Shorewall users - Mar 2003 - RE: Shorewall-users Digest, Vol 4, Issue 29

Not sure why this was dropped but:
Yes I did try it without any config changes. What seems to be not happening
is the traffic <per routing table> is sending the traffic thought TAP0, I
would like to know the setting to have TAP0 send the traffic to ppp0.
Im guessing ID have to put TAP0 in the interfaces file, the tell it to send
the traffic via PPP0. Just not sure how to set Shorewall to do this. Im
guess its basically setting up an alias.
Jus not 100% sure.


------------------------------

Message: 2
Date: Mon, 17 Mar 2003 09:14:22 -0500
From: "Kevin Smith" <ksmith@perfht.com>
Subject: [Shorewall-users] Diald setup in Shorewall.
To: "Shorewall-Users" <shorewall-users@lists.shorewall.net>
Message-ID: <NGBBLGFEALDADHNDAAFFMECCDJAA.ksmith@perfht.com>
Content-Type: text/plain; charset="iso-8859-1"


Yea, Shorewall blocked traffic on TAP0 like I figgured it should.


> If I understand the Diald (Dial on Demand) sets up a proxy (TAP0) and when
> there is traffic detected it uses ppp0 to connect.
> Now Id like to set Shorewall up so this works. I tried putting the TAP0 in
> interfaces in place of PPP0 it did dial, but I couldnt do anything on
> either the server or client (which made sense after I thought about it).
> I looked at proxyarp but wasnt sure if that was the route to go on. Diald
> does add TAP0 as the default route. And when I try to connect Shorewall
> does drop the packets.
> Has anyone gotten this to work, or have any tips on what to do?
Did you try it first without making _any_ changes to your Shorewall
configuration?

-Tom

-------------- next part --------------

On Tue, 25 Mar 2003, Kevin Smith wrote:
> Not sure why this was dropped but:
It was probably dropped because no one on the list (including myself) has
a clue what the answer to your problem is.
> Yes I did try it without any config changes. What seems to be not happening
> is the traffic <per routing table> is sending the traffic thought
TAP0, I
> would like to know the setting to have TAP0 send the traffic to ppp0.
> Im guessing ID have to put TAP0 in the interfaces file, the tell it to send
> the traffic via PPP0. Just not sure how to set Shorewall to do this. Im
> guess its basically setting up an alias.
> Jus not 100% sure.
> 
I have never used Shorewall with a dialed external interface and am 
ignorant of what diald does with its tun/tap device. If you can send us 
the information we need to diagnose connection problems (see 
http://www.shorewall.net/support.htm), we will try to help you 
nevertheless. 

-Tom
-- 
Tom Eastep    \ Shorewall - iptables made easy
Shoreline,     \ http://www.shorewall.net
Washington USA  \ teastep@shorewall.net

On Tue, 2003-03-25 at 11:30, Tom Eastep wrote:
> On Tue, 25 Mar 2003, Kevin Smith wrote:
> 
> > Not sure why this was dropped but:
> 
> It was probably dropped because no one on the list (including myself) has
> a clue what the answer to your problem is.
> 
> > Yes I did try it without any config changes. What seems to be not
happening
> > is the traffic <per routing table> is sending the traffic
thought TAP0, I
> > would like to know the setting to have TAP0 send the traffic to ppp0.
> > Im guessing ID have to put TAP0 in the interfaces file, the tell it to
send
> > the traffic via PPP0. Just not sure how to set Shorewall to do this.
Im
> > guess its basically setting up an alias.
> > Jus not 100% sure.
> > 
> 
> I have never used Shorewall with a dialed external interface and am 
> ignorant of what diald does with its tun/tap device. If you can send us 
> the information we need to diagnose connection problems (see 
> http://www.shorewall.net/support.htm), we will try to help you 
> nevertheless.
I use a dialed external interface with Shorewall, but can''t help the
poster with his problem. I did try to setup diald a few years ago, but
gave up--configuration was difficult, and the current version of ppp
provides many of the features of diald. 

Questions for the original poster:
Why do you need diald? That is, what features does diald offer that the
current version of ppp does not?
Have you gotten diald to work with a wide-open firewall? I hope you
don''t imagine Shorewall will fix a broken diald setup.
>  
> 
> -Tom
-- 
Richard Doyle <rdoyle@islandnetworks.com>