RE: Problem Found! - Firewall Rule

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, 2003-06-06 at 02:56, George Vieira wrote:
> Your local IP is the same as the remote networks IP.. so how is the
> local machine to know that 192.168.0.55 or 66 or 32 is on the VPN!?
>  
> The only way I know is to proxyarp the ppp device that the vpn is
> running on.. I'm assuming it's PPTP so you could try this command when
> the VPN comes up :
> echo 1 > /proc/sys/net/ipv4/conf/$VPNDEV/proxy_arp
You can also use the netfilter P-O-M route patch, which allows you to
redirect traffic via different interfaces (route) based on regular
iptables conditions (-s, -d, -p, etc).

>  
> and this must be done on the VPN server too..
> I've never done it this way with a VPN.. but you can only try it..
>  
> I'm surprised that anything really works properly the way you've done
> it because the firewall has 2 network devices with the same IP range.
> 
> Thanks,
> 
> 
>  
> ____________________________________________
> George Vieira
> Citadel Computer Systems Pty Ltd Systems Managergeorgev AT
> citadelcomputer DOT com DOT au
> Citadel Computer Systems Pty Ltd
> Phone : +61 2 9955 2644HelpDesk: +61 2 9955 2698
> http://www.citadelcomputer.com.au
>  
>  
> -----Original Message-----
> From: John Paul [mailto:john@xxxxxxxxxxxxxxxxxxxx]
> Sent: Friday, June 06, 2003 9:56 AM
> To: netfilter@xxxxxxxxxxxxxxxxxxx
> Subject: Problem Found! - Firewall Rule
> 
> 
> Hello Folks, its me again :(
>  
> Below is my config. My problem is, I can connect to VPN but for some
> reason, I cannot see machines inside the network after being
> connected. Can somebody give me the simpliest firewall rule on this?
> just for me to see the machines inside the network.
>  
> Thanks!
> /JP
>  
-- 
--
Raymond Leach <raymondl@xxxxxxxxxxxxxxxxxxxxxx>
Network Support Specialist
http://www.knowledgefactory.co.za
"lynx -source http://www.rchq.co.za/raymondl.asc | gpg --import"
Key fingerprint = 7209 A695 9EE0 E971 A9AD  00EE 8757 EE47 F06F FB28
--

Attachment: signature.asc
Description: This is a digitally signed message part


[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux