[Firewall] Kernel modules and VPN help

blip42 blip42 at zoho.com
Sat Mar 17 22:20:54 CET 2012



Hello,


Does anyone have a list of required kernel modules needed for the latest version of Arno's Firewall?


I have been trying (with version 2.0.1a) to get a laptop to connect to work via Cisco VPN
connecting through the box running the firewall.
but have so far been unable to get it to work. I was about to recompile the kernel (3.2.7) for 
something else anyway and thought I'd at least check that I have all I need.


I'm running Slackware64-current with Kernel 3.2.7
Setup is BoxA has eth0 set for DHCP from Comcast
BoxA also has eth1 set as 10.0.2.1 running DHCP for internal network
other internal systems connect get internal IP browse the interwebs fine.
The only problem I seem to have is the VPN not able to complete negotiation.


I have NAT enabled with masquerading enabled.


and the other  following setting:


cat /etc/arno-iptables-firewall/firewall.conf | grep -v -e ^$ -e ^# -e '=""'
EXT_IF="eth0"
EXT_IF_DHCP_IP=1
EXTERNAL_DHCP_SERVER=0
EXTERNAL_DHCPV6_SERVER=0
INT_IF="eth1"
INTERNAL_NET="10.0.2.0/24"
INTERNAL_NET_ANTISPOOF=0
DMZ_NET_ANTISPOOF=1
NAT=1
NAT_INTERNAL_NET="$INTERNAL_NET"
NAT_LOCAL_REDIRECT=1
NAT_FORWARD_TCP="500,4500,10000,62515>10.0.2.24"
NAT_FORWARD_UDP="500,4500,10000,62515>10.0.2.24"
NAT_FORWARD_IP="47,50>10.0.2.24"
IP4TABLES="/usr/sbin/iptables"
IP6TABLES="/usr/sbin/ip6tables"
ENV_FILE="/usr/local/share/arno-iptables-firewall/environment"
PLUGIN_BIN_PATH="/usr/local/share/arno-iptables-firewall/plugins"
PLUGIN_CONF_PATH="/etc/arno-iptables-firewall/plugins"
DMESG_PANIC_ONLY=1
MANGLE_TOS=1
SET_MSS=1
TTL_INC=0
USE_IRC=0
LOOSE_FORWARD=0
FORWARD_LINK_LOCAL=0
IPV6_DROP_RH_ZERO=1
RESERVED_NET_DROP=0
DRDOS_PROTECT=0
IPV6_SUPPORT=1
NMB_BROADCAST_FIX=0
COMPILED_IN_KERNEL_MESSAGES=1
DEFAULT_POLICY_DROP=1
TRUSTED_IF="eth1"
CUSTOM_RULES="/etc/arno-iptables-firewall/custom-rules"
DISABLE_IPTABLES_BATCH=0
TRACE=0
BLOCKED_HOST_LOG=1
SCAN_LOG=1
POSSIBLE_SCAN_LOG=1
BAD_FLAGS_LOG=1
INVALID_TCP_LOG=0
INVALID_UDP_LOG=0
INVALID_ICMP_LOG=0
RESERVED_NET_LOG=0
FRAG_LOG=1
INET_OUTPUT_DENY_LOG=1
LAN_OUTPUT_DENY_LOG=1
LAN_INPUT_DENY_LOG=1
DMZ_OUTPUT_DENY_LOG=1
DMZ_INPUT_DENY_LOG=1
FORWARD_DROP_LOG=1
LINK_LOCAL_DROP_LOG=1
ICMP_REQUEST_LOG=1
ICMP_OTHER_LOG=1
PRIV_TCP_LOG=1
PRIV_UDP_LOG=1
UNPRIV_TCP_LOG=1
UNPRIV_UDP_LOG=1
IGMP_LOG=1
OTHER_IP_LOG=1
ICMP_FLOOD_LOG=1
LOGLEVEL="debug"
SYN_PROT=1
REDUCE_DOS_ABILITY=1
ECHO_IGNORE=0
LOG_MARTIANS=0
IP_FORWARDING=1
IPV6_AUTO_CONFIGURATION=1
ICMP_REDIRECT=0
CONNTRACK=16384
ECN=0
RP_FILTER=1
SOURCE_ROUTE_PROTECTION=1
LOCAL_PORT_RANGE="32768 61000"
DEFAULT_TTL=64
NO_PMTU_DISCOVERY=0
LAN_OPEN_ICMP=1
LAN_INET_OPEN_ICMP=1
LAN_INET_HOST_OPEN_IP="0/0>111.222.333.444~47,50"   <=(propper company VPN IP removed)
DMZ_OPEN_ICMP=1
INET_DMZ_OPEN_ICMP=0
DMZ_INET_OPEN_ICMP=1
DMZ_LAN_OPEN_ICMP=0
OPEN_ICMP=1
OPEN_ICMPV6=1
OPEN_TCP="22 80"
BLOCK_HOSTS_BIDIRECTIONAL=0







Any help/suggestions would be welcome. 


I'm sure I probably forgot something and left some useful info out.
Oh, also every time I start the firewall, it creates three files called "2", "6" and "24" with zero length 
and not that I've looked for the cause too much yet, but maybe that it the cause of my problem and/or
maybe someone else has worked through it already..


Thank very much,
Mike

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://rocky.eld.leidenuniv.nl/pipermail/firewall/attachments/20120317/fdbe85f0/attachment.html>


More information about the Firewall mailing list