter iptable_nat]
reiserfs 179536 4 (autoclean)
lvm-mod 62976 0 (autoclean)
ext3 76552 6
jbd 45372 6 [ext3]
Hope that''s all you need - or maybe even too much ....
Thanks in advance!!!!!
c y
Torsten