Tema: Re: Cisco vpn - iptables
Autorius: Igaliotinis patrulis!
Data: 2008-08-29 11:42:00
nepadejo...

"rabarbaras" <rabarbaras@zebra.lt> wrote in message 
news:g98asn$e43$1@trimpas.omnitel.net...
> Pabandyk
> -m state --state ESTABLISHED,RELATED
> ismesti
>
> Igaliotinis patrulis! wrote:
>> seip cia guglej radau, tai sudejau viska ka tik galva ishnesha tuom 
>> klausimu, nesu labai stiprus tuom klausimu, gal galetum placiau 
>> pakomentuoti?
>>
>> visgi panashu, kad problema ishorej.. perjungiau visa lana ant 
>> hardwarinio cisco routerio, problema ishliko ta pati. prisijungia visi 
>> clientai, taciau pinginasi tik ish to, kuris pirmas prisijungia..
>>
>>
>> "rabarbaras" <rabarbaras@zebra.lt> wrote in message 
>> news:g98a88$cuh$1@trimpas.omnitel.net...
>>> Kiek teko ciupinet IPSec trafika su maskaradu, del sventos ramybes 
>>> geriau apsieti be conntrack'o.
>>> :)
>>>
>>> Igaliotinis patrulis! wrote:
>>>> perejo ant hardwaro:)
>>>>
>>>> "rabarbaras" <rabarbaras@zebra.lt> wrote in message 
>>>> news:g989e4$bdu$1@trimpas.omnitel.net...
>>>>> O kam state ?
>>>>>
>>>>> Igaliotinis patrulis! wrote:
>>>>>> Sveiki,
>>>>>>
>>>>>> Isorej stovi cisco vpn servas. Prisijungus ish musu vidinio tinklo 
>>>>>> naudojant cisco vpn klienta viskas veikia, pingai i remote vidinius 
>>>>>> ipus praeina. Prisijungiu su antru kompu i tuos pacius ipus - ping 
>>>>>> neatsako.. Galbut reikia itraukt kazka i mano servo iptables?
>>>>>>
>>>>>> Tokia pati problema anksciau buvo su windowsiniais vpnt 
>>>>>> connectionais - prisijungdavo tik vienas kompas ish lano. Parashiau 
>>>>>> cia ir kazkas patare uzkraut modprobe ip_nat_pptp, ir viskas 
>>>>>> susitvarke. Galbut kazko panashaus dar reikia ir cisco vpnui ? Cisco 
>>>>>> vpn kliento transportas - IPSec over UDP (NAT/PAT)..
>>>>>>
>>>>>> rc.nat atrodo taip:
>>>>>>
>>>>>> #!/bin/sh
>>>>>>
>>>>>> modprobe ip_tables
>>>>>> modprobe ip_conntrack
>>>>>> modprobe ip_conntrack_ftp
>>>>>> modprobe ip_conntrack_irc
>>>>>> modprobe iptable_nat
>>>>>> modprobe ip_nat_ftp
>>>>>> modprobe ip_nat_irc
>>>>>> modprobe ip_nat_pptp
>>>>>> modprobe ip_nat_proto_gre
>>>>>> modprobe ip_conntrack_proto_gre
>>>>>> modprobe ip_conntrack_pptp
>>>>>>
>>>>>> iptables -F INPUT
>>>>>> iptables -P INPUT ACCEPT
>>>>>> iptables -F OUTPUT
>>>>>> iptables -P OUTPUT ACCEPT
>>>>>> iptables -F FORWARD
>>>>>> iptables -P FORWARD DROP
>>>>>> iptables -t nat -F
>>>>>>
>>>>>> iptables -A FORWARD -i eth0 -o eth1 -m state --state 
>>>>>> ESTABLISHED,RELATED -j ACCEPT
>>>>>> iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT
>>>>>> iptables -A FORWARD -j LOG
>>>>>> iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
>>>>>>
>>>>>> Jei neaiskiai aprashiau problema tai soriux :) bemiege naktis - 
>>>>>> sunkus rytas..
