SecuRemote and Netfilter NAT
From: joule (no email)Date: 05/30/02
- Next message: Benji: "Re: DSL Router with One To One NAT"
- Previous message: Ric Griffy: "Re: Black Ice Defender"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: (joule) Date: Thu, 30 May 2002 03:01:03 GMT
hello all... :)
i currently have a small home network (five nodes) in which a
slackware 8 box is NAT'ing the internal network using iptables
1.2.6a.
my roomate's employer has provided him with a DSL connection which
permits him to work from home. however, in order to access the
corporate network securely, he must authenticate himself using
SecuRemote 4.1 (SP-1). in order for me to also be able to use this
DSL, for free ;), he needs to be able to access the network.
a packet analysis revealed that UDP 259 was needed for
authentication. i configured Netfilter to accept FORWARD outbound UDP
259 traffic in state NEW and ESTABLISHED and to accept FORWARD
inbound UDP 259 traffic in state ESTABLISHED. i read the article on
http://lists.samba.org/pipermail/netfilter/2002-February/019769.html
and added "force_udp_encapsulation (true)" to the userc.c file.
before doing this, authentication between the client and gateway was
unsuccessful; the authentication process, according to the SecuRemote
client, is now successful.
the problem im having, occurs when my roomate uses an application,
called Accessory Manager, to access the corporate network. another
packet analysis revealed that my roomate's computer was attempting to
transmit data to the VPN gateway using protocol 94, which i found
through further research, to be ip in ip (IPIP).
outbound requests were made by my roomate's computer, but no
responses were received from the VPN gateway. in addition, my
firewall's logs did not report any denied packets for inbound or
outbound data transmission. this leads me to believe that the packets
were not even being forwarded, perhaps because of IPIP.
i recompiled my linux kernel with IP Encapsulation support and tried
again... this time authentication was unsuccessful. so, im wondering,
what am i doing correctly and what am i doing incorrectly?
any related links/advice/suggestions are welcomed and appreciated :)
thanks for your time...
-- I Slack, therefore I am...
- Next message: Benji: "Re: DSL Router with One To One NAT"
- Previous message: Ric Griffy: "Re: Black Ice Defender"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
