Allowing VPN traffic trough Ubuntu firewall to connect on Sophos firewall
I need advice to achieve something and I can't find the answer anywhere.
I'm setting up a network in a test lab. I have an Ubuntu machine that runs SNORT as an IDS and it's the only machine that as an internet connexion. This machine is connected to a Sophos machine that is our primary firewall. Behind the Sophos firewall, we have a DMZ network and an internal network with clients and various servers.
I setted up a L2TP over IPsec VPN on the sophos machine and I know that I can connect to it since I have a test machine between SNORT and Sophos and the connexion works. My problem is that I can't access my VPN if I try to connect to it with the external IP address of the SNORT machine.
I've been able to NAT internet to the machines that need an internet connexion using masquerading and this part works fine. If anyone know how to allow my VPN to connect through the SNORT machine, it would be a life savor right now.
Thanks a lot and any help is much appreciated
vpn firewall ipsec
add a comment |
I need advice to achieve something and I can't find the answer anywhere.
I'm setting up a network in a test lab. I have an Ubuntu machine that runs SNORT as an IDS and it's the only machine that as an internet connexion. This machine is connected to a Sophos machine that is our primary firewall. Behind the Sophos firewall, we have a DMZ network and an internal network with clients and various servers.
I setted up a L2TP over IPsec VPN on the sophos machine and I know that I can connect to it since I have a test machine between SNORT and Sophos and the connexion works. My problem is that I can't access my VPN if I try to connect to it with the external IP address of the SNORT machine.
I've been able to NAT internet to the machines that need an internet connexion using masquerading and this part works fine. If anyone know how to allow my VPN to connect through the SNORT machine, it would be a life savor right now.
Thanks a lot and any help is much appreciated
vpn firewall ipsec
SNORT isn't the Ubuntu firewall, it's an IDS/IPS system. You would need to start by looking at the SNORT logs. This being said, Sophos firewalls *do * have the ability to also do IDS/IPS itself...
– Thomas Ward♦
Feb 10 at 22:39
I know that SNORT isn't the Ubuntu firewall. Im trying to allow the traffic trough UFW and I tried with Firewalld since I'm more familliar with Centos 7 but I need to use Ubuntu in this configuration. There's no real reason to bother with SNORT right now, it's not a problem. As for the Sophos ability to act as an IDS, I know it's possible but I have really strict restrictions on how to build the network, and I need to use SNORT and Sophos, on different machines. Right now I'm able to connect to Sophos Webadmin page using the IP address of the Ubuntu machine, but still can't connect to the VPN
– Émile Grenier
Feb 11 at 16:54
I think it's more of a port fowarding issue than anything else, but I can't make it work right now. I can tell you wich port I tried to forward and allow if that can be useful. Thanks
– Émile Grenier
Feb 11 at 16:57
you'd need to provide configuration details as well but yes. The chances are there's somehting wrong going on here, but also keep in mind that UFW is not built to do Port Forwarding; that's where you'd need more advancediptables
rules whichufw
will not like in its default ruleset unless you configure it as such (and usually at that point I push for people to useiptables
directly instead of using UFW for port forwarding)
– Thomas Ward♦
Feb 12 at 2:48
I disabled UFW and I'm using iptables and firewalld. I tried forwarding UDP ports 4500, 500 and 1701. I also created rich rules to allow protocol ESP and AH but I still can't connect to the VPN. I removed SNORT to make sure that wasn't the issue.
– Émile Grenier
Feb 12 at 2:59
add a comment |
I need advice to achieve something and I can't find the answer anywhere.
I'm setting up a network in a test lab. I have an Ubuntu machine that runs SNORT as an IDS and it's the only machine that as an internet connexion. This machine is connected to a Sophos machine that is our primary firewall. Behind the Sophos firewall, we have a DMZ network and an internal network with clients and various servers.
I setted up a L2TP over IPsec VPN on the sophos machine and I know that I can connect to it since I have a test machine between SNORT and Sophos and the connexion works. My problem is that I can't access my VPN if I try to connect to it with the external IP address of the SNORT machine.
I've been able to NAT internet to the machines that need an internet connexion using masquerading and this part works fine. If anyone know how to allow my VPN to connect through the SNORT machine, it would be a life savor right now.
Thanks a lot and any help is much appreciated
vpn firewall ipsec
I need advice to achieve something and I can't find the answer anywhere.
I'm setting up a network in a test lab. I have an Ubuntu machine that runs SNORT as an IDS and it's the only machine that as an internet connexion. This machine is connected to a Sophos machine that is our primary firewall. Behind the Sophos firewall, we have a DMZ network and an internal network with clients and various servers.
I setted up a L2TP over IPsec VPN on the sophos machine and I know that I can connect to it since I have a test machine between SNORT and Sophos and the connexion works. My problem is that I can't access my VPN if I try to connect to it with the external IP address of the SNORT machine.
