Re: Connection to SonicWall VPN through Linux IPTABLES Firewall/Proxy
ajkessel_at_gmail.com
Date: 11/02/05
- Next message: Volker Birk: "Re: New Computer Groups"
- Previous message: Somebody.: "Re: Zywall 5 of Firebox X5"
- In reply to: Wolfgang Kueter: "Re: Connection to SonicWall VPN through Linux IPTABLES Firewall/Proxy"
- Next in thread: Wolfgang Kueter: "Re: Connection to SonicWall VPN through Linux IPTABLES Firewall/Proxy"
- Reply: Wolfgang Kueter: "Re: Connection to SonicWall VPN through Linux IPTABLES Firewall/Proxy"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 2 Nov 2005 06:47:32 -0800
> You are clueless, having installed something that you don't understand.
I'm not sure why you need to start off with a personal insult--I'm just
trying to figure this out. I would never install something I didn't
fully understand on a production system for a network environment--but
I've just installed and set up something for myself at home. This is
how most people learn.
> General approach: Hire a skilled professional and pay him.
I'm not sure you understand what I'm trying to do: I am replacing a
standard router with a Linux box. It does two things: takes all traffic
from the LAN and does NAT to provide access to the Internet to the
internal machines; and filters inbound packets to the proper internal
machine. If it were a corporate work environment, I would have a
professional set it up with regular security audits, etc... But I
expect very few people who are trying to set up a router for their home
are going to hire a professional for that relatively simple task,
especially when the point is to learn how it works.
> iptables is packet filtering, proxy is something else.
Proxy -- e.g., http://webmaster.lycos.co.uk/glossary/P/ "Server placed
between a user's machine and the Internet."
What iptables is doing is taking packets from the LAN, forwarding them
to the WAN, and mangling the source IP to be the WAN IP. How is this
not proxying? Do you distinguish between proxy and gateway? If so, how?
Why are there hundreds of thousands of pages in Google describing how
to use iptables as a transparent proxy? Is everyone misusing the term?
Having read the rest of your comments, I think you've misunderstood my
question. I have a perfectly functional gateway/proxy or whatever you
want to call it. Every box within the LAN gets the linux box as its
gateway from a DCHP server. That box also directs inbound packets
depending on IP address and port to different machines in the LAN,
entirely separate from the NAT functionality.
All I'm trying to figure out is why a SonicWALL VPN client on an
internal machine can't connect to a VPN server outside the LAN. I have
read the netfilters webpage, the iptables manpage, and the iptables
documentation in /usr/share/doc. I've also googled for this combination
of services and found other people who have this problem.
I admit I'm not an iptables expert. I do think I understand basically
what it's doing. What I don't understand is why the VPN packets aren't
reaching their destination while everything else works fine.
What I'm asking for is advice about how to troubleshoot it. Even a
link in the right direction would be helpful.
- Next message: Volker Birk: "Re: New Computer Groups"
- Previous message: Somebody.: "Re: Zywall 5 of Firebox X5"
- In reply to: Wolfgang Kueter: "Re: Connection to SonicWall VPN through Linux IPTABLES Firewall/Proxy"
- Next in thread: Wolfgang Kueter: "Re: Connection to SonicWall VPN through Linux IPTABLES Firewall/Proxy"
- Reply: Wolfgang Kueter: "Re: Connection to SonicWall VPN through Linux IPTABLES Firewall/Proxy"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
