Although fs-security ( the company behind Firestarter ) states that the firewall works out of the box with the Cisco VPN client when transparent tunneling is enabled, it seems that it’s not true. When the firewall is on, i can connect to my VPN server though, but all others services don’t work at all i.e. HTTP / IM / SSH … even when i tried the rules posted on their website.
The solution is inserting some exception rules for the virtual VPN interface in file /etc/firestarter/user-pre :
iptables -A INPUT -j ACCEPT -s xxx.xxx.xxx.xxx -p esp
iptables -A INPUT -j ACCEPT -s xxx.xxx.xxx.xxx -p udp -m multiport –sports isakmp,10000
iptables -A INPUT -j ACCEPT -i cipsec0
iptables -A OUTPUT -j ACCEPT -d xxx.xxx.xxx.xxx -p esp
iptables -A OUTPUT -j ACCEPT -d xxx.xxx.xxx.xxx -p udp -m multiport –dports isakmp,10000
iptables -A OUTPUT -j ACCEPT -o cipsec0
Of course, replace xxx.xxx with yor VPN server’s IP. And please note that if you are using vpnc instead of Cisco VPN client then replace cipsec0 with the name of vpnc virtual interface (something like tun0 afaik).
Thank to Arun for those rules.
Comments 2
Worked great for me. Tried (without success) many other solutions including the one suggested in firestarter documentation.
Thanks.
Posted 03 Jan 2008 at 5:10 am ¶Great !!! Thx !
Posted 14 May 2008 at 12:07 pm ¶Trackbacks & Pingbacks 1
[...] LAMNK - recipy for allowing vpn trafic. [...]
Post a Comment