Although fs-security ( the company behind Firestarter ) states that the firewall works out of the box with the Cisco VPN client when transparent tunneling is enabled, it seems that it’s not true. When the firewall is on, i can connect to my VPN server though, but all others services don’t work at all i.e. HTTP / IM / SSH … even when i tried the rules posted on their website.
The solution is inserting some exception rules for the virtual VPN interface in file /etc/firestarter/user-pre :
iptables -A INPUT -j ACCEPT -s xxx.xxx.xxx.xxx -p esp
iptables -A INPUT -j ACCEPT -s xxx.xxx.xxx.xxx -p udp -m multiport –sports isakmp,10000
iptables -A INPUT -j ACCEPT -i cipsec0
iptables -A OUTPUT -j ACCEPT -d xxx.xxx.xxx.xxx -p esp
iptables -A OUTPUT -j ACCEPT -d xxx.xxx.xxx.xxx -p udp -m multiport –dports isakmp,10000
iptables -A OUTPUT -j ACCEPT -o cipsec0
Of course, replace xxx.xxx with yor VPN server’s IP. And please note that if you are using vpnc instead of Cisco VPN client then replace cipsec0 with the name of vpnc virtual interface (something like tun0 afaik).
Thank to Arun for those rules.
Related posts:
