Topic: MASQ Stealth Mode

[jackl]

Hi All

Thanks to Ray Mitchell for the information below

To set your server in Stealth mode do

grep masq /home/e-smith/configuration
masq=service|Logging|none|Stealth|no|pptp|yes|status|enabled

/sbin/e-smith/config setprop masq Stealth yes
/sbin/e-smith/expand-template /etc/rc.d/init.d/masq
/etc/init.d/masq restart

grep masq /home/e-smith/configuration
masq=service|Logging|none|Stealth|yes|pptp|yes|status|enabled

Ray this works fine. However as soon as a vpn connection is made stealth mode property returns to "no".

I can't find the template fragment that is modified by .../sbin/e-smith/expand-template /etc/rc.d/init.d/masq ...so as to create a custom template, or anyway is the VPN pptp connection changing this using some other method.
Any ideas?

Regards
Jack

[raem]

I'm no expert on this but I guess the protocols that are being blocked by Stealth mode are needed for VPN to function, therefore Stealth mode gets disabled.

Anybody else able to confirm this ?

[jackl]

Ray,
 Many Thanks for your reply and your willingness to help.
Just to infuriate everyone else, we have many M$ ISA firewalls setup this way and they do not reset stealth mode after a VPN session. Can anybody confirm that stealth is still set to "no" after a VPN Session on SME 6.0.1 and if not I will spend time investigating why not, it's just I need confirmation from somebody else, to justify the time.

Regards
Jack

Ps I know that stealth mode is not the answer to everything but it keeps away the amateurs most of the times.

[raem]

I'm sure I had my server set to Stealth mode and when I looked again it was set to No (& I had been VPN'ing). I'll do a specific test later.
You could create a cron job to reset Stealth mode evey hour as a workaround.
I don't think Stealth mode gives you any greater protection, it just makes the connection a bit quieter.