thr3ads.net - Shorewall users - [Shorewall-users] shorewall and vpn in firewall [Jul 2003]

If this information is useful, please help other people find it:
Share via:

Rodrigo Cortes Cano

2003-Jul-25 12:32 UTC

[Shorewall-users] shorewall and vpn in firewall

Hi!

another dude.

i have this conf in FW

eth0 lan 
eth1 wan (dedidated)
ppp0 net (adsl)
ppp+ ofcourse pptp client when is connect.


now shorewall reject any connection from ppp1 to lan or wan

im read faq for this case and nothing.

some rule is lost ?

interfaces have:

lan     eth0    detect  maclist
wan     eth1    detect  norfc1918,blacklist,routefilter
net     ppp0    detect  norfc1918,blacklist,routefilter
-       ppp+

tunnels have:

pptpserver              wan     0.0.0.0/0


one error is 

Jul 25 15:37:59 fasolita kernel: Shorewall:OUTPUT:REJECT:IN= OUT=ppp1
SRC=1.1.1.1 DST=1.1.1.30 LEN=124 TOS=0x00 PREC=0xC0 TTL=255 ID=15860 PROTO=ICMP
TYPE=3 CODE=3 [SRC=1.1.1.30 DST=1.1.1.10 LEN=96 TOS=0x00 PREC=0x00 TTL=127
ID=2573 PROTO=UDP SPT=137 DPT=137 LEN=76 ]



wazzzupp ? =(

Tom Eastep

2003-Jul-25 12:44 UTC

head link

[Shorewall-users] shorewall and vpn in firewall

On Fri, 2003-07-25 at 12:31, Rodrigo Cortes Cano wrote:
> Jul 25 15:37:59 fasolita kernel: Shorewall:OUTPUT:REJECT:IN= OUT=ppp1
> SRC=1.1.1.1 DST=1.1.1.30 LEN=124 TOS=0x00 PREC=0xC0 TTL=255 ID=15860
PROTO=ICMP
> TYPE=3 CODE=3 [SRC=1.1.1.30 DST=1.1.1.10 LEN=96 TOS=0x00 PREC=0x00 TTL=127
> ID=2573 PROTO=UDP SPT=137 DPT=137 LEN=76 ]
> 
> 
> 
> wazzzupp ? =(
> 
You have not associated ppp+ with any zone. 

-Tom
-- 
Tom Eastep    \ Shorewall - iptables made easy
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net

Rodrigo Cortes Cano

2003-Jul-25 12:51 UTC

head link

[Shorewall-users] shorewall and vpn in firewall

yes sir!


but de faq say

 Note: I have multiple ppp interfaces on my firewall. If you have a single ppp
interface, you probably want:
/etc/shorewall/interfaces:

    ZONE 	INTERFACE 	BROADCAST 	OPTIONS
    net 	eth0 	206.124.146.255 	norfc1918
    loc 	eth2 	192.168.1.255 	 
    loc 	ppp0 	  	 

and no entries in /etc/shorewall/hosts. <<---- this is my problem

add entry in hosts and work



seeya :D

Mensaje citado por Tom Eastep <teastep@shorewall.net>:
> On Fri, 2003-07-25 at 12:31, Rodrigo Cortes Cano wrote:
> 
> > Jul 25 15:37:59 fasolita kernel: Shorewall:OUTPUT:REJECT:IN= OUT=ppp1
> > SRC=1.1.1.1 DST=1.1.1.30 LEN=124 TOS=0x00 PREC=0xC0 TTL=255 ID=15860
> PROTO=ICMP
> > TYPE=3 CODE=3 [SRC=1.1.1.30 DST=1.1.1.10 LEN=96 TOS=0x00 PREC=0x00
> TTL=127
> > ID=2573 PROTO=UDP SPT=137 DPT=137 LEN=76 ]
> > 
> > 
> > 
> > wazzzupp ? =(
> > 
> 
> You have not associated ppp+ with any zone. 
> 
> -Tom
> -- 
> Tom Eastep    \ Shorewall - iptables made easy
> Shoreline,     \ http://shorewall.net
> Washington USA  \ teastep@shorewall.net
> 
>

Tom Eastep

2003-Jul-25 12:54 UTC

head link

[Shorewall-users] shorewall and vpn in firewall

On Fri, 2003-07-25 at 12:50, Rodrigo Cortes Cano wrote:> yes sir!
> 
> 
> but de faq say
> 
>  Note: I have multiple ppp interfaces on my firewall. If you have a single
ppp
> interface, you probably want:
Note that the above says *single* ppp interface. You have at least
two!!!!

-Yom
-- 
Tom Eastep    \ Shorewall - iptables made easy
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net

Shorewall users - Jul 2003 - shorewall and vpn in firewall

[Shorewall-users] shorewall and vpn in firewall

[Shorewall-users] shorewall and vpn in firewall

[Shorewall-users] shorewall and vpn in firewall

[Shorewall-users] shorewall and vpn in firewall