Tom Eastep
2002-Apr-05 14:02 UTC
[Shorewall-users] Re: Problem with H323 traffic using PPTP over Shorewall.
Srikrishnan, In the future, please post your questions to the mailing list. I''m copying the list with my response so that will appear in the archives. On 5 Apr 2002, Srikrishnan Chitoor wrote:> Hi: > > > I have a setup wherein the main server is running Shorewall and PPTP > Server. The local network is 192.168.1.* and it connects to Internet > using a Static IP (Cable Modem). > > I am able to establish VPN connection from outside and access all > inside resources. > > However, when I try to use Netmeeting to have a voice chat, voice > travels only one way (From outside to inside). The voice from Inside > cannot be heard outside. > > I looked at tcpdump for possible problems and the only error message I > got to see was following: > > 17:04:24.367833 192.168.1.242 > 192.168.1.12: ip-proto-46 168 > 17:04:24.367833 192.168.1.12 > 192.168.1.242: icmp: 192.168.1.12 > protocol 46 unreachable. > > Looks like some stuff from inside to outside is not allowed by > Firewall.A couple of things: a) since the PPTP tunnel isn''t dependent on masquerading, you could "shorewall clear" then see if you still see the same problem (I''m betting that you do since to my knowledge, Netfilter doesn''t generate protocol unreachable ICMP responses). b) it is 192.168.1.12 that is generating the icmp response -- I assume that is the remote address in the PPP connection? If so, that also suggests that it isn''t the firewall that is generating the response. -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net
Seemingly Similar Threads
Wisdom of the Ancients
