I have installed the shorewall frontend with pptpd tunnelling server. All works fine except only one thing: When the outside users connect to my centos server to shorewall over pptpd vpn tunneling then the client computer can''t login to live messenger, but the customer can connect perfectly with skype, use mail, internet etc... all of this program installed in their outside computers. I have configured the following shorewall rules. This is only one part: ACCEPT fw net tcp 80 ACCEPT fw net udp - 43,53,123,443,1024:65535 ACCEPT loc net tcp - 20,21,22,43,53,80,443,1024:65535 ACCEPT loc2 net tcp - 20,21,22,43,53,80,443,1024:65535 ACCEPT loc3 net tcp - 20,21,22,43,53,80,443,1024:65535 ACCEPT fw net tcp - 20,21,22,43,53,80,443,1024:65535 ACCEPT loc net udp - 43,53,123,443,1024:65535 ACCEPT loc2 net udp - 43,53,123,443,1024:65535 ACCEPT loc3 net udp - 43,53,123,443,1024:65535 If messenger login use 1863 port why can outside computers use messenger in their computer while connecting through the vpn? How can i configure shorewall to permit using MSN outside computers while the are connected through the vpn. Thanks in advance -- Javier Martínez Technical Manager ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
Javier Martínez wrote:> I have installed the shorewall frontend with pptpd tunnelling server. > All works fine except only one thing: > > When the outside users connect to my centos server to shorewall over > pptpd vpn tunneling then the client computer can''t login to live > messenger, but the customer can connect perfectly with skype, use mail, > internet etc... all of this program installed in their outside computers. > I have configured the following shorewall rules.Which are meaningless when presented out of context. See http://www.shorewall.net/support.htm#Guidelines> This is only one part: > > ACCEPT fw net tcp 80 > ACCEPT fw net udp - 43,53,123,443,1024:65535 > ACCEPT loc net tcp - 20,21,22,43,53,80,443,1024:65535 > ACCEPT loc2 net tcp - 20,21,22,43,53,80,443,1024:65535 > ACCEPT loc3 net tcp - 20,21,22,43,53,80,443,1024:65535 > ACCEPT fw net tcp - 20,21,22,43,53,80,443,1024:65535 > ACCEPT loc net udp - 43,53,123,443,1024:65535 > ACCEPT loc2 net udp - 43,53,123,443,1024:65535 > ACCEPT loc3 net udp - 43,53,123,443,1024:65535 > > If messenger login use 1863 port why can outside computers use messenger > in their computer while connecting through the vpn? > > How can i configure shorewall to permit using MSN outside computers > while the are connected through the vpn.Do you have any evidence whatsoever that the Shorewall-generated ruleset is responsible for this problem? Log messages for example? -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
Thank you, i will try with dump command Tom Eastep wrote: Javier Martínez wrote: I have installed the shorewall frontend with pptpd tunnelling server. All works fine except only one thing: When the outside users connect to my centos server to shorewall over pptpd vpn tunneling then the client computer can''t login to live messenger, but the customer can connect perfectly with skype, use mail, internet etc... all of this program installed in their outside computers. I have configured the following shorewall rules. Which are meaningless when presented out of context. See http://www.shorewall.net/support.htm#Guidelines This is only one part: ACCEPT fw net tcp 80 ACCEPT fw net udp - 43,53,123,443,1024:65535 ACCEPT loc net tcp - 20,21,22,43,53,80,443,1024:65535 ACCEPT loc2 net tcp - 20,21,22,43,53,80,443,1024:65535 ACCEPT loc3 net tcp - 20,21,22,43,53,80,443,1024:65535 ACCEPT fw net tcp - 20,21,22,43,53,80,443,1024:65535 ACCEPT loc net udp - 43,53,123,443,1024:65535 ACCEPT loc2 net udp - 43,53,123,443,1024:65535 ACCEPT loc3 net udp - 43,53,123,443,1024:65535 If messenger login use 1863 port why can outside computers use messenger in their computer while connecting through the vpn? How can i configure shorewall to permit using MSN outside computers while the are connected through the vpn. Do you have any evidence whatsoever that the Shorewall-generated ruleset is responsible for this problem? Log messages for example? -Tom -- Javier Martínez Director General Sip2000 Sistemas Luis Morondo Urra 11 Bajo 31006 Pamplona Navarra http://www.sip2000.es Advertencia: Esta comunicación está destinada a la persona a quién se dirige y puede contener información confidencial o sometida a secreto profesional. Su interceptación, utilización, alteración, reproducción, difusión, cesión a terceros y / o uso de su contenido puede constituir un delito. Si Vd. no es el destinatario de este mensaje, por favor, destrúyalo o devuélvalo al remitente. En cumplimiento de la Ley Orgánica 15/1999 de 13 de diciembre, de protección de datos de carácter personal, se le informa que la dirección de correo electrónico por usted facilitada va a ser incorporada a un fichero automatizado denominado AGENDAS DE CORREO cuyo responsable es SIP2000 SISTEMAS. La recogida de estos datos tiene por finalidad posibilitar la gestión económico-administrativa y comercial de la empresa. La información facilitada por usted tiene como único destinatario a la empresa responsable de los datos SIP2000 SISTEMAS. En todo caso, usted puede en cualquier momento ejercitar los derechos de acceso, rectificación, cancelación y oposición dirigiéndose por escrito al encargado de los derechos de los afectados de SIP2000 SISTEMAS en C/ Luis Morondo, 11 Bajo. 31006 - Pamplona (Navarra). ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/