Last question, I promise, I am running PopTop for PPTP on the same box as my firewall. I can connect to the box fine, but nothing will route between the VPN tunnel and the local hosts. I read the Some Hosts have Special Firewalling Requirements article and though it was what I needed, but either I don''t get it, or it doesn''t apply to me. Here is my config: Zones: #ZONE DISPLAY COMMENTS net Net Internet pptp PPTP PPTP Clients (192.168.17.40-49) loc Local Local networks dmz DMZ Demilitarized zone Interfaces: #ZONE INTERFACE BROADCAST OPTIONS net eth1 detect routefilter,blacklist,tcpflags loc eth0 detect dhcp Hosts: (BTW, is there a way to indicate a range?) #ZONE HOST(S) OPTIONS pptp eth0:192.168.17.40 pptp eth0:192.168.17.41 pptp eth0:192.168.17.42 pptp eth0:192.168.17.43 pptp eth0:192.168.17.44 pptp eth0:192.168.17.45 pptp eth0:192.168.17.46 pptp eth0:192.168.17.47 pptp eth0:192.168.17.48 pptp eth0:192.168.17.49 Rules: ACCEPT pptp all all ACCEPT all pptp all Any ideas? ________________________________________ Chip Burke Innova Partners 1177 Olentangy River Rd. Columbus, OH 43212-3117 Voice: 614-384-7446 Fax: 614-384-7453 E-mail: cburke@innova-partners.com ________________________________________
Chip Burke wrote:> Last question, I promise, I am running PopTop for PPTP on the same box as my > firewall. I can connect to the box fine, but nothing will route between the > VPN tunnel and the local hosts. I read the Some Hosts have Special > Firewalling Requirements article and though it was what I needed, but either > I don''t get it, or it doesn''t apply to me. Here is my config:Have you read http://shorewall.net/PPTP.htm ? It should give you everything you need. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
>Last question, I promise, I am running PopTop for PPTP on the same box asmy>firewall. I can connect to the box fine, but nothing will route betweenthe>VPN tunnel and the local hosts. I read the Some Hosts have Special >Firewalling Requirements article and though it was what I needed, buteither>I don''t get it, or it doesn''t apply to me. Here is my config:Have you read: http://www.shorewall.net/PPTP.htm Jerry ------------------------------------------------------- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click
Yup. But on second look, the answer was pretty Doh.... Um, I had to add interface ppp0 to my loc zone. All is well. Thanks a ton everyone. ________________________________________ Chip Burke Innova Partners 1177 Olentangy River Rd. Columbus, OH 43212-3117 Voice: 614-384-7446 Fax: 614-384-7453 E-mail: cburke@innova-partners.com ________________________________________ -----Original Message----- From: shorewall-users-admin@lists.sourceforge.net [mailto:shorewall-users-admin@lists.sourceforge.net] On Behalf Of Jerry Vonau Sent: Wednesday, July 20, 2005 2:34 PM To: shorewall-users@lists.sourceforge.net Subject: Re: [Shorewall-users] PPTP>Last question, I promise, I am running PopTop for PPTP on the same box asmy>firewall. I can connect to the box fine, but nothing will route betweenthe>VPN tunnel and the local hosts. I read the Some Hosts have Special >Firewalling Requirements article and though it was what I needed, buteither>I don''t get it, or it doesn''t apply to me. Here is my config:Have you read: http://www.shorewall.net/PPTP.htm Jerry ------------------------------------------------------- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users ------------------------------------------------------- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click