I've been able to NAT internet to the machines that need an internet connexion using masquerading and this part works fine. If anyone know how to allow my VPN to connect through the SNORT machine, it would be a life savor right now.
Thanks a lot and any help is much appreciated
vpn firewall ipsec
vpn firewall ipsec
asked Feb 10 at 22:34
Émile GrenierÉmile Grenier
1
1
SNORT isn't the Ubuntu firewall, it's an IDS/IPS system. You would need to start by looking at the SNORT logs. This being said, Sophos firewalls *do * have the ability to also do IDS/IPS itself...
– Thomas Ward♦
Feb 10 at 22:39
I know that SNORT isn't the Ubuntu firewall. Im trying to allow the traffic trough UFW and I tried with Firewalld since I'm more familliar with Centos 7 but I need to use Ubuntu in this configuration. There's no real reason to bother with SNORT right now, it's not a problem. As for the Sophos ability to act as an IDS, I know it's possible but I have really strict restrictions on how to build the network, and I need to use SNORT and Sophos, on different machines. Right now I'm able to connect to Sophos Webadmin page using the IP address of the Ubuntu machine, but still can't connect to the VPN
– Émile Grenier
Feb 11 at 16:54
I think it's more of a port fowarding issue than anything else, but I can't make it work right now. I can tell you wich port I tried to forward and allow if that can be useful. Thanks
– Émile Grenier
Feb 11 at 16:57
you'd need to provide configuration details as well but yes. The chances are there's somehting wrong going on here, but also keep in mind that UFW is not built to do Port Forwarding; that's where you'd need more advancediptables
rules whichufw
will not like in its default ruleset unless you configure it as such (and usually at that point I push for people to useiptables
directly instead of using UFW for port forwarding)
– Thomas Ward♦
Feb 12 at 2:48
I disabled UFW and I'm using iptables and firewalld. I tried forwarding UDP ports 4500, 500 and 1701. I also created rich rules to allow protocol ESP and AH but I still can't connect to the VPN. I removed SNORT to make sure that wasn't the issue.
– Émile Grenier
Feb 12 at 2:59
add a comment |
SNORT isn't the Ubuntu firewall, it's an IDS/IPS system. You would need to start by looking at the SNORT logs. This being said, Sophos firewalls *do * have the ability to also do IDS/IPS itself...
– Thomas Ward♦
Feb 10 at 22:39
I know that SNORT isn't the Ubuntu firewall. Im trying to allow the traffic trough UFW and I tried with Firewalld since I'm more familliar with Centos 7 but I need to use Ubuntu in this configuration. There's no real reason to bother with SNORT right now, it's not a problem. As for the Sophos ability to act as an IDS, I know it's possible but I have really strict restrictions on how to build the network, and I need to use SNORT and Sophos, on different machines. Right now I'm able to connect to Sophos Webadmin page using the IP address of the Ubuntu machine, but still can't connect to the VPN
– Émile Grenier
Feb 11 at 16:54
I think it's more of a port fowarding issue than anything else, but I can't make it work right now. I can tell you wich port I tried to forward and allow if that can be useful. Thanks
– Émile Grenier
Feb 11 at 16:57
you'd need to provide configuration details as well but yes. The chances are there's somehting wrong going on here, but also keep in mind that UFW is not built to do Port Forwarding; that's where you'd need more advancediptables
rules whichufw
will not like in its default ruleset unless you configure it as such (and usually at that point I push for people to useiptables
directly instead of using UFW for port forwarding)
– Thomas Ward♦
Feb 12 at 2:48
I disabled UFW and I'm using iptables and firewalld. I tried forwarding UDP ports 4500, 500 and 1701. I also created rich rules to allow protocol ESP and AH but I still can't connect to the VPN. I removed SNORT to make sure that wasn't the issue.
– Émile Grenier
Feb 12 at 2:59
SNORT isn't the Ubuntu firewall, it's an IDS/IPS system. You would need to start by looking at the SNORT logs. This being said, Sophos firewalls *do * have the ability to also do IDS/IPS itself...
– Thomas Ward♦
Feb 10 at 22:39
SNORT isn't the Ubuntu firewall, it's an IDS/IPS system. You would need to start by looking at the SNORT logs. This being said, Sophos firewalls *do * have the ability to also do IDS/IPS itself...
– Thomas Ward♦
Feb 10 at 22:39
I know that SNORT isn't the Ubuntu firewall. Im trying to allow the traffic trough UFW and I tried with Firewalld since I'm more familliar with Centos 7 but I need to use Ubuntu in this configuration. There's no real reason to bother with SNORT right now, it's not a problem. As for the Sophos ability to act as an IDS, I know it's possible but I have really strict restrictions on how to build the network, and I need to use SNORT and Sophos, on different machines. Right now I'm able to connect to Sophos Webadmin page using the IP address of the Ubuntu machine, but still can't connect to the VPN
– Émile Grenier
Feb 11 at 16:54
I know that SNORT isn't the Ubuntu firewall. Im trying to allow the traffic trough UFW and I tried with Firewalld since I'm more familliar with Centos 7 but I need to use Ubuntu in this configuration. There's no real reason to bother with SNORT right now, it's not a problem. As for the Sophos ability to act as an IDS, I know it's possible but I have really strict restrictions on how to build the network, and I need to use SNORT and Sophos, on different machines. Right now I'm able to connect to Sophos Webadmin page using the IP address of the Ubuntu machine, but still can't connect to the VPN
– Émile Grenier
Feb 11 at 16:54
I think it's more of a port fowarding issue than anything else, but I can't make it work right now. I can tell you wich port I tried to forward and allow if that can be useful. Thanks
– Émile Grenier
Feb 11 at 16:57
I think it's more of a port fowarding issue than anything else, but I can't make it work right now. I can tell you wich port I tried to forward and allow if that can be useful. Thanks
– Émile Grenier
Feb 11 at 16:57
you'd need to provide configuration details as well but yes. The chances are there's somehting wrong going on here, but also keep in mind that UFW is not built to do Port Forwarding; that's where you'd need more advanced
iptables
rules which ufw
will not like in its default ruleset unless you configure it as such (and usually at that point I push for people to use iptables
directly instead of using UFW for port forwarding)– Thomas Ward♦
Feb 12 at 2:48
you'd need to provide configuration details as well but yes. The chances are there's somehting wrong going on here, but also keep in mind that UFW is not built to do Port Forwarding; that's where you'd need more advanced
iptables
rules which ufw
will not like in its default ruleset unless you configure it as such (and usually at that point I push for people to use iptables
directly instead of using UFW for port forwarding)– Thomas Ward♦
Feb 12 at 2:48
I disabled UFW and I'm using iptables and firewalld. I tried forwarding UDP ports 4500, 500 and 1701. I also created rich rules to allow protocol ESP and AH but I still can't connect to the VPN. I removed SNORT to make sure that wasn't the issue.
– Émile Grenier
Feb 12 at 2:59
I disabled UFW and I'm using iptables and firewalld. I tried forwarding UDP ports 4500, 500 and 1701. I also created rich rules to allow protocol ESP and AH but I still can't connect to the VPN. I removed SNORT to make sure that wasn't the issue.
– Émile Grenier
Feb 12 at 2:59
add a comment |
0
active
oldest
votes
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "89"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1117233%2fallowing-vpn-traffic-trough-ubuntu-firewall-to-connect-on-sophos-firewall%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
0
active
oldest
votes
0
active
oldest
votes
active
oldest
votes
active
oldest
votes
Thanks for contributing an answer to Ask Ubuntu!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1117233%2fallowing-vpn-traffic-trough-ubuntu-firewall-to-connect-on-sophos-firewall%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
SNORT isn't the Ubuntu firewall, it's an IDS/IPS system. You would need to start by looking at the SNORT logs. This being said, Sophos firewalls *do * have the ability to also do IDS/IPS itself...
– Thomas Ward♦
Feb 10 at 22:39
I know that SNORT isn't the Ubuntu firewall. Im trying to allow the traffic trough UFW and I tried with Firewalld since I'm more familliar with Centos 7 but I need to use Ubuntu in this configuration. There's no real reason to bother with SNORT right now, it's not a problem. As for the Sophos ability to act as an IDS, I know it's possible but I have really strict restrictions on how to build the network, and I need to use SNORT and Sophos, on different machines. Right now I'm able to connect to Sophos Webadmin page using the IP address of the Ubuntu machine, but still can't connect to the VPN
– Émile Grenier
Feb 11 at 16:54
I think it's more of a port fowarding issue than anything else, but I can't make it work right now. I can tell you wich port I tried to forward and allow if that can be useful. Thanks
– Émile Grenier
Feb 11 at 16:57
you'd need to provide configuration details as well but yes. The chances are there's somehting wrong going on here, but also keep in mind that UFW is not built to do Port Forwarding; that's where you'd need more advanced
iptables
rules whichufw
will not like in its default ruleset unless you configure it as such (and usually at that point I push for people to useiptables
directly instead of using UFW for port forwarding)– Thomas Ward♦
Feb 12 at 2:48
I disabled UFW and I'm using iptables and firewalld. I tried forwarding UDP ports 4500, 500 and 1701. I also created rich rules to allow protocol ESP and AH but I still can't connect to the VPN. I removed SNORT to make sure that wasn't the issue.
– Émile Grenier
Feb 12 at 2:59