Linux Help
guides forums blogs
Home Desktops Distributions ISO Images Logos Newbies Reviews Software Support & Resources Linuxhelp Wiki

Welcome Guest ( Log In | Register )

Advanced DNS Management
New ZoneEdit. New Managment.


Sign Up Now
Reply to this topicStart new topic
> Vpn Server Behind Suse Linux 9.2 Firewall
post Mar 30 2005, 05:16 AM
Post #1

Whats this Lie-nix Thing?

Group: Members
Posts: 1
Joined: 30-March 05
Member No.: 4,803

Hi all,

i have installed suse linux 9.2 on my new server.
It's a server directly connected to the internet so it has only one nic.
The NIC has got a direct internet ip.

I have the suse firewall 2 up and running.

I want to allow the service pptp on port 1723 to pass the firewall.
I want to connect from any windows machine to this vpn server.

Services like SSH or SAMBA need to work over/through this vpn.
When i open up port 1723 i can connect to the vpn server but there is no traffic possible over this connection.

What am i doing wrong?

Also ip port 47 GRE is forwarded and 1723 udp too but still no go.

Without the firewall everything is working fine.

Any ideas?

Go to the top of the page
+Quote Post
post Mar 30 2005, 08:45 AM
Post #2

Its GNU/

Group: Support Specialist
Posts: 1,439
Joined: 3-January 04
From: Germany
Member No.: 2,069


I'm not sure (100%) of this thing you wanna accomplish here but if you want something like this :

LAN computer (TRUSTED smile.gif ) ----- FIREWALL (SAMBA,SSH,DHCP,DNS,SQUID etc...) --- INTERNET

then you can do this :

open up a console and as root

cd /root
vi iptables-home

type in this
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
# with these 3 rules we make the default policy drop everything
# lets imagine that our internal lan is connected to eth0, and the internet is available via eth1
iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT
# we let everybody freely out to the internet
iptables -A FORWARD -i eth1 -o eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
# we only allow already established or related connections
iptables -A INPUT -s -j ACCEPT
iptables -A INPUT -i eth0 -j ACCEPT
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
# these rules are the input rules, they go directly into the firewall, we allow loopback here, lan, and only allow connections that are already established or related.nothing else.
iptables -A OUTPUT -s -j ACCEPT
iptables -A OUTPUT -s -j ACCEPT
iptables -A OUTPUT -s -j ACCEPT
# we allow all connections from the firewall eth0,eth1 and loopback out

iptables -t nat -A POSTROUTING -s -j SNAT --to-source
# this is a very important part of the setup, here we transulate local private ips to public firewall ip, and back, without this other machines on the internet would not know where to send packets. = public ip address eth1 is the lan, offcourse you can use other numbers here = firewall's eth0

with this setup you are fairly secure, and the firewall is freely accessible from the lan, so samba and other stuff will have no problems.

as for the internet part we don't allow anything at all to go trough our firewall.

/etc/init.d/iptables stop
source /root/iptables-home
iptables-save > /etc/sysconfig/iptables
/etc/init.d/iptables start

if you did this properly all is accessible from inside the lan, and you are running in FULL STEALTH mode.

Robert B

Robert Becskei
May the source be with us!
AMD X2-3800 @ 2400Mhz
2048MB DDR 400Mhz
DFI Lanparty UT4 NF4 ULTRA-D
GeForce 7800GT
Pioneer DVD-RW
17inch Samsung Syncmaster 757NF
WinXP Pro (SP2)/ CentOS 4.3
Go to the top of the page
+Quote Post

Reply to this topicStart new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:


RSS Lo-Fi Version Time is now: 23rd June 2018 - 06:53 PM