I have a problems whit the client PPTP, the first client on ppp0 (10.1.40.2)
cannot access any services of the second client on ppp1 (10.1.40.1).
This is the ping result into /var/log/messages
(FORWARD:REJECT:IN=ppp0 OUT=ppp1 SRC=10.1.40.2 DST=10.1.40.1)
I have seen from command "shorewall status" that the chains
vosra2vosra had
0 references.
This is the my shorewall configurations ...
What''s wrong on my configuration ?
Thanks a lot in advantage.
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
#[/etc/shorewall/Config/OsraVpn/hosts]--------------------------------------
---locTo eth1:10.1.0.0/18 routestopped
locIv eth1:10.1.65.0/24 routestopped
vosra ppp+:10.1.40.0/28 routestopped
#[/etc/shorewall/Config/OsraVpn/interfaces]---------------------------------
---net eth0 detect noping,multi,norfc1918,logunclean
dmz eth2 detect
- eth1
- ppp+
#[/etc/shorewall/Config/OsraVpn/masq]---------------------------------------
---eth0 10.1.0.0/29
eth0 10.1.0.8
eth0 10.1.0.9
#[/etc/shorewall/Config/OsraVpn/policy]-------------------------------------
---locTo net ACCEPT
locTo locIv ACCEPT
locIv locTo ACCEPT
locTo vosra ACCEPT
locIv vosra ACCEPT
vosra locTo ACCEPT
vosra locIv ACCEPT
vosra vosra ACCEPT
net all DROP info
all all REJECT info
#[/etc/shorewall/Config/OsraVpn/rules]--------------------------------------
---ACCEPT net fw tcp ssh,auth,http,https
ACCEPT fw net tcp ftp,ftp-data,ssh,http,https
ACCEPT fw net udp ntp,domain
ACCEPT locTo fw::3128 tcp www - all
ACCEPT locTo fw tcp ssh,ftp,ftp-data,http,https
ACCEPT locIv fw tcp ssh,ftp,ftp-data,http,https
ACCEPT fw locTo udp domain
ACCEPT locTo fw udp domain
ACCEPT fw locIv udp domain
ACCEPT locIv fw udp domain
ACCEPT dmz fw udp domain
ACCEPT locTo dmz tcp ssh
ACCEPT locIv dmz tcp ssh
DNAT net dmz:192.168.10.10:22 tcp 22 -
XXX.XXX.XXX.XXX
ACCEPT net fw tcp 1723
ACCEPT net fw gre -
ACCEPT locTo fw tcp 1723
ACCEPT locTo fw gre -
ACCEPT vosra fw tcp ssh,ftp,ftp-data,http,https
ACCEPT vosra fw udp domain
#[/etc/shorewall/Config/OsraVpn/shorewall.conf]-----------------------------
---FW=fw
SUBSYSLOCK=/var/lock/subsys/shorewall
STATEDIR=/var/lib/shorewall
ALLOWRELATED="yes"
MODULESDIR=""
LOGRATE=""
LOGBURST=""
LOGUNCLEAN=info
LOGFILE="/var/log/messages"
NAT_ENABLED="Yes"
MANGLE_ENABLED="Yes"
IP_FORWARDING="On"
ADD_IP_ALIASES="No"
ADD_SNAT_ALIASES="No"
TC_ENABLED="No"
BLACKLIST_DISPOSITION=DROP
BLACKLIST_LOGLEVELCLAMPMSS="Yes"
ROUTE_FILTER="No"
NAT_BEFORE_RULES="Yes"
#[/etc/shorewall/Config/OsraVpn/start]--------------------------------------
---run_iptables -I OUTPUT 2 -m state -p icmp --state INVALID -j DROP
#[/etc/shorewall/Config/OsraVpn/zones]--------------------------------------
---net Net Internet
dmz DMZ Demilitarized zone
locTo LocalTo Rete Locale OSRA Torino
locIv LocalIv Rete Locale OSRA Ivrea
vosra VPNOSRA Rete Privata OSRA
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-------
Dario Lesca (d.lesca@ivrea.osra.it)