>>>>>>
>>>>>> Aciu
>>
+ubuntu ir tvtime garsasdovydas2008-10-04 20:02
+UbuntuPluss2008-10-03 16:35
+Reikia patarimo del PCI wifi ploksteskornaz2008-10-02 12:59
+print queue managerblatas2008-10-02 11:59
+SmartUPS 2 kompams: ką rekomenduosit?Artūras Šlajus2008-10-01 16:47
+Alternatyvus DHCP servisas vietoje Windows Server DHCPkrx2008-09-30 21:44
+retorinis klausimas apie spamaVJ2008-09-30 01:33
+Kaip vadinasi gryztancio emailo spamas?Levas 32008-09-26 15:43
+Kiba naujas virusas ar spamas atgijo? :)Levas 32008-09-26 15:18
+Manipuliacija su antru gw. Padekit Levui :)Levas 32008-09-26 12:30
+Koki rinktis?voxdizainas2008-09-26 08:43
+ext3 recoverinimasNerijus Skarzauskas2008-09-26 07:30
mail clientas + exchange serverAgent Smith2008-09-25 03:52
+Litnetas ir keli IP adresaiLevas2008-09-24 20:27
+koks connectionas ?TZ2008-09-24 11:57
+samba+win explorerisbiagle <justas @ lanteka.lt>2008-09-19 18:15
+HELP: Slackware 12--==Deveros==--2008-09-19 16:56
+OFF: Bugu pachinimasuntanas2008-09-18 16:59
+Q: WINS serverisssh2008-09-18 11:34
Lietuvybe Soliaryje 10Andrius2008-09-18 01:10
+symlinkai blogis?azuolas2008-09-16 12:47
+pf firewallemnt2008-09-15 00:34
+routaiemnt2008-09-11 15:40
+iconv problemaIngodas Vytrastas2008-09-11 13:31
+saito uzblokavimas iptables'u pagalbaIgaliotinis patrulis!2008-09-11 11:36
+apache restartai 00:10 kasnaktRocco2008-09-08 15:11
+vartotojo priskyrimas grupeitOMZY2008-09-05 14:43
+Problema su rezoliucijaErikas2008-09-05 10:13
+skynet dingstaemnt2008-09-04 10:01
+WWW TempatePluss2008-09-03 11:28
Labassergeii2008-09-01 10:34
+zinuciu merginimasJustas.p2008-08-29 20:55
+Postfix UBEziuras2008-08-29 13:10
+postfix+mysqlRobertas2008-08-29 11:40
-Cisco vpn - iptablesIgaliotinis patrulis!2008-08-29 10:30
Re: Cisco vpn - iptablesIgaliotinis patrulis!2008-08-30 15:33
Re: Cisco vpn - iptablesrabarbaras2008-08-29 10:45
Re: Cisco vpn - iptablesIgaliotinis patrulis!2008-08-29 10:47
Re: Cisco vpn - iptablesrabarbaras2008-08-29 10:59
Re: Cisco vpn - iptablesIgaliotinis patrulis!2008-08-29 11:07
Re: Cisco vpn - iptablesrabarbaras2008-08-29 11:09
Re: Cisco vpn - iptablesIgaliotinis patrulis!2008-08-29 11:42
+software raidTaip2008-08-28 21:12
+Q: hylafaxssh2008-08-28 10:54
+Gmail ir spamAladdin2008-08-27 22:05
+keli klausimai (daugiau su programavimu susiję)Žilvinas Ledas2008-08-27 14:26
+padekit su komandomImobili2008-08-27 11:59
+OT: optika ir optika-utp konverteriai kauneArtūras Šlajus2008-08-27 11:48
+Q: postfix (vienas domain'as 2 ofisai)Dex2008-08-27 11:12
+mistika su smtpRobertas2008-08-27 10:13
+Squid; SquidGuardPluss2008-08-27 10:05