subnet forward suse 9.1/9.3

i have following network config in the the range 192.168 with subnet
masks 255.255.255.128

=======router-------vpn-server----------clients
wan 1.1 1.2 1.129 1.130

natting/firewalling is done in the router, vpn server is used as an
openswan gateway.
With suse 9.1 i only had to set the ip_forward to 1 to get packets from
the clients routed.
With a suse 9.3 , this doesn't seems to work anymore .
Any ideas ?


jef peeraer

jef peeraer wrote:
>
> i have following network config in the the range 192.168 with subnet
> masks 255.255.255.128
>
> =======router-------vpn-server----------clients
> wan 1.1 1.2 1.129 1.130
>
> natting/firewalling is done in the router, vpn server is used as an
> openswan gateway.
> With suse 9.1 i only had to set the ip_forward to 1 to get packets from
> the clients routed.
> With a suse 9.3 , this doesn't seems to work anymore .
> Any ideas ?

You probably need to open the firewall appropriate. I am not quite sure,
but the firewall policies (FORWARD) between 9.1 and 0.3 might have change.

Is the SuSEfirewall activated? If so stop it with the runlevel editor.
Since you already got one, you don't don't need this peace of crap on
your SuSE 9.3 box.

Eric

jef peeraer wrote:
>
> i have following network config in the the range 192.168 with subnet
> masks 255.255.255.128
>
> =======router-------vpn-server----------clients
> wan 1.1 1.2 1.129 1.130
>
> natting/firewalling is done in the router, vpn server is used as an
> openswan gateway.
> With suse 9.1 i only had to set the ip_forward to 1 to get packets from
> the clients routed.
> With a suse 9.3 , this doesn't seems to work anymore .
> Any ideas ?

You probably need to open the firewall appropriate. I am not quite sure,
but the firewall policies (FORWARD) between 9.1 and 9.3 might have changed.

Is the SuSEfirewall activated? If so stop it permanently with the
runlevel editor.
Since you already got the fw in the router, you don't need this piece of
crap on your SuSE 9.3 box.

Eric

Eric Teuber wrote:
> jef peeraer wrote:
>
>>i have following network config in the the range 192.168 with subnet
>>masks 255.255.255.128
>>
>>=======router-------vpn-server----------clients
>> wan 1.1 1.2 1.129 1.130
>>
>>natting/firewalling is done in the router, vpn server is used as an
>>openswan gateway.
>>With suse 9.1 i only had to set the ip_forward to 1 to get packets from
>>the clients routed.
>>With a suse 9.3 , this doesn't seems to work anymore .
>>Any ideas ?
>
>
> You probably need to open the firewall appropriate. I am not quite sure,
> but the firewall policies (FORWARD) between 9.1 and 9.3 might have changed.
>
> Is the SuSEfirewall activated? If so stop it permanently with the
> runlevel editor.
> Since you already got the fw in the router, you don't need this piece of
> crap on your SuSE 9.3 box.
>
> Eric
the firewall doesn't run on the suse box, it's indeed in the router. All
iptables entries are empty, and default policies are accept. Isn't this
ip_forward flag enough to activate the forwardiing, or do i need a
specific forwarding rule ? this wasn't necessary in suse 9.1


thanks for the info


jef peeraer

jef peeraer wrote:
> Eric Teuber wrote:
>
>> jef peeraer wrote:
>>
>>> i have following network config in the the range 192.168 with subnet
>>> masks 255.255.255.128
>>>
>>> =======router-------vpn-server----------clients
>>> wan 1.1 1.2 1.129 1.130
>>>
>>> natting/firewalling is done in the router, vpn server is used as an
>>> openswan gateway.
>>> With suse 9.1 i only had to set the ip_forward to 1 to get packets from
>>> the clients routed.
>>> With a suse 9.3 , this doesn't seems to work anymore .
>>> Any ideas ?
>>
>> You probably need to open the firewall appropriate. I am not quite sure,
>> but the firewall policies (FORWARD) between 9.1 and 9.3 might have
>> changed.
>>
>> Is the SuSEfirewall activated? If so stop it permanently with the
>> runlevel editor.
>> Since you already got the fw in the router, you don't need this piece of
>> crap on your SuSE 9.3 box.
>
> the firewall doesn't run on the suse box, it's indeed in the router. All
> iptables entries are empty, and default policies are accept. Isn't this
> ip_forward flag enough to activate the forwardiing, or do i need a
> specific forwarding rule ? this wasn't necessary in suse 9.1

Your vpn-server must have 192.168.1.1 as its default gateway, all your
clients must have 192.168.1.129 as their default gateway. Assume
router side is 192.168.1.0/25 (25 == 255.255.255.128) and client side
is 192.168.1.128/25. Your router must also have a route for network
192.168.1.128/25 pointing to 192.168.1.2 so return traffic will go to
the client side.