Hi, I''m using Shorewall to configure a firewall (RedHat 7.2) for a company I work for. It works great, but I''m gaving some troubles with setting up PPTP though. My configuration is as follows: the (test)firewall is the only linuxish thing in the network, all the rest in Microsoft stuff. The users want to log on to the corporate network over the internet, so some RAS functionality was added to one of the (windows) servers. If I test it over the local network everything works fine (a VPN connection is created, or at least windows tells me it is). If I try to access the network from the internet I get timeouts. I tuned on all logging on the firewall and noticed that packages were accepted by the firewall and send to the appropriate server: Jan 16 17:06:19 test-firewall kernel: Shorewall:net2loc:ACCEPT:IN=eth1 OUT=eth0 SRC=212.123.198.144 DST=192.168.10.2 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=12089 DF PROTO=TCP SPT=2634 DPT=1723 WINDOW=16384 RES=0x00 SYN URGP=0 ...but no data is going back. There are no restructions on local->internet traffic. I''ve read the document on the homepage and added the rules to the shorewall/rules file: ACCEPT:6 net loc:$LOC_SERVER2 tcp 1723 - all ACCEPT:6 net loc:$LOC_SERVER2 gre 47 - all I can do it this way, can''t I? Maybe it''s not even a firewall issue, but maybe someone experieced the same trouble... Thanks, Arjan Molenaar PS. Please CC me since I''m not subscribed to the list...
Do you have a: ACCEPT loc net gre 47 In there somewhere? John S. -----Original Message----- From: shorewall-users-admin@shorewall.net [mailto:shorewall-users-admin@shorewall.net]On Behalf Of Arjan J. Molenaar Sent: Wednesday, January 16, 2002 8:49 AM To: shorewall-users@shorewall.net Subject: [Shorewall-users] PPTP through the firewall Hi, I''m using Shorewall to configure a firewall (RedHat 7.2) for a company I work for. It works great, but I''m gaving some troubles with setting up PPTP though. My configuration is as follows: the (test)firewall is the only linuxish thing in the network, all the rest in Microsoft stuff. The users want to log on to the corporate network over the internet, so some RAS functionality was added to one of the (windows) servers. If I test it over the local network everything works fine (a VPN connection is created, or at least windows tells me it is). If I try to access the network from the internet I get timeouts. I tuned on all logging on the firewall and noticed that packages were accepted by the firewall and send to the appropriate server: Jan 16 17:06:19 test-firewall kernel: Shorewall:net2loc:ACCEPT:IN=eth1 OUT=eth0 SRC=212.123.198.144 DST=192.168.10.2 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=12089 DF PROTO=TCP SPT=2634 DPT=1723 WINDOW=16384 RES=0x00 SYN URGP=0 ...but no data is going back. There are no restructions on local->internet traffic. I''ve read the document on the homepage and added the rules to the shorewall/rules file: ACCEPT:6 net loc:$LOC_SERVER2 tcp 1723 - all ACCEPT:6 net loc:$LOC_SERVER2 gre 47 - all I can do it this way, can''t I? Maybe it''s not even a firewall issue, but maybe someone experieced the same trouble... Thanks, Arjan Molenaar PS. Please CC me since I''m not subscribed to the list... _______________________________________________ Shorewall-users mailing list Shorewall-users@shorewall.net http://www.shorewall.net/mailman/listinfo/shorewall-users Tracking #: 2281C61BC64BB74DB966545E02AB7B6498578386
On Wednesday 16 January 2002 08:49 am, Arjan J. Molenaar wrote:> Hi, > > I''m using Shorewall to configure a firewall (RedHat 7.2) for a company I > work for. It works great, but I''m gaving some troubles with setting up > PPTP though. > > My configuration is as follows: the (test)firewall is the only linuxish > thing in the network, all the rest in Microsoft stuff. The users want to > log on to the corporate network over the internet, so some RAS > functionality was added to one of the (windows) servers. If I test it > over the local network everything works fine (a VPN connection is > created, or at least windows tells me it is). If I try to access the > network from the internet I get timeouts. > I tuned on all logging on the firewall and noticed that packages were > accepted by the firewall and send to the appropriate server: > > Jan 16 17:06:19 test-firewall kernel: Shorewall:net2loc:ACCEPT:IN=3Deth1 > OUT=3Deth0 SRC=3D212.123.198.144 DST=3D192.168.10.2 LEN=3D48 TOS=3D0x00 PREC=3D0x00 > TTL=3D127 ID=3D12089 DF PROTO=3DTCP SPT=3D2634 DPT=3D1723 WINDOW=3D16384 RES=3D0x00 > SYN URGP=3D0 > > ...but no data is going back. There are no restructions on > local->internet traffic. I''ve read the document on the homepage and > added the rules to the shorewall/rules file: > > ACCEPT:6 net loc:$LOC_SERVER2 tcp 1723 - all > ACCEPT:6 net loc:$LOC_SERVER2 gre 47 - allThat should be: ACCEPT=09net=09loc:$LOC_SERVER2=09gre=09-=09-=09all -Tom --=20 Tom Eastep \ A Firewall for Linux 2.4.* AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net
On Wednesday 16 January 2002 09:27 am, Tom Eastep wrote:> > > > ACCEPT:6 net loc:$LOC_SERVER2 tcp 1723 - all > > ACCEPT:6 net loc:$LOC_SERVER2 gre 47 - all > > That should be: > > ACCEPT=09net=09loc:$LOC_SERVER2=09gre=09-=09-=09allAnd I''ve corrected http://www.shorewall.net/PPTP.htm. -Tom --=20 Tom Eastep \ A Firewall for Linux 2.4.* AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net