Folks,I have been messing around trying to get FW1 Authentication working from my Linux box. Thus far, this is what I have done:Had a stab at FreeSwan, I couldn't make it work - on top of that, we have authentitokens to rotate passwords which makes FreeSwan a pretty nasty option.Then I switched to VMWare. Considerably more success on this front. With the "bridged networking" option, it all worked - as it should, there is effectively an entirely separate machine plugged into the network & trying to authenticate. That doesn't help me much because I want the FW1 to see the authentication as coming from my linux box. OK so then I switched to what VMware call "host-only networking". Effectively it means that a virtual subnet is set up and used for communication between the virtual machine (Win 2000) and the "real" linux box. So far so good. The next step was obviously to get the virtual machine talking to the outside world. A couple of judicious ipchains commands (masquerading hosts on the virtual subnet out through eth0 on the real subnet) and once more I was forced to smile. This works perfectly, I can log onto the local NT domain from my virtual winbox - the whole kit and kaboodle.The problem now is that the Firewall-1 Authentication Agent appears to be the only app that wont happily work on this setup. The second problem is that I have no idea how it works.I suspect something like the following happens:1) I try to telnet out - firewall sees that attempt.2) Firewall connects back to me (as the originating host for the request) and as a result the FW1 AA username password box pops up.3) I enter valid credentials which are sent back to firewall4) Firewall lets me through.If this is the case then my problem would fairly obviously lie in step 2... when the FW tries to connect back to me, it is only contacting my real host (which will be refusing the connection) and not my virtual host (which is happily waiting for connections but cannot recieve them coz they get stopped at the real eth0 interface). Persumably, I should be able to forward these requests with ipchains, but I have no idea what ports I should be expecting them on. I am also a little new to ipchains so if anybody knows the commands I need to type to forward a port or range of ports from the outside world to an internal host I would be most appreciative if they could supply them to me.Righto then - so I guess my question is 2 fold:1) Am I on the right track and are my guesses about the FW1 authentication agent correct.2) What now ?Many thanks for any help anyone can provide,Kent.
Title: Message
