Mike wrote:> I am trying to get a lan to lan vpn working with One lan with shorewall on
the FQ Ip to a microsoft win2k Ras vpn server.
> I have successfully connected two Fully qual IP''s and it works as
long as both computers have outside IP''s. If however I try to connect
from my lan 192.168.1.0/ to the
> ras server it just seem to time out with nothing. I tryed the rules and
view show shorewall connections with no connections shown.
> accept net lan:192.168.1.78 tcp 1723 - all
> accept net lan:192.168.1.78 gre
> I have read the shorewall example to connect two firewalls but
can''t figure it out. Is this because gre does not double nat. The vpn
server has internal nic as well
> 10.0.0.0/0 this is temporary untill I get the ras server on a Dmz.
>
Mike -- you need to make your GRE rule a port-forwarding rule also (and
I assume that your rules say ACCEPT rather than accept).
-Tom
PS -- for those of you who have never used Shorewall 1.2 and earlier,
the ''all'' in the last column of an ACCEPT rule turns the rule
into a
port-forwarding (DNAT) rule under those old versions.
--
Tom Eastep \ Shorewall - iptables made easy
Shoreline, \ http://www.shorewall.net
Washington USA \ teastep@shorewall.net