Help w/ iptables: can't get the Cisco VPN client to work behind proxy
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I've setup a transparent proxy using squid and iptables, browsing and other tcp/udp services does work, however, I can't get the Cisco VPN client to work behind proxy.
Any input will be appreciated. Thanks in advance!
Below is the iptables script
Quote:
#!/bin/bash
#
#
#
# Ethernet device name connected to LAN
ETHERNET_LAN="eth2"
# Ethernet device name connected to Internet
ETHERNET_INTERNET="eth0"
# Squid Server IP Address
SQUID_SERVER_IP="172.16.15.1"
# Squid port number
SQUID_PORT="3128"
### Multiple Port Number - TCP based
MULTI_PORT="22,20,21"
###### IPTABLE Allow rule for tcp based multiple port
#### To disable - Use # in front of below given line
iptables -A INPUT -p tcp -m multiport --dports $MULTI_PORT -j ACCEPT
iptables -A INPUT -j LOG
iptables -A INPUT -j DROP
First of all, since this is about a proprietary, closed source product, you should check its documentation (esp. the FAQ). (Also note the vendor has its own support forum.) Then you should know what type of protocol and ports the application uses. Then the single simplest quickest way to start troubleshooting iptables rule sets is to make "-j LOG" rules precede any other type of "decision" rule. And since you're routing specific traffic through another service you're expected to look at its log file and enable debug logging if it doesn't show any clues.
Also ... the Cisco device will know that it is operating behind a proxy. It might not like that. In fact, it might refuse to (or, be unable to) negotiate a connection that way. (Remember that, for example, the IP-address perceived by the client is now different from the address that will be perceived by the host as being "that client's address.") You should therefore examine logs on all fronts: what does the client say (e.g. with a "-v" command-line parameter or maybe several; what does the host say; and so on.
VPN is specifically designed to be absolutely obtuse and uninformative ... until ... "*click!* the lock quietly falls open" when exactly the proper sequence of events takes place.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.