LinuxQuestions.org
Help answer threads with 0 replies.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
Reload this Page Microsft VPN behind a RG7.3 FW
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 05-25-2004, 12:03 PM   #1
jameskilbane
LQ Newbie
 
Registered: May 2004
Posts: 3

Rep: Reputation: 0
Microsft VPN behind a RG7.3 FW

Hi. My site configuration is as follows. LAN--->RHL 7.3 FW---->ADSL router---->INternet. I have currently a VPN server running inside the network, which when i dial into my LAN, i get as far as verifying user name & password to which "Error 721" comes up (i'm dialing in from home). Previously this worked when the red hat firewall was not in place so i know that its definately something to do with my IPTABLES configuration. So, basically i need for a request on ports 50,51,500 etc to hit my firewall(note: both eth1 & eth0 are on different subnets) , then be forwarded to my VPN server (192.168.) ANy help would be greatly appreciated. My IPtables config is as follows



Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
bad_packets all -- anywhere anywhere
DROP all -- anywhere ALL-SYSTEMS.MCAST.NET
ACCEPT all -- 192.168.0.0/24 anywhere
ACCEPT all -- anywhere 192.168.0.255
ACCEPT all -- anywhere anywhere state RELATED,ESTABL ISHED
tcp_inbound tcp -- anywhere anywhere
udp_inbound udp -- anywhere anywhere
icmp_packets icmp -- anywhere anywhere
DROP all -- anywhere 255.255.255.255
LOG all -- anywhere anywhere limit: avg 3/min bur st 3 LOG level warning prefix `INPUT packet died: '

Chain FORWARD (policy DROP)
target prot opt source destination
bad_packets all -- anywhere anywhere
tcp_outbound tcp -- anywhere anywhere
udp_outbound udp -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state RELATED,ESTABL ISHED
ACCEPT udp -- anywhere 192.168.0.73 udp dpt:isakmp
ACCEPT tcp -- anywhere 192.168.0.73 tcp dpt:isakmp
ACCEPT tcp -- anywhere 192.168.0.73 tcp dpt:re-mail-ck
ACCEPT tcp -- anywhere 192.168.0.73 tcp dpt:51
ACCEPT tcp -- anywhere 192.168.0.73 tcp dpt:1723
ACCEPT tcp -- anywhere 192.168.0.73 tcp dpt:47
LOG all -- anywhere anywhere limit: avg 3/min burst 3 LOG level warning prefix `FORWARD packet died: '

Chain OUTPUT (policy DROP)
target prot opt source destination
DROP icmp -- anywhere anywhere state INVALID
ACCEPT all -- localhost.localdomain anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- 192.168.0.130 anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
LOG all -- anywhere anywhere limit: avg 3/min burst 3 LOG level warning prefix `OUTPUT packet died: '

Chain bad_packets (2 references)
target prot opt source destination
LOG all -- anywhere anywhere state INVALID LOG level warning prefix `Invalid packet: '
DROP all -- anywhere anywhere state INVALID
bad_tcp_packets tcp -- anywhere anywhere
RETURN all -- anywhere anywhere

Chain bad_tcp_packets (1 references)
target prot opt source destination
RETURN tcp -- anywhere anywhere
LOG tcp -- anywhere anywhere tcp flags:!SYN,RST,ACK/SYN state NEW LOG level warning prefix `New not syn: '
DROP tcp -- anywhere anywhere tcp flags:!SYN,RST,ACK/SYN state NEW
RETURN tcp -- anywhere anywhere

Chain icmp_packets (1 references)
target prot opt source destination
LOG icmp -f anywhere anywhere LOG level warning prefix `ICMP Fragment: '
DROP icmp -f anywhere anywhere
DROP icmp -- anywhere anywhere icmp echo-request
ACCEPT icmp -- anywhere anywhere icmp time-exceeded
RETURN icmp -- anywhere anywhere

Chain tcp_inbound (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
RETURN tcp -- anywhere anywhere

Chain tcp_outbound (1 references)
target prot opt source destination
REJECT tcp -- anywhere anywhere tcp dpt:irc reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere tcp dpt:nntp reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere tcp dpt:5190 reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere tcp dpt:4443 reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere tcp dpt:1863 reject-with icmp-port-unreachable
ACCEPT tcp -- anywhere anywhere

Chain udp_inbound (1 references)
target prot opt source destination
DROP udp -- anywhere anywhere udp dpt:netbios-ns
DROP udp -- anywhere anywhere udp dpt:netbios-dgm
ACCEPT udp -- anywhere anywhere udp spt:bootps dpt:bootpc
RETURN udp -- anywhere anywhere

Chain udp_outbound (1 references)
target prot opt source destination
REJECT udp -- anywhere anywhere udp dpt:4000 reject-with icmp-port-unreachable
ACCEPT udp -- anywhere anywhere
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Microsft TrueType Fonts on Linux AMD64 latino Linux - General 1 02-22-2005 05:36 AM
installing linux instead of microsft xp boudahsister Linux - Newbie 3 02-02-2005 07:02 AM
What can Microsft Windows do that Linux can't? Thulemanden General 16 03-15-2004 10:29 PM
How to Import Microsft outlook Email in any Red hat 9 Email Software mobassir Linux - Software 0 07-26-2003 04:08 AM
microsft helping US to spy? qanopus General 20 07-03-2003 11:46 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 07:40 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration