Re: [Security Firewall] DSL router and rules

Tue, 15 Mar 2005 04:13:13 -0800 

Florin wrote:

Dj <[EMAIL PROTECTED]> writes:



Hi Florin,
Two Questions
1. Any sign of draft documentation being released any time soon?  Probably
save a lot of the questions you are answering here (including mine!!).

2. I am unsure of something in my setup that is causing problems.  My
setup looks like this:

192.168.1.0/24 Home Lan--------->192.168.1.200/24MNF eth1----------->MNF
eth2 192.168.10.30/24---------->192.168.10.1/24 (LAN Interface) DSL Router
213.202.xx.xx (DSL Interface)----->Internet

All works well except my OpenVPN.  My tun interface on MNF2 has an address
of 10.1.0.1 and 10.1.0.2 on the client.

The DSL router has a build in firewall. I can NAT incoming traffic to
allow it through. My question is, should I put a NAT rule to allow port
5000 through to 192.168.10.1 or 10.1.0.1. I'm not sure which? Neither
seems to work. The client always times out waiting to connect. Any advice
appreciated.
Dj.



the way I see it is the following:
you want to bypass your dsl router and make mnf appear to the outside
world as the dsl router (at least for openvpn operations), so you need to
dnat the incoming packagets on 213.202.xx.xx (the openvpn port) to the mnf
external interface IP, which is 192.168.10.30 (eth2) if I understand
correctly.

my 2cts,


Hi Florin,
I have been away from my MNF2 system for a few months, and am only getting back to it now. Your understanding of my situation above is correct, I want to hide my DSL router, and will therefore setup dnat as suggested.

Now a couple of other questions on this:
1. Do i do a dnat on the router to just the openvpn port on my MNF eth2 interface, or dnat everything coming in?

2. I am confused about the firewall rules required. Do i need to allow traffic on the openvpn port from 192.168.10.30 to 10.1.0.1, or is it from 213.202.xx.xx to 10.1.0.1, or from 10.1.0.2 to 10.1.0.1, or a combination of all three? 

Thanks,
Dj.



____________________________________________________
Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com
Join the Club : http://www.mandrakeclub.com
____________________________________________________

Reply via email to