Tom Eastep
2004-Mar-12 15:41 UTC
Re: AW: pptp / shorewall problem (Error writing GRE packet: Operation not permitted)
On Friday 12 March 2004 07:09 am, Marcus Moll wrote:> Was a problem cause i connected from inside the network i''ve changed itWhat is "it"? Do you mean that you are now testing from the ''net'' zone or do you mean that you have changed something else?> but > now I have a different problem. Connection is established data comes in and > out but no connection between host and client works ping telnet http etc.What "Shorewall" messages are you seeing in your logs?> I''ve taken a look with tcpdump it tells me protocol rejected. > Also in the message log is an entry that arpproxy couldn''t be found.That has absolutely nothing to do with Shorewall. It means that the local IP address that you have assigned isn''t part of any network connected to your firewall. Correct that problem before continuing.> 3rd and last problem I''ve seen putting pptpserver in tunnel doesn''t work > Shorewall tells me Tunnels of type pptpserver are not supportedThen your Shorewall version is too old for that approach (''pptpserver'' support was released a year and a half ago) -- check the Shorewall 1.3 documentation for information about how to configure older versions of Shorewall (or upgrade to a newer version of Shorewall). And finally, if you want my help KEEP YOUR REPLIES ON THE LIST!!!!! -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
Marcus
2004-Mar-12 16:03 UTC
AW: AW: pptp / shorewall problem (Error writing GREpacket: Operation not permitted)
>On Friday 12 March 2004 07:09 am, Marcus wrote: >> Was a problem cause i connected from inside the network i''ve changed it>What is "it"?>Do you mean that you are now testing from the ''net'' zone or do you mean >that >you have changed something else?I''m now trying to connect from the net it works. ------------------------->> but >> now I have a different problem. Connection is established data comes inand>> out but no connection between host and client works ping telnet http etc.>What "Shorewall" messages are you seeing in your logs?Mar 12 17:46:54 master pptpd[9894]: MGR: Launching /usr/sbin/pptpctrl to handle client Mar 12 17:46:54 master pptpd[9894]: CTRL: local address = 192.168.1.1 Mar 12 17:46:54 master pptpd[9894]: CTRL: remote address = 192.168.1.101 Mar 12 17:46:54 master pptpd[9894]: CTRL: pppd speed = 115200 Mar 12 17:46:54 master pptpd[9894]: CTRL: pppd options file /etc/ppp/options.ppp0 Mar 12 17:46:54 master pptpd[9894]: CTRL: Client 217.17.23.2 control connection started Mar 12 17:46:54 master pptpd[9894]: CTRL: Received PPTP Control Message (type: 1) Mar 12 17:46:54 master pptpd[9894]: CTRL: Made a START CTRL CONN RPLY packet Mar 12 17:46:54 master pptpd[9894]: CTRL: I wrote 156 bytes to the client. Mar 12 17:46:54 master pptpd[9894]: CTRL: Sent packet to client Mar 12 17:46:54 master pptpd[9894]: CTRL: Received PPTP Control Message (type: 7) Mar 12 17:46:54 master pptpd[9894]: CTRL: 0 min_bps, 1525 max_bps, 32 window size Mar 12 17:46:54 master pptpd[9894]: CTRL: Made a OUT CALL RPLY packet Mar 12 17:46:54 master pptpd[9894]: CTRL: Starting call (launching pppd, opening GRE) Mar 12 17:46:54 master pptpd[9894]: CTRL: pty_fd = 5 Mar 12 17:46:54 master pptpd[9894]: CTRL: tty_fd = 6 Mar 12 17:46:54 master pptpd[9895]: CTRL (PPPD Launcher): Connection speed 115200 Mar 12 17:46:54 master pptpd[9895]: CTRL (PPPD Launcher): local address 192.168.1.1 Mar 12 17:46:54 master pptpd[9895]: CTRL (PPPD Launcher): remote address 192.168.1.101 Mar 12 17:46:54 master pppd[9895]: pppd 2.4.1 started by root, uid 0 Mar 12 17:46:54 master pppd[9895]: Connect: <--> /dev/pts/5 Mar 12 17:46:54 master pptpd[9894]: CTRL: I wrote 32 bytes to the client. Mar 12 17:46:54 master pptpd[9894]: CTRL: Sent packet to client Mar 12 17:46:54 master pptpd[9894]: CTRL: Received PPTP Control Message (type: 15) Mar 12 17:46:54 master pptpd[9894]: CTRL: Got a SET LINK INFO packet with standard ACCMs Mar 12 17:46:56 master pptpd[9894]: CTRL: Received PPTP Control Message (type: 15) Mar 12 17:46:56 master pptpd[9894]: CTRL: Ignored a SET LINK INFO packet with real ACCMs! Mar 12 17:46:56 master pptpd[9894]: Buffering out-of-order packet; got 5 after 3 Mar 12 17:46:56 master pptpd[9894]: Buffering out-of-order packet; got 6 after 3 Mar 12 17:46:57 master