From: Ray Leach <raymondl@knowledgefactory.co.za>
To: Netfilter Mailing List <netfilter@lists.netfilter.org>
Subject: RE: Problem Found! - Firewall Rule
Date: 06 Jun 2003 08:52:28 +0200 [thread overview]
Message-ID: <1054882347.13616.53.camel@raylinux.internal> (raw)
In-Reply-To: <09B04A55822EFF4DA48D2E0BB2941D4A019266@wardrive.citadelcomputer.com.au>
[-- Attachment #1: Type: text/plain, Size: 1997 bytes --]
On Fri, 2003-06-06 at 02:56, George Vieira wrote:
> Your local IP is the same as the remote networks IP.. so how is the
> local machine to know that 192.168.0.55 or 66 or 32 is on the VPN!?
>
> The only way I know is to proxyarp the ppp device that the vpn is
> running on.. I'm assuming it's PPTP so you could try this command when
> the VPN comes up :
> echo 1 > /proc/sys/net/ipv4/conf/$VPNDEV/proxy_arp
You can also use the netfilter P-O-M route patch, which allows you to
redirect traffic via different interfaces (route) based on regular
iptables conditions (-s, -d, -p, etc).
>
> and this must be done on the VPN server too..
> I've never done it this way with a VPN.. but you can only try it..
>
> I'm surprised that anything really works properly the way you've done
> it because the firewall has 2 network devices with the same IP range.
>
> Thanks,
>
>
>
> ____________________________________________
> George Vieira
> Citadel Computer Systems Pty Ltd Systems Managergeorgev AT
> citadelcomputer DOT com DOT au
> Citadel Computer Systems Pty Ltd
> Phone : +61 2 9955 2644HelpDesk: +61 2 9955 2698
> http://www.citadelcomputer.com.au
>
>
> -----Original Message-----
> From: John Paul [mailto:john@pinoylinux.sytes.net]
> Sent: Friday, June 06, 2003 9:56 AM
> To: netfilter@lists.netfilter.org
> Subject: Problem Found! - Firewall Rule
>
>
> Hello Folks, its me again :(
>
> Below is my config. My problem is, I can connect to VPN but for some
> reason, I cannot see machines inside the network after being
> connected. Can somebody give me the simpliest firewall rule on this?
> just for me to see the machines inside the network.
>
> Thanks!
> /JP
>
--
--
Raymond Leach <raymondl@knowledgefactory.co.za>
Network Support Specialist
http://www.knowledgefactory.co.za
"lynx -source http://www.rchq.co.za/raymondl.asc | gpg --import"
Key fingerprint = 7209 A695 9EE0 E971 A9AD 00EE 8757 EE47 F06F FB28
--
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 189 bytes --]
next prev parent reply other threads:[~2003-06-06 6:52 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-06-06 0:56 Problem Found! - Firewall Rule George Vieira
2003-06-06 6:52 ` Ray Leach [this message]
2003-06-09 3:35 ` John Paul
2003-06-09 3:46 ` firewall bridge , Vlan ? loong
2003-06-09 10:08 ` Cedric Blancher
-- strict thread matches above, loose matches on Subject: below --
2003-06-09 4:22 Problem Found! - Firewall Rule George Vieira
2003-06-05 23:56 John Paul
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1054882347.13616.53.camel@raylinux.internal \
--to=raymondl@knowledgefactory.co.za \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.