[NTLUG:Discuss] cisco vpn client ver4.6 on SuSE 9.3 kernel 2.6
Steve Martindell
s_martindell at yahoo.com
Tue Aug 30 17:51:44 CDT 2005
Thanks, Chris
I should have said I did a clean(new) install of SuSE9.3,
because that is what several people on ntlug recommended
a few weeks ago, -not upgrade.
---
But, your assesment is correct about the X isn't allowing remote
connects by default, I guess this is a security thing w/ 2.6 kernel?
I will try ssh tonight, but I think it requires ssh to be running
at work, and ssh has a specific IP address?
The better solution(for me) would be to just turn on the
the proper port =6000? to allow remote X. Can I do this
in Yast? or through the iptables command? or running
a shell script?
I'll search SuSE and goolge tonight, maybe I can figure this
out, I'm not good at ports.
---
As for the the amount of work I had to do to get the Redhat
install script to work on SuSE, it almost makes me want to
use winxp. ouch!
-steve
smartind_____ATT____comcast______dott____nett
s-martindell-------ATT-----ti-----dott-----com
Chris Cox <cjcox at acm.org> wrote:
Steve Martindell wrote:
> I upgraded SuSE 8.2 kernel-2.4 to SuSE 9.3 kernel-2.6
> in order to install the latest cisco vpn client 4.6.
You're running a SUSE 8.2 system with the SUSE 9.3 kernel?
(Ick)
> After ~4 hours of dealing w/ missing config files,
> files in the wrong place, and files not compiled,
> I got it to connect to work with a standard c-shell.
I can only imagine. Did you have to run the latest
Cisco client? I know we run a version 4.something
on our SUSE 8.2 boxes without problem.
>
> When I start an X-application(like xcalc) it can't
> send the display back to Linux PC at home.
Well.. on a 9.3 box (not necessarily true of 8.2),
you'll find that your X server does not allow
remote connects by default. A possible workaround
is to enable ssh X11 forwarding and do ssh -X
and bring up your client.
If you just have to use X11 (port 6000) then
you can enable it on SUSE, there's a couple of
steps (it's repeated daily... should be a FAQ...
if you can't find it post... I'll dig up my
own notes).
> I believe this is related to another script they
> supplied that did not run correctly called
> "set_X11_access".
>
> What I want to do is just hard code this redhat script
>
> to allow remote X display to work on home SuSE PC.
>
> the two important commands in the "set_X11_access"
> script are as follows:
>
> 1)# compute the X rule number
> RULE_NO=`$IPTABLES -t filter --line-numbers -L INPUT |
> grep "x11" | awk -F \ '{ print $1 }' - `
> export RULE_NO
>
> 2)# execute rule
> $IPTABLES -t filter -R $RULE_NO -i eth0 -p tcp --syn
> --dport 6000:6255 -s 0/0 -d 0/0 $LOG -j $ACCESS
>
> I think these two cmds opens up certain ports based on
> the results of the grep "x11" command
>
> But when I try command #1) on SuSE, it returns nothing
> and so $RULE_NO never gets set, and therefore the
> $IPTABLES command 2) complains:
> "iptables v1.3.1: -R requires a rule number"
>
> questions:
> do I need to run this script ?
> can I hard code this script for SuSE ?
> can I just set the iptables by hand ?
> if so where do I set the iptables on SuSE ?
> how do I know which ports to allow/accept
> access?
SUSE has its own friendly firewall administration
you can get to via YaST. However, if you trust
your VPN and already have a firewall appliance
that you trust, then you might not need to
run a firewall at all. I'd certainly remove
it from the picture if at all possible and add
it back when you have something that works (but
again, it may not be needed at all if you trust
the host/net your VPN'ing to).
_______________________________________________
https://ntlug.org/mailman/listinfo/discuss
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
More information about the Discuss
mailing list