pptpd[9894]: Buffering out-of-order packet; got 7 after 3 Mar 12 17:46:57 master pptpd[9894]: Gave up waiting for 1 lost packets beginning with 4 Mar 12 17:46:57 master pppd[9895]: MSCHAP-v2 peer authentication succeeded for marcus Mar 12 17:46:57 master pppd[9895]: Using interface ppp0 Mar 12 17:46:57 master pptpd[9894]: Buffering out-of-order packet; got 14 after 12 Mar 12 17:46:57 master pptpd[9894]: Buffering out-of-order packet; got 15 after 12 Mar 12 17:46:57 master pppd[9895]: Script /etc/ppp/auth-up finished (pid 9905), status = 0x0 Mar 12 17:46:59 master pptpd[9894]: Buffering out-of-order packet; got 16 after 12 Mar 12 17:46:59 master pptpd[9894]: Gave up waiting for 1 lost packets beginning with 13 Mar 12 17:46:59 master pppd[9895]: MPPE 128 bit, non-stateless compression enabled Mar 12 17:46:59 master pppd[9895]: MPPE enforced Mar 12 17:47:00 master pppd[9895]: found interface eth1 for proxy arp Mar 12 17:47:00 master pppd[9895]: local IP address 192.168.1.1 Mar 12 17:47:00 master pppd[9895]: remote IP address 192.168.1.101 Mar 12 17:47:00 master pppd[9895]: Script /etc/ppp/ip-up finished (pid 9923), status = 0x0 Mar 12 17:47:54 master pptpd[9894]: CTRL: Received PPTP Control Message (type: 5) Mar 12 17:47:54 master pptpd[9894]: CTRL: Made a ECHO RPLY packet Mar 12 17:47:54 master pptpd[9894]: CTRL: I wrote 20 bytes to the client. Mar 12 17:47:54 master pptpd[9894]: CTRL: Sent packet to client Mar 12 17:48:54 master pptpd[9894]: CTRL: Received PPTP Control Message (type: 5) Mar 12 17:48:54 master pptpd[9894]: CTRL: Made a ECHO RPLY packet Mar 12 17:48:54 master pptpd[9894]: CTRL: I wrote 20 bytes to the client. Mar 12 17:48:54 master pptpd[9894]: CTRL: Sent packet to client ---------------------------------------->> I''ve taken a look with tcpdump it tells me protocol rejected. >> Also in the message log is an entry that arpproxy couldn''t be found.>That has absolutely nothing to do with Shorewall. It means that the localIP>address that you have assigned isn''t part of any network connected to your >firewall. Correct that problem before continuing.I use 192.168.1.0/24 on eth1 -------------------->> 3rd and last problem I''ve seen putting pptpserver in tunnel doesn''t work >> Shorewall tells me Tunnels of type pptpserver are not supported>Then your Shorewall version is too old for that approach (''pptpserver'' >support >was released a year and a half ago) -- check the Shorewall 1.3documentation>for information about how to configure older versions of Shorewall (or >upgrade to a newer version of Shorewall).I got Shorewall v 1.3.9b -------------------- And finally, if you want my help KEEP YOUR REPLIES ON THE LIST!!!!! Sorry won''t happen again. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net _______________________________________________ Shorewall-users mailing list Post: Shorewall-users@lists.shorewall.net Subscribe/Unsubscribe: https://lists.shorewall.net/mailman/listinfo/shorewall-users Support: http://www.shorewall.net/support.htm FAQ: http://www.shorewall.net/FAQ.htm
Tom Eastep
2004-Mar-12 17:30 UTC
Re: AW: AW: pptp / shorewall problem (Error writing GREpacket: Operation not permitted)
On Friday 12 March 2004 08:03 am, Marcus wrote:> >On Friday 12 March 2004 07:09 am, Marcus wrote: > >> Was a problem cause i connected from inside the network i''ve changed it > > > >What is "it"? > > > >Do you mean that you are now testing from the ''net'' zone or do you mean > >that > >you have changed something else? > > I''m now trying to connect from the net it works. > > ------------------------- > > >> but > >> now I have a different problem. Connection is established data comes in > > and > > >> out but no connection between host and client works ping telnet http > >> etc. > > > >What "Shorewall" messages are you seeing in your logs? > > Mar 12 17:46:54 master pptpd[9894]: MGR: Launching /usr/sbin/pptpctrl to > handle clientI didn''t ask which pptpd/pppd messages were being generated -- I asked which *Shorewall* messages were being generated.> > ---------------------------------------- > > >> I''ve taken a look with tcpdump it tells me protocol rejected.Do you know if you have Shorewall logging set up correctly? Do you EVER see Shorewall log messages? i.e., does "shorewall show log" show anything? -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net