Manualshelf

Datasheet

ManualsBrandsNovell ManualsSoftware00662644465449-OEM
661662663664665666667668669670
“main” (Installation and Administration) 2004/6/25 13:29 page 643 #669
i
i
i
i
i
i
i
i
26
Security in the Network
Creating Desktop Links
Finally, create a link to the C:\Programs\IPsec\IPSEC.exe file on the
desktop. Now establish the connection to the Internet and click the first
link. A window opens and the IPsec filters are configured for your cur-
rent connection. The best way to test the tunnel is with ping <client
IP behind the tunnel>. The message “Negotiating IP Security” ap-
pears once or twice, after which you will see the normal ping responses.
The tunnel is active. In the case of Windows 2000, this takes two ping com-
mands, so start ping again.
Closing a Connection
To deactivate the IPsec filter and the tunnel, first call IPSEC.exe -off
then IPSEC.exe -delete. It is best to create a desktop link for this too.
26.3 Masquerading and Firewalls
Whenever Linux is used in a networked environment, you can use the ker-
nel functions that allow the manipulation of network packets to maintain
a separation between internal and external network areas. The Linux net-
filter framework provides the means to establish an effective firewall that
keeps different networks apart. With the help of iptables — a generic ta-
ble structure for the definition of rule sets — precisely control the packets
allowed to pass a network interface. Such a packet filter can be set up quite
easily with the help of SuSEfirewall2 and the corresponding YaST module.
26.3.1 Packet Filtering with iptables
The components netfilter and iptables are responsible for the filtering and
manipulation of network packets as well as for network address transla-
tion (NAT). The filtering criteria and any actions associated with them are
stored in chains, which must be matched one after another by individual
network packets as they arrive. The chains to match are stored in tables.
The iptables command allows you to alter these tables and rule sets.
The Linux kernel maintains three tables, each for a particular category of
functions of the packet filter:
643SUSE LINUX Enterprise Server