I can connect to my Intranet PC from an extern laptop, but I can not ping. But I don't know why...
If I ping, I get the message:
From 192.168.10.101 icmp_seq=1 Destination Host Unreachable
...
5 packets transmitted, 0 received, +3 errors, 100% packet loss, time 3999ms pipe 3
Code: Select all
PC01 (192.168.10.12)=======FW Intern: eth0: 192.168.10.140 | eth1: 192.168.20.140
FW Intern ========= FW Extern: eth0: 192.168.20.150||eth1: 10.1.0.333
FW Extern ==== Internet ====== Laptop: 10.1.0.25
Between: FW I and FW E: DNS - 192.168.20.1
Code: Select all
script-security 2
mode server
tls-server
port 1194
proto udp
dev tap0
ca ca.crt
cert cert.crt
key server.key
dh dh2048.pem
ifconfig-pool-persist ipp.txt
server-bridge 192.168.10.140 255.255.255.0 192.168.10.100 192.168.10.130
client-to-client
keepalive 10 120
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status open-status.log
verb3
cipher AES-256-CBC
auth SHA512
push "ping 10"
push "ping-restart 60"
push "dhcp-option DNS 192.168.20.1"
push "route 192.168.10.12"
Code: Select all
dev tap
proto udp
remote 10.1.0.333 1194
client
keepalive 15 120
verb 3
script-security 2
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
cipher AES-256-CBC
auth SHA512
comp-lzo
Code: Select all
...
-A INPUT -i eth1 -p udp --dport 1194 -m state --state NEW -j ACCEPT
-A INPUT -i eth1 -m state --state RELATED, ESTABLISHED -j ACCEPT
-A OUTPUT -o eth1 -m state --state RELATED, ESTABLISHED -j ACCEPT
-A INPUT -i tap+ -j ACCEPT
-A INPUT -i tun+ -j ACCEPT
-A FORWARD -i tap+ -j ACCEPT
-A FORWARD -i tun+ -j ACCEPT
...
-A POSTROUTING -o eth1 -j MASQUERADE
...
Code: Select all
...
-A FORWARD -p udp -m multiport --dport 53,1194,1195 -m state --state NEW -j ACCEPT
...
-A POSTROUTING -o eth1 -j MASQUERADE
-A PREROUTING -i eth1 -p udp --dport 1194 -j DNAT --to-destination 192.168.20.140
...
Code: Select all
Ziel Router Genmask Flags Metric Ref Use Iface
...
192.168.10.0 0.0.0.0 255.255.255.0 U 0 0 0 tap0
192.168.10.12 192.168.10.140 255.255.255.255 UGH 0 0 0 tap0
Code: Select all
192.168.10.12 via 192.168.10.140 dev tap0 src 192.168.10.101
cash
Code: Select all
eth0 Link encap: Ethernet Hardware ...
inet Address: 10.1.0.25 Bcast: 10.1.0.255 Mask: 255.255.255.0
...
lo Link encap: Local Loop
int Address: 127.0.0.1 Mask: 255.0.0.0
...
tap0 Link encap: Ethernet Hardware ...
inet Address 192.168.10.101 Bcast 192.168.10.255 Mask 255.255.255.0
...
Greetings