[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

Re: [Openvpn-users] Trying to understand...

  • Subject: Re: [Openvpn-users] Trying to understand...
  • From: Stefan Lamby <slamby@xxxxxx>
  • Date: Wed, 12 Sep 2007 23:20:39 +0200

Hi Erich.

Erich Titl schrieb:
> Hi Stefan
> Stefan Lamby schrieb:
>> Hi Erich,
>> hi list.
>> The problem is solved.
>> This was the solution:
> Good to hear you found it.
> ...
>> P.S.: There is still a question left... Maybe someone could pick it up...
>> I am not satisfied at all since I didnt understand, why this
>> SuSEfirewall2-script at the end denies forwarding for tun0. Does this
>> make sense at all even it is an internal interface? Thinking about it
>> again makes me feel that it could make sense as a security issue to deny
>> everything by default. So you do not have wholes in your firewall.
>> FWBuilder is a far better solution to face the firewall settings.
> In my personal opinion SuSEfirewall sucks. For small cases I use
> shorewall and when it comes to real systems, fwbuilder is the choice.

I definitive agree with you. I took a test drive with fwbuilder and was
impressed. I was thinking about changing the whole system to fwbuilder
but got a lot of error messages when importing the iptables-save result
file. Also when it comes to compiling the script, I run into trouble. So
I decided to take it the other way...

BTW: The www.petri.co.il - site - do you advice me to sign up for his
newsletter? Seems to me he knows what he is talking about - good
information material all over the web site.
> cheers
> Erich

Openvpn-users mailing list