[plug] Firewall Issue Help request

Jon L Miller jlmiller at mmtnetworks.com.au
Mon May 17 13:45:59 WST 2010


I've got a problem I've been trying to resolve for a day or so.  We (Cisco
and I) just added some configuration on a cisco router to allow certain
users access to the internal network via Cisco VPN Client.  The problem is
now I need to adjust the firewall on the Linux server to allow for the CVPN
users access.  The remote users are on a 10.5.5.0/28 network when they log
in.  They need to access the LAN on192.168.5.0.  So the setup goes like
this:

                          CVPN user 10.5.5.0/28
                             |
                    [cisco router] simple firewall
                             |  192.168.20.1 FE0
                             |  192.168.20.2 eth0
                    {linux server}  major firewall
                             |   192.168.5.0/24
                          LAN


#$IPT -t nat -A POSTROUTING -s 192.168.5.0/24 -o eth0 -j SNAT --to
192.168.20.2
        # exempt the .5 network from PAT when destined to 10.5.5.0/28
network.
        $IPT -t nat -A POSTROUTING -o $EXT_IFACE -s 192.168.5.0/24 -d
10.5.5.0/28 -j ACCEPT
        $IPT -t nat -A POSTROUTING -o $EXT_IFACE -j MASQUERADE

I can get a connection to the router just cannot get any packets inside the
LAN or on the external iface of the linux box, we can see packets on the
internal iface of the router though.

Regards,

Jon
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.plug.org.au/pipermail/plug/attachments/20100517/89a76cf1/attachment.html>


More information about the plug mailing list