Hello, I reinstalled my Slackware 10.1 a few days ago, before i did that i stored all files in /etc/shorewall to an external HDD. After reinstallation was complete i installed shorewall and restored the config files i backed up before, but now if the FW is running i can´t ping the adsl modem and so i can´t connect to the internet using pptp. Note, it worked before with exactly the same config. Here are some config files i use: interfaces: #ZONE INTERFACE BROADCAST OPTIONS net ppp0 - tcpflags modem eth0 10.0.0.255 routefilter,tcpflags loc eth1 192.168.0.255 tcpflags #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE policy: #SOURCE DEST POLICY LOG LEVEL LIMIT:BURST loc net REJECT info # If you want open access to the Internet from your Firewall # remove the comment from the following line. fw net ACCEPT net all DROP info # THE FOLLOWING POLICY MUST BE LAST all all REJECT info #LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE rules: #ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ # PORT PORT(S) DEST LIMIT GROUP # # Accept DNS connections from the firewall to the network # ACCEPT fw net tcp 53 ACCEPT fw net udp 53 # # Accept SSH connections from the local network for administration # ACCEPT loc fw tcp 22 ACCEPT modem fw tcp 22 ACCEPT net fw tcp 22 # # Allow Ping To And From Firewall # ACCEPT loc fw icmp 8 REJECT net fw icmp 8 ACCEPT fw loc icmp ACCEPT fw net icmp # #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE tunnels and zones: # TYPE ZONE GATEWAY GATEWAY ZONE pptpclient modem 10.0.0.138 #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE #ZONE DISPLAY COMMENTS net Net Internet modem Modem ADSL-Modem loc Local Lokales Netzwerk #LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE Again, i had exactly the same config before reinstalling and it worked with this config, but now it doesn´t anymore. Thanks for any hints. BF.
Bernhard Frühmesser wrote:> Hello, > > I reinstalled my Slackware 10.1 a few days ago, before i did that i > stored all files in /etc/shorewall to an external HDD. > > After reinstallation was complete i installed shorewall and restored the > config files i backed up before, but now if the FW is running i can´t > ping the adsl modem and so i can´t connect to the internet using pptp. > > Note, it worked before with exactly the same config. > > Here are some config files i use: >If the configuration worked before then we will learn nothing from looking at your configuration files (they obviously worked at one time). If you "shorewall clear", does your ADSL line work properly? If so, then please submit the information asked for at http://shorewall.net/support.htm#Guidelines. If not, then the problem is not Shorewall-related. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
2005/4/13, Bernhard Frühmesser <borsti@ooenet.at>:> Hello, > > I reinstalled my Slackware 10.1 a few days ago, before i did that i > stored all files in /etc/shorewall to an external HDD. > > After reinstallation was complete i installed shorewall and restored > the config files i backed up before, but now if the FW is running i > can´t ping the adsl modem and so i can´t connect to the internet using > pptp. >[data omitted]____________ did your read this? http://www.shorewall.net/PPTP.htm did you follow _completely_ this problem report guideline before asking questions? http://www.shorewall.net/support.htm sorry.I cant be helpful. there is no PPTP DSL here in my country,but if you follow the reporting guidelines completely,someone can help you. bye
Am 13.04.2005 um 21:54 schrieb Tom Eastep:> Bernhard Frühmesser wrote: >> Hello, >> >> I reinstalled my Slackware 10.1 a few days ago, before i did that i >> stored all files in /etc/shorewall to an external HDD. >> >> After reinstallation was complete i installed shorewall and restored >> the >> config files i backed up before, but now if the FW is running i can´t >> ping the adsl modem and so i can´t connect to the internet using pptp. >> >> Note, it worked before with exactly the same config. >> >> Here are some config files i use: >> > > If the configuration worked before then we will learn nothing from > looking > at your configuration files (they obviously worked at one time). > > If you "shorewall clear", does your ADSL line work properly? > > If so, then please submit the information asked for at > http://shorewall.net/support.htm#Guidelines. > > If not, then the problem is not Shorewall-related.I have been playing around a bit with it and i have added this line to policy: fw modem ACCEPT Now i can ping the ADSL modem and i can connect to the internet. Strangely enough this line wasn´t in the previous config and it worked without it. BF.> -Tom > -- > Tom Eastep \ Nothing is foolproof to a sufficiently talented fool > Shoreline, \ http://shorewall.net > Washington USA \ teastep@shorewall.net > PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key > _______________________________________________ > Shorewall-users mailing list > Post: Shorewall-users@lists.shorewall.net > Subscribe/Unsubscribe: > https://lists.shorewall.net/mailman/listinfo/shorewall-users > Support: http://www.shorewall.net/support.htm > FAQ: http://www.shorewall.net/FAQ.htm > >"In a World without Walls and Fences, who needs Windows and Gates".
Bernhard Frühmesser wrote:>> > I have been playing around a bit with it and i have added this line to > policy: > > fw modem ACCEPT > > Now i can ping the ADSL modem and i can connect to the internet. > > Strangely enough this line wasn´t in the previous config and it worked > without it.Probably because you have always before established your PPTP session before starting Shorewall. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
Tom Eastep wrote:> Bernhard Frühmesser wrote: > >>I have been playing around a bit with it and i have added this line to >>policy: >> >>fw modem ACCEPT >> >>Now i can ping the ADSL modem and i can connect to the internet. >> >>Strangely enough this line wasn´t in the previous config and it worked >>without it. > > Probably because you have always before established your PPTP session > before starting Shorewall. >I''ll take that back -- so long as you have the tunnels file entry for ''pptpclient'', you should be able to establish a connection with your modem. I saw no rule in your old config though that would allow ping to the modem. Did you upgrade Shorewall as part of this reinstallation? -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
Tom Eastep wrote:> Tom Eastep wrote: >>Bernhard Frühmesser wrote: >> >>>I have been playing around a bit with it and i have added this line to >>>policy: >>> >>>fw modem ACCEPT >>> >>>Now i can ping the ADSL modem and i can connect to the internet. >>> >>>Strangely enough this line wasn´t in the previous config and it worked >>>without it. >>Probably because you have always before established your PPTP session >>before starting Shorewall. >> > > I''ll take that back -- so long as you have the tunnels file entry for > ''pptpclient'', you should be able to establish a connection with your > modem.BTW -- Does your modem _really_ have IP address 10.0.0.138 as shown in your /etc/shorewall/tunnels file??? -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
Am 13.04.2005 um 23:37 schrieb Tom Eastep:> Tom Eastep wrote: >> Tom Eastep wrote: >>> Bernhard Frühmesser wrote: >>> >>>> I have been playing around a bit with it and i have added this line >>>> to >>>> policy: >>>> >>>> fw modem ACCEPT >>>> >>>> Now i can ping the ADSL modem and i can connect to the internet. >>>> >>>> Strangely enough this line wasn´t in the previous config and it >>>> worked >>>> without it. >>> Probably because you have always before established your PPTP session >>> before starting Shorewall. >>> >> >> I''ll take that back -- so long as you have the tunnels file entry for >> ''pptpclient'', you should be able to establish a connection with your >> modem. > > BTW -- Does your modem _really_ have IP address 10.0.0.138 as shown in > your /etc/shorewall/tunnels file???Yes, my ADSL modem has IP 10.0.0.138 and my first ethernet card eth0 has 10.0.0.140 BF.> -Tom > -- > Tom Eastep \ Nothing is foolproof to a sufficiently talented fool > Shoreline, \ http://shorewall.net > Washington USA \ teastep@shorewall.net > PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key > _______________________________________________ > Shorewall-users mailing list > Post: Shorewall-users@lists.shorewall.net > Subscribe/Unsubscribe: > https://lists.shorewall.net/mailman/listinfo/shorewall-users > Support: http://www.shorewall.net/support.htm > FAQ: http://www.shorewall.net/FAQ.htm
Am 13.04.2005 um 22:42 schrieb Tom Eastep:> Tom Eastep wrote: >> Bernhard Frühmesser wrote: >> >>> I have been playing around a bit with it and i have added this line >>> to >>> policy: >>> >>> fw modem ACCEPT >>> >>> Now i can ping the ADSL modem and i can connect to the internet. >>> >>> Strangely enough this line wasn´t in the previous config and it >>> worked >>> without it. >> >> Probably because you have always before established your PPTP session >> before starting Shorewall. >> > > I''ll take that back -- so long as you have the tunnels file entry for > ''pptpclient'', you should be able to establish a connection with your > modem. I saw no rule in your old config though that would allow ping to > the modem. Did you upgrade Shorewall as part of this reinstallation?No, i use the same version than before reinstalling Slackware. Also the same kernel version even the same version of pptp. BF> -Tom > -- > Tom Eastep \ Nothing is foolproof to a sufficiently talented fool > Shoreline, \ http://shorewall.net > Washington USA \ teastep@shorewall.net > PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key > _______________________________________________ > Shorewall-users mailing list > Post: Shorewall-users@lists.shorewall.net > Subscribe/Unsubscribe: > https://lists.shorewall.net/mailman/listinfo/shorewall-users > Support: http://www.shorewall.net/support.htm > FAQ: http://www.shorewall.net/FAQ.htm
Bernhard Frühmesser wrote:> > Am 13.04.2005 um 23:37 schrieb Tom Eastep: >> >> BTW -- Does your modem _really_ have IP address 10.0.0.138 as shown in >> your /etc/shorewall/tunnels file??? > > Yes, my ADSL modem has IP 10.0.0.138 and my first ethernet card eth0 has > 10.0.0.140 >Then without further documentation, I don''t know what else to tell you. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
Am 14.04.2005 um 00:34 schrieb Tom Eastep:> Bernhard Frühmesser wrote: >> >> Am 13.04.2005 um 23:37 schrieb Tom Eastep: >>> >>> BTW -- Does your modem _really_ have IP address 10.0.0.138 as shown >>> in >>> your /etc/shorewall/tunnels file??? >> >> Yes, my ADSL modem has IP 10.0.0.138 and my first ethernet card eth0 >> has >> 10.0.0.140 >> > > Then without further documentation, I don''t know what else to tell you.After i added "fw modem ALLOW" to /etc/shorewall/policy i can ping the modem and i can connect to the internet. Strangely enough i didn´t have "fw modem ALLOW" and it worked withought it, - weird... :-) BF.> -Tom > -- > Tom Eastep \ Nothing is foolproof to a sufficiently talented fool > Shoreline, \ http://shorewall.net > Washington USA \ teastep@shorewall.net > PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key > _______________________________________________ > Shorewall-users mailing list > Post: Shorewall-users@lists.shorewall.net > Subscribe/Unsubscribe: > https://lists.shorewall.net/mailman/listinfo/shorewall-users > Support: http://www.shorewall.net/support.htm > FAQ: http://www.shorewall.net/FAQ.htm > >"In a World without Walls and Fences, who needs Windows and Gates".