Dear list: Want to host a VPN through my Dachstein firewall, as well as port-forward web, IMAP and SMTP to an interal server. I made a boot floppy of Lynn Avants' Dachstein IPsec image, and configured the port forwarding in network.conf. But, although web access from internal machines works fine, the outside world cannot get to my mail, IMAP and www servers. Is there an additional step or command required for this with Dach-ipsec? My older (non-ipsec) dach boot disk port-fw just fine (back running on it now -- but no VPN).
A "diff" of the two network.conf files is below. Could the IP_SPOOF stuff be a problem? I have not modified those lines from the default network.conf that came with the respective images. TIA Rick.
The network.conf from my Dach-ipsec boot floppy :
DEF_IP_SPOOF=NO # ...
eth0_IP_SPOOF=NO # ...
EXTERN_UDP_PORT0="0/0 domain" EXTERN_UDP_PORT1="0/0 500 0/0"
# TCP services open to outside world # Space seperated list: srcip/mask_dstport #EXTERN_TCP_PORTS="216.171.153.128/25_ssh 0/0_www 0/0_1023"
# -or- # Indexed list: "SrcAddr/Mask port [ DestAddr[/DestMask] ]" EXTERN_TCP_PORT0="0/0 domain" EXTERN_TCP_PORT1="0/0 www" EXTERN_TCP_PORT2="0/0 smtp" EXTERN_TCP_PORT3="0/0 imap"
# Generic Services open to outside world # Space seperated list: protocol_srcip/mask_dstport #EXTERN_PORTS="50_5.6.7.8 51_5.6.7.8"
# -or- # Indexed list: "Protocol SrcAddr/Mask [ DestAddr[/DestMask] ]" EXTERN_PROTO0="50 0/0" EXTERN_PROTO1="51 0/0"
# <snip, snip>
INTERN_SERVERS="tcp_216.12.22.89_domain_192.168.1.2_domain udp_216.12.22.89_domain_192.168.1.2_domain tcp_216.12.22.89_smtp_192.168.1.2_smtp tcp_216.12.22.89_imap_192.168.1.2_imap"
# =================================================================================== And, network.conf from the working Dach fw (non-ipsec):
DEF_IP_SPOOF=YES # ...
eth0_IP_SPOOF=YES # ...
EXTERN_UDP_PORT0="0/0 domain" #EXTERN_UDP_PORT1="5.6.7.8 500 1.1.1.12"
# TCP services open to outside world # Space seperated list: srcip/mask_dstport #EXTERN_TCP_PORTS="216.171.153.128/25_ssh 0/0_www 0/0_1023"
# -or- # Indexed list: "SrcAddr/Mask port [ DestAddr[/DestMask] ]" EXTERN_TCP_PORT0="0/0 imap" EXTERN_TCP_PORT1="0/0 www" EXTERN_TCP_PORT2="0/0 smtp" EXTERN_TCP_PORT3="0/0 domain"
# <snip, snip>
INTERN_SERVERS="tcp_216.12.22.89_domain_192.168.1.2_domain udp_216.12.22.89_domain_192.168.1.2_domain tcp_216.12.22.89_www_192.168.1.2_www tcp_216.12.22.89_smtp_192.168.1.2_smtp tcp_216.12.22.89_imap_192.168.1.2_imap"
------------------------------------------------------- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
