1. Home
  2. Networking Firewalls
  3. Openvpn confg with SuSEfirewall2

Openvpn confg with SuSEfirewall2

Hi all,

I hope I am on the good NG :-) If not, please, redirect me ! and excuse my poor english .......

May I get a little help here to configure my SuSEfirewall2 ??

My little problem : I plan to use openvpn to connect some road warrior cannected via gprs.

Actualy, i'm able to connect to my firewall using ssh via the tunel. but when i try to connect my web server behind my firewall, i allways get : who-has 89.0.0.41 says 10.3.0.1 .....

My problem is : What rules may I use to connect my web server behind my firewall ? I presume that i must add some rules in firewall-custom.....

Many thanks in advance Friendly Alain

NOTES :

******** Architecture :

-------------- Client road-warrior ip vpn 10.3.0.1 (mode tun) route 89.0.0.41 mask 255.255.0.0 10.3.0.1 metric 10 ->

Internet ->

Freebox ADSL ->

SuSEFirewall2 and openvpn (same box) IP wan variable (nnnnnn.dyndns.org) ip LAN 89.0.0.140 ip vpn 10.3.0.2 (tun) ->

Progress Software Database server and web server (same box) ip lan 89.0.0.41

My SuSEfirewall2 config :

-------------------------- FW_QUICKMODE="no" FW_DEV_EXT="eth1" FW_DEV_INT="eth0" FW_DEV_DMZ="" FW_ROUTE="yes" FW_MASQUERADE="yes" FW_MASQ_DEV="$FW_DEV_EXT" FW_MASQ_NETS="0/0" FW_PROTECT_FROM_INTERNAL="no" FW_AUTOPROTECT_SERVICES="yes" FW_SERVICES_EXT_TCP="openvpn1" FW_SERVICES_EXT_UDP="" FW_SERVICES_EXT_IP="" FW_SERVICES_EXT_RPC="" FW_SERVICES_DMZ_TCP="" FW_SERVICES_DMZ_UDP="" FW_SERVICES_DMZ_IP="" FW_SERVICES_DMZ_RPC="" FW_SERVICES_INT_TCP="ssh www" FW_SERVICES_INT_UDP="" FW_SERVICES_INT_IP="all" FW_SERVICES_INT_RPC="" FW_SERVICES_QUICK_TCP="" FW_SERVICES_QUICK_UDP="" FW_SERVICES_QUICK_IP="" FW_TRUSTED_NETS="" FW_ALLOW_INCOMING_HIGHPORTS_TCP="yes" FW_ALLOW_INCOMING_HIGHPORTS_UDP="yes" FW_SERVICE_AUTODETECT="no" FW_SERVICE_DNS="no" FW_SERVICE_DHCLIENT="no" FW_SERVICE_DHCPD="no" FW_SERVICE_SQUID="no" FW_SERVICE_SAMBA="no" FW_FORWARD="" FW_FORWARD_MASQ="" FW_REDIRECT="" FW_LOG_DROP_CRIT="yes" FW_LOG_DROP_ALL="yes" FW_LOG_ACCEPT_CRIT="yes" FW_LOG_ACCEPT_ALL="yes" FW_LOG="" FW_KERNEL_SECURITY="yes" FW_ANTISPOOF="no" FW_STOP_KEEP_ROUTING_STATE="no" FW_ALLOW_PING_FW="yes" FW_ALLOW_PING_DMZ="no" FW_ALLOW_PING_EXT="yes" FW_ALLOW_FW_TRACEROUTE="yes" FW_ALLOW_FW_SOURCEQUENCH="yes" FW_ALLOW_FW_BROADCAST="yes" FW_IGNORE_FW_BROADCAST="no" FW_ALLOW_CLASS_ROUTING="yes" FW_CUSTOMRULES="/etc/sysconfig/scripts/SuSEfirewall2-custom" FW_REJECT="no" FW_HTB_TUNE_DEV="" FW_IPv6="" FW_IPv6_REJECT_OUTGOING="yes" FW_IPSEC_TRUST="no" FW_IPSEC_MARK=""

Reply to
EPiKoiEncore
Loading thread data ...

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.