HostedDB - Dedicated UNIX Servers
Securing-Optimizing-RH-Linux-1_2_312
Comments and suggestions concerning this book should be mailed to gmourani@videotron.ca © Copyright 1999-2000 Gerhard Mourani and Open Network Architecture ® 312     # All internal traffic is masqueraded externally.      ipchains -A forward -i $EXTERNAL_INTERFACE -s $LOCALNET_1 -j MASQ Where EXTERNAL_INTERFACE="eth0" # You external interface to the Internet. Where LOCALNET_1=" 192.168.1.0/24" # whatever private range you use. NOTE: See chapter 8 “Networking Firewall with Masquerading and Forwarding support” for more information. Now, you can reboot your system and the machines on Gateway A should be able to talk to the machines on Gateway B with no problems. Testing the installation · Reboot the both gateways to get FreeS/WAN started. · Examine the “/var/log/messages” file for any signs of trouble. If all goes well you should see something like this in the “/var/log/messages” file: Feb  2 05:22:35 deep ipsec_setup: Starting FreeS/WAN IPSEC snap2000jan31b... Feb  2 05:22:35 deep ipsec_setup: KLIPS debug `none' Feb  2 05:22:35 deep ipsec_setup: KLIPS ipsec0 on eth0 192.168.1.1/255.255.255.0 broadcast 192.168.1.255 Feb  2 05:22:36 deep ipsec_setup: Disabling core dumps: Feb  2 05:22:36 deep ipsec_setup: Starting Pluto (debug `none'): Feb  2 05:22:37 deep ipsec_setup: Loading Pluto database `deep-mail': Feb  2 05:22:37 deep ipsec_setup: Enabling Pluto negotiation: Feb  2 05:22:37 deep ipsec_setup: Routing for Pluto conns `deep-mail': Feb  2 05:22:37 deep ipsec_setup: Initiating Pluto tunnel `deep-mail': Feb  2 05:22:39 deep ipsec_setup: 102 "deep-mail" #1: STATE_MAIN_I1: initiate Feb  2 05:22:39 deep ipsec_setup: 104 "deep-mail" #1: STATE_MAIN_I2: from STATE_MAIN_I1; sent MI2, expecting MR2 Feb  2 05:22:39 deep ipsec_setup: 106 "deep-mail" #1: STATE_MAIN_I3: from STATE_MAIN_I2; sent MI3, expecting MR3 Feb  2 05:22:39 deep ipsec_setup: 004 "deep-mail" #1: STATE_MAIN_I4: SA established Feb  2 05:22:39 deep ipsec_setup: 110 "deep-mail" #2: STATE_QUICK_I1: initiate Feb  2 05:22:39 deep ipsec_setup: 004 "deep-mail" #2: STATE_QUICK_I2: SA established Feb  2 05:22:39 deep ipsec_setup: ...FreeS/WAN IPSEC started · Examine the “/var/log/secure” file for any signs of trouble. If all goes well you should see something like the following: Feb 21 14:45:42 deep Pluto[432]: Starting Pluto (FreeS/WAN Version 1.3) Feb 21 14:45:43 deep Pluto[432]: added connection description "deep-mail" Feb 21 14:45:43 deep Pluto[432]: listening for IKE messages  Feb 21 14:45:43 deep Pluto[432]: adding interface ipsec0/eth0 192.168.1.1  Feb 21 14:45:43 deep Pluto[432]: loading secrets from "/etc/ipsec.secrets" Feb 21 14:45:43 deep Pluto[432]: "deep-mail" #1: initiating Main Mode Feb 21 14:45:44 deep Pluto[432]: "deep-mail" #1: ISAKMP SA established Feb 21 14:45:44 deep Pluto[432]: "deep-mail" #2: initiating Quick Mode POLICY_RSASIG+POLICY_ENCRYPT+POLICY_AUTHENTICATE+POLICY_TUNNEL+POLICY_ PFS Feb 21 14:45:46 deep Pluto[432]: "deep-mail" #2: sent QI2, IPsec SA established Feb 21 14:45:47 deep Pluto[432]: "deep-mail" #3: responding to Main Mode Feb 21 14:45:49 deep Pluto[432]: "deep-mail" #3: sent MR3, ISAKMP SA established