LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 10-19-2006, 11:11 PM   #1
pradeepjagtap
LQ Newbie
 
Registered: Oct 2006
Posts: 4

Rep: Reputation: 0
Thumbs up How to access VPN + LAN in iptables Firewall


Hi all

i am facing problem with my lan as well as VPN Connection
1)when i configured windows xp TCP ip with dual ips(public ip + Private ip).
When i need to access the vpn i need to completed removed my lan ip address and put the public ip then i can connect to vpn but not able to access LAN.
2) in dual ip configration situation when i swap ip from lan to public ip the request for vpn connection goes with lan ip at iptable firewall .so the iptable dosnt allow connection for lan ip

3)can u tell me hot can i access my lan as well as vpn with dual ips (both ip i need for vpn ).but when i need to access vpn i can just swap the ip to vpn and connect to von server.

for I.E
{If windows Tcpip configured as dual ip as 1->192.168.10.100 2->203.124.143.*** theris on issue i face that when i swap the ip address(192.168.10.100) to public ip 203.124.143.*** to access the vpn all the request goes from my system to firewall as a 192.168.10.100 instead of 203.124.143.*** also i changed the gatway & all setting

if i removed the 192.168.10.100 ip address & put only 230.124.143.*** ip then vpn connection get establish but very slow so i can't access may lan at this movment because ther is no lan ip in TCP ip}

*** Is there any iptable Script which allow to access Lan When user connecting to VPN (we need Both ip addresss)***
 
Old 10-19-2006, 11:33 PM   #2
alienux
Member
 
Registered: Sep 2006
Location: Dayton, Ohio
Distribution: Slackware 12, Fedora Core, PCLinuxOS
Posts: 194

Rep: Reputation: 30
Maybe I'm completely misunderstanding what you're after, but it sounds to me like you're trying to add IP addresses for two different subnets to the same physical interface.

If you want the machine to access the 192.168.10.0 and 203.124.143.0 networks from the same machine, you should have two separate NICs. The 192.168.10.x address on the NIC will only talk to other devices with that same IP scheme, unless you have a bridge with proper routing tables to talk to another subnet with a different IP scheme. The same goes for the 203.124.143.x address. To communicate both directions at the same time, you need separate interfaces for each subnet.

If you just want to have a public hide address for the 192.168.10.x address, or a one-to-one static NAT for it, let the firewall take care of the 203.124.143.x address, not the XP box itself.

Again, sorry if I'm misunderstanding, but this is what I'm getting from your questions.
 
Old 10-20-2006, 12:08 AM   #3
pradeepjagtap
LQ Newbie
 
Registered: Oct 2006
Posts: 4

Original Poster
Rep: Reputation: 0
As i know we can used one lan interface (to client interface) to access lan as well as vpn

we have huge network we cant put to lan card for each system

what i am saying that suppose think that we have id network with

(firwall + AD server file server + client system windows xp)

what script we can used to access file server as well as VPN with public ip set in client tcpip .

i have told u one thing when i swap the lan ip to public ip to access the vpn all request hit the firwall with lan ip this request dosnt go to public ip i have trace this with tcpdump command
 
Old 10-20-2006, 11:59 AM   #4
alienux
Member
 
Registered: Sep 2006
Location: Dayton, Ohio
Distribution: Slackware 12, Fedora Core, PCLinuxOS
Posts: 194

Rep: Reputation: 30
So you need multiple internal clients to access a remote VPN? Is the remote VPN only accepting connections from a specific public address or public subnet?
 
Old 10-24-2006, 12:08 AM   #5
pradeepjagtap
LQ Newbie
 
Registered: Oct 2006
Posts: 4

Original Poster
Rep: Reputation: 0
So you need multiple internal clients to access a remote VPN?
Yes

Is the remote VPN only accepting connections from a specific public address or public subnet?
remote VPN Accept Public address only .
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
allow internet access from LAN using IPTABLES cccc Linux - Networking 2 03-24-2006 04:47 PM
Iptables firewall in multiple lan interfaces Neelesh Linux - Security 3 07-31-2004 01:19 PM
iptables trouble, LAN to MySQL on Firewall dwynter Linux - Security 3 11-01-2002 06:50 AM
iptables and EXTIP access from LAN kajboj Linux - Security 1 02-06-2002 12:11 PM
iptables and EXTIP access from LAN kajboj Linux - Networking 1 02-04-2002 04:09 AM


All times are GMT -5. The time now is 08:51 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration