Re: Connection to SonicWall VPN through Linux IPTABLES Firewall/Proxy
Available news archives: comp.lang.tcl - comp.lang.python - comp.security.firewalls - sci.crypt - comp.lang.php - comp.lang.javascript
Google
 
Web news.hping.org


comp.security.firewalls archive

Re: Connection to SonicWall VPN through Linux IPTABLES Firewall/Proxy

From: <ajkessel@gmail.com>
Date: Wed Nov 23 2005 - 17:20:56 CET



> b)


> Does some computer in your network run some sonicwall VPN client software


> and the setup looks like this:


>


> corporate side                your side


>                                    LanB


> LanA---sonicwall---internet---Linux---PC runing sonicwall VPN-client SW



That is my set-up, as I indicated in Nov 2, 9:47 am posting. There is


only one Windows client, at a static NAT address, in the LAN behind the


Linux NAT box, that needs to connect with the SonicWall server on the


corporate side.



> Using the mangle table is seldom if ever neccessary and in most cases does


> more harm than good.



I was using the mangle table to log packets, nothing else. I have


established, with tcpdump and a LOG target in the mangle table, that


packets successfully go from the home client to the NAT box on the


Internet, then from the NAT box to the corporate server; and then are


received back from the corporate server to the NAT box, but disappear


somewhere in between mangle PREROUTING and the nat table. They are


never sent out again on the inward facing ethernet interface. I don't


see how logging in the mangle table does "more harm than good."



> While setup b will certainly be not much fun setup b will even be


> be more difficult ...



I'm not sure which setup you mean is more difficult?



>  After that tell me where to send the invoice, give me root access to that


> Linux box and approximately 30 minutes, OK, maybe I might need 1 hour.


> hourly rate upon request



I think you're missing the point. I am trying to learn something about


netfilters/iptables and packet routing. If I just wanted a solution, I


would put my Buffalo router back in place because it was working fine.


I posted to this newsgroup and the netfilters email list to try to work


out the problem so I have a better understanding of how this stuff


works and I can help others for free in the future (see, e.g.,


<http://adam.rosi-kessel.org/linux>.)



I've spoken with some very knowledgeable and helpful people who have


helped me isolate the problem to the packets disappearing before they


enter the nat table but haven't been able to figure out why.  I'm


hoping to figure out the next step.


Received on Sat Dec  3 04:18:01